Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

General Security & Cybersecurity Ecosystem

Reply

Updated Integration - Infoblox Integration with Qualys

[ Edited ]
Techie
Posts: 17
7748     0

We are excited to announce an update to the Infoblox® integration with Qualys.

 

By combining Infoblox’s DNS technology with the Qualys Cloud Platform, organizations can automate scanning as new devices join the network, or when malicious activity is detected. Infoblox provides a single source of truth for devices and networks which Qualys can leverage to organize new assets, automate tracking, and generate a detailed view of the network. Additionally, Infoblox’s robust DNS security can be used to inform Qualys of potential infected hosts, which effectively increases the visibility to indicators of compromise. In summary, Infoblox paired with Qualys, allows for increased automation, improved remediation, and a better ROI on both products.

 

This Integration supports a wide variety of events in IPv4 Only: ADP, Fixed Addresses, Host Addresses, Lease, Network, RPZ, Range, and Tunnel.

 

The Infoblox Integration with Qualys - Deployment Guide will cover the steps required to properly deploy this integration. Integration templates that are referenced in the deployment guide are attached to this blog post. Templates are in a .json format and are provided “as is”. As always, with any changes to your network, this integration should be fully tested before deploying into a production environment.

 

The templates require the extensible attributes described in the table below. It is recommended to inherit attributes with the default values from the network view level.

 

Extensible Attributes

Description

Qualys_Asset_PC

True or False. 

Defines if an asset should be created in the Qualys Policy Compliance Module.

Qualys_Asset_VM

True or False. 

Defines if an asset should be created in the Qualys Vulnerability Management Module.

Qualys_Assets_Group

Defines which Qualys Asset Group the network object belongs to. If the group does not exist it will be automatically generated by Infoblox.

Qualys_LastScanTime

True or False. 

Defines if an asset should be added to Qualys.

Qualys_Scan

True or False. 

Defines if an object should be scanned as a response to a security event.

Qualys_Scan_On_Add

True or False. 

Defines if an object should be scanned when it is added to Qualys.

Qualys_Scan_Option

Defines Qualys Scan option profile to be used.

Qualys_Scanner

Defined Qualys scanner appliance to be used.

Qualys_SyncTime

Internal attribute.

Provides the time when an object was synced with Qualys

Qualys_User_SNMP

SNMP credentials to be used to scan an object.

Qualys_User_Unix

Unix Credentials used to scan an object.

 

For more information regarding capabilities and configuration of the Infoblox and Qualys integration, please view the video below:

 

 

Comments, questions, or feedback are welcome.

Re: Updated Integration - Infoblox Integration with Qualys

New Member
Posts: 1
7749     0

do you have template that can scan existing networks in the Infoblox.


@dzenone wrote:

We are excited to announce an update to the Infoblox® integration with Qualys.

 

By combining Infoblox’s DNS technology with the Qualys Cloud Platform, organizations can automate scanning as new devices join the network, or when malicious activity is detected. Infoblox provides a single source of truth for devices and networks which Qualys can leverage to organize new assets, automate tracking, and generate a detailed view of the network. Additionally, Infoblox’s robust DNS security can be used to inform Qualys of potential infected hosts, which effectively increases the visibility to indicators of compromise. In summary, Infoblox paired with Qualys, allows for increased automation, improved remediation, and a better ROI on both products.

 

This Integration supports a wide variety of events in IPv4 Only: ADP, Fixed Addresses, Host Addresses, Lease, Network, RPZ, Range, and Tunnel.

 

The Infoblox Integration with Qualys - Deployment Guide will cover the steps required to properly deploy this integration. Integration templates that are referenced in the deployment guide are attached to this blog post. Templates are in a .json format and are provided “as is”. As always, with any changes to your network, this integration should be fully tested before deploying into a production environment.

 

The templates require the extensible attributes described in the table below. It is recommended to inherit attributes with the default values from the network view level.

 

Extensible Attributes

Description

Qualys_Asset_PC

True or False. 

Defines if an asset should be created in the Qualys Policy Compliance Module.

Qualys_Asset_VM

True or False. 

Defines if an asset should be created in the Qualys Vulnerability Management Module.

Qualys_Assets_Group

Defines which Qualys Asset Group the network object belongs to. If the group does not exist it will be automatically generated by Infoblox.

Qualys_LastScanTime

True or False. 

Defines if an asset should be added to Qualys.

Qualys_Scan

True or False. 

Defines if an object should be scanned as a response to a security event.

Qualys_Scan_On_Add

True or False. 

Defines if an object should be scanned when it is added to Qualys.

Qualys_Scan_Option

Defines Qualys Scan option profile to be used.

Qualys_Scanner

Defined Qualys scanner appliance to be used.

Qualys_SyncTime

Internal attribute.

Provides the time when an object was synced with Qualys

Qualys_User_SNMP

SNMP credentials to be used to scan an object.

Qualys_User_Unix

Unix Credentials used to scan an object.

 

For more information regarding capabilities and configuration of the Infoblox and Qualys integration, please view the video below:

 

 

Comments, questions, or feedback are welcome.



 

Re: Updated Integration - Infoblox Integration with Qualys

Techie
Posts: 17
7749     0

Hi Abolla,

The templates currently only prompt scans for newly added assets, and when security events occur.

 

Thank you,

David

Re: Updated Integration - Infoblox Integration with Qualys

New Member
Posts: 6
7749     0

Hello,

 

Can you please tell me where I can download the Qualys templates for the Infoblox-Qualys integration?

 

Thanks in advance

Re: Updated Integration - Infoblox Integration with Qualys

Techie
Posts: 17
7749     0

Hi RustyQualyz,

 

The templates are located underneath my forum post above, please look for the hyperlinks.

 

Thank you,

David

Re: Updated Integration - Infoblox Integration with Qualys

New Member
Posts: 6
7749     0

Hey David,

 

In looking at the post, I only saw three links:

 

Qualys Security.txt

Qulays Minimal.txt

Qualys Asset.txt

 

Are these the links you are referring to?

Re: Updated Integration - Infoblox Integration with Qualys

Techie
Posts: 17
7749     0

Hi RustyQualyz,

 

This is correct, you will need to change these text files to .json before uploading them into NIOS.

 

Thank you,

David

Re: Updated Integration - Infoblox Integration with Qualys

[ Edited ]
New Member
Posts: 2
7749     0

In the file "Qualys Asset.txt":

Between the steps "EndForHostFixed" (line 1192) and "checkSyncForLease"(line 1229) I see bunch of empty space. 

Could it be the case something is missing here?

UPDATE: I found the same empy space further down. Looks like you are marking the different parts of the template with it. :-)

Re: Updated Integration - Infoblox Integration with Qualys

Techie
Posts: 17
7749     0

This is correcet AndreySm, if desired you can remove that space. Just ensure the brackets are maintained before using.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You