A Hitachi ID PAM vault is where you provide us with the login credentials needed to access your installation of Hitachi ID Privileged Access Manager (PAM) in Hitachi ID Management Suite version 7.3 or later.
1) You must enable the webservices option in the Hitachi ID PAM user interface for scanner integration to work over the HTTP or HTTPS protocols. Go to Manage System > Maintenance > Services and enable "Hitachi ID (idapi) API Service" and then verify that it works.
2) See Qualys Integration Notes in the Hitachi ID Systems Customer Portal at https://hitachi-id.com/portal/?q=node/343 (login required) for additional settings that must be configured in your Hitachi ID PAM environment. Can't access this Hitachi article? Show me
Qualys Integration Notes (from Hitachi)
When integrating with Qualys systems, Hitachi IP Privileged Password Manager must have certain setting configure to ensure correct operation.
(1) Windows NT agents need to be able to return the correct IP and DNS information to allow API lookups by these values. A new option is availabe: WINNT EMIT INFO. If enabled, the registry setting causes the agtnt.exe agent to return IP/DNS information on reset operations. This option can be set in the product, and can be found at PSA > Maintenance > Connector behaviour > Windows NT Server/domain.
(2) The PSLang scripted agent sample for the ssh agent (agtssh.exe) shipped with the product must have the DNS/IP information collection and return enabled. This is configured at the top of the samples/agtssh.psl script, which must have the $emit_info variable set to 1. The default mode has this set to zero.
(3) The OTP or "one time password" (default) mode of the API must be disabled. This is a DWORD entry in the registry for the instance you wish to configure. This is found in the registry location: <instance>\idapi\DisableOTP. This value should be set to "1".
Tell me about SSL certification validation
Qualys scanners will verify the SSL certificate of the web server to make sure the certificate is valid and trusted, unless you clear (un-check) the SSL Verify option. You may want to clear this option to skip SSL verification if the certificate was not issued by a well-known certification authority (CA) or if the certificate is self-signed. (Note: The SSL Verify option is only available when the URL entered uses HTTPS.)