Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Qualys

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
USE CASE 2: ASSET MANAGEMENT - INFOBLOX & QUALYS INTEGRATION
[ Edited ]
Adviser
Posts: 171
Registered: ‎09-09-2015
Adviser
Posts: 81

Hi There,

 

The template attached to the post is used in the second use case (Asset management) on the video.

 

Qualys_UseCase2.png

 

Outbound API feature is very powerful and this template is most complicated among the templates used on the video.

 

Extensible attributes (Qualys_Asset_VM, Qualys_Asset_PC, Qualys_Scan_On_Add, Qualys_Assets_Group, Qualys_Scan_Option, Qualys_Scanner ,Qualys_User_SNMP, Qualys_User_Unix) are required and should be defined on a network or range level (depends on an event type).

 

Based on the extensible attributes values the template performs different actions:

  • Qualys_Asset_VM - add an asset to Vulnerability Management;
  • Qualys_Asset_PC - add an asset to Policy Compliance;
  • Qualys_Assets_Group - add an asset to an asset group defined in this EA;
  • Qualys_User_SNMP - associate an asset with the SNMP community defined in this EA;
  • Qualys_User_Unix - associate an asset with the Unix's CLI credentials defined in this EA;
  • Qualys_Scan_Option - use a scan option defined in this EA for scans;
  • Qualys_Scanner - use a scanner appliance defined in this EA;
  • Qualys_Scan_On_Add - perform a scan immediately after adding the appliance to the assets.

You can use attached php script to create these EAs (do not forget to update $NIOS_baseURL, $NIOS_User, $NIOS_PWD, $data variables based on your configuration).

 

BR,
Vadim

Showing results for 
Search instead for 
Did you mean: