Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Qualys

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
USE CASE 3: DNS SECURITY EVENTS - INFOBLOX & QUALYS INTEGRATION
[ Edited ]
Adviser
Posts: 171
Registered: ‎09-09-2015
Adviser
Posts: 81

Hi There,

 

The template attached to the post is used in the third use case (security events response) on the video. It requests Qualys to scan an asset in case of security events: DNS Firewall hit or DNS Tunneling detection.

 

Qualys_UseCase3.png

 

Extensible attributes (Qualys_Scan, Qualys_Scan_Option, Qualys_Scanner) are required and should be defined on a network or range level (depends on an event type):

  • Qualys_Scan - perform a scan in case of a security event;
  • Qualys_Scan_Option - use a scan option defined in this EA for scans;
  • Qualys_Scanner - use a scanner appliance defined in this EA.

You can use attached php script to create these EAs (do not forget to update $NIOS_baseURL, $NIOS_User, $NIOS_PWD, $data variables based on your configuration).

 

BR,
Vadim

Showing results for 
Search instead for 
Did you mean: