}){kind=icon}
The Qualys VMDR ingests vulnerability data from [Vulnerability API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf), knowledgeBase data from [KnowledgeBase API](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf), and asset data from [Asset API](https://www.qualys.com/docs/qualys-global-ai-api-v2-user-guide.pdf).
## Data collected
| Polling Interval | Data |
| :--- | :--- |
| 1 hour | [Assets](https://www.qualys.com/docs/qualys-global-ai-api-v2-user-guide.pdf) |
| 24 hours | [Vulnerabilities](https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf) |
## Setup
### Vendor configuration
Identify your Qualys API server URLs and Qualys API Gateway URL as mentioned in the [Qualys documentation](https://www.qualys.com/platform-identification).
### Source configuration
When you create a Qualys VMDR Source, you add it to a Hosted Collector. Before creating the Source, identify the Hosted Collector you want to use or create a new Hosted Collector. For instructions, see [Configure a Hosted Collector](/docs/send-data/hosted-collectors/configure-hosted-collector).
To configure a Qualys VMDR Source:
1. [**New UI**](/docs/get-started/sumo-logic-ui). In the Sumo Logic main menu select **Data Management**, and then under **Data Collection** select **Collection**. You can also click the **Go To...** menu at the top of the screen and select **Collection**. }){kind=small}
A green circle with a check mark is shown when the field exists and is enabled in the Fields table schema.
* }){kind=small}
An orange triangle with an exclamation point is shown when the field doesn't exist in the Fields table schema. In this case, you'll see an option to automatically add or enable the nonexistent fields to the Fields table schema. If a field is sent to Sumo Logic that does not exist in the Fields schema it is ignored, known as dropped.
1. **Qualys API Server URL** and **Qualys API Gateway URL**. Provide the Qualys API server URLs. Use the [Qualys Platform Identification](https://www.qualys.com/platform-identification) page and scroll down to **API URLs** to for a reference to your Qualys deployment location.
1. **Username** and **Password**. Use your Qualys account username and password for API authentication.
1. The next section covers the type of data to collect and how often.
1. **Collect vulnerability data**. This option will fetch the list of hosts with the host's latest vulnerability data based on the host-based scan data available in the user’s account. We recommend leaving the polling interval at the default 1 hour.
1. (Optional) **Collect KnowledgeBase Information**. This option is only available if you choose to collect vulnerability data. If selected, it will automatically download the vulnerability details from the Qualys KnowledgeBase for vulnerabilities detected within your environment.
1. **Collect asset inventory**. This option consumes asset data from Qualys Global IT Asset Inventory API. The inventory data collected here will also be used in Cloud SIEM as inventory data. We recommend leaving the polling interval at the default 24 hours.
* To forward Qualys VMDR assetInventory to Cloud SIEM, it is recommended to create a [Field Extraction Rule](/docs/manage/field-extractions/create-field-extraction-rule/) with the following criteria:
* Scope: `_sourceCategory="| Data Type | API Route | Description |
| Vulnerability Detections | /api/2.0/fo/asset/host/vm/detection/ |
This collects a current list of new vulnerabilities detected for each computer. Each detection is sent as a separate log to Sumo Logic. Permissions - Managers view all VM scanned hosts in subscription. Auditors have no permission to view VM scanned hosts. Unit Managers view VM scanned hosts in the user’s assigned business unit. Scanners and Readers view VM scanned hosts in the user’s account.API details are on page 496 in this Qualys PDF. |
| KnowledgeBase | /api/2.0/fo/knowledge_base/vuln/ |
This collects the current vulnerability details from the Qualys KnowledgeBase for vulnerabilities when they are detected within your environment. Permissions - A subscription must be granted permission to run this API function. Roles Manager, Unit Manager, Scanner, Reader are granted a permission Download vulnerability data from the KnowledgeBase. Role Auditor has no such permission.API details are on page 209 in this Qualys PDF. |
| Computer Inventory | /rest/2.0/search/am/asset/ |
This collects the details for each asset/computer from Qualys. This data source is supported by Cloud SIEM as [inventory data](/docs/cse/administration/inventory-sources-and-data). Permissions - User must have the GAV/CSAM module and the App API Enabled option enabled for that role. Additionally, the user must have the Allow user view access to all objects checkbox enabled under Roles And Scopes within the user settings.API details are on page 27 in the this Qualys PDF. |