Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

Qualys

Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
Updated Integration - Infoblox Integration with Qualys 9-30-2020
Techie
dzenone
Posts: 16
Registered: ‎07-22-2019

‎05-25-2022 08:41 AM

dzenone
Techie
Posts: 17

We are excited to announce an update to the Infoblox® integration with Qualys.

 

By combining Infoblox’s DNS technology with the Qualys Cloud Platform, organizations can automate scanning as new devices join the network, or when malicious activity is detected. Infoblox provides a single source of truth for devices and networks which Qualys can leverage to organize new assets, automate tracking, and generate a detailed view of the network. Additionally, Infoblox’s robust DNS security can be used to inform Qualys of potential infected hosts, which effectively increases the visibility to indicators of compromise. In summary, Infoblox paired with Qualys, allows for increased automation, improved remediation, and a better ROI on both products.

 

This Integration supports a wide variety of events in IPv4 Only: ADP, Fixed Addresses, Host Addresses, Lease, Network, RPZ, Range, and Tunnel.

 

The Infoblox Integration with Qualys - Deployment Guide will cover the steps required to properly deploy this integration. Integration templates that are referenced in the deployment guide are attached to this blog post. Templates are in a .json format and are provided “as is”. As always, with any changes to your network, this integration should be fully tested before deploying into a production environment.

 

The templates require the extensible attributes described in the table below. It is recommended to inherit attributes with the default values from the network view level.

 

Extensible Attributes

Description

Qualys_Asset_PC

True or False. 

Defines if an asset should be created in the Qualys Policy Compliance Module.

Qualys_Asset_VM

True or False. 

Defines if an asset should be created in the Qualys Vulnerability Management Module.

Qualys_Assets_Group

Defines which Qualys Asset Group the network object belongs to. If the group does not exist it will be automatically generated by Infoblox.

Qualys_LastScanTime

True or False. 

Defines if an asset should be added to Qualys.

Qualys_Scan

True or False. 

Defines if an object should be scanned as a response to a security event.

Qualys_Scan_On_Add

True or False. 

Defines if an object should be scanned when it is added to Qualys.

Qualys_Scan_Option

Defines Qualys Scan option profile to be used.

Qualys_Scanner

Defined Qualys scanner appliance to be used.

Qualys_SyncTime

Internal attribute.

Provides the time when an object was synced with Qualys

Qualys_User_SNMP

SNMP credentials to be used to scan an object.

Qualys_User_Unix

Unix Credentials used to scan an object.

 

For more information regarding capabilities and configuration of the Infoblox and Qualys integration, please view the video here: https://www.youtube.com/watch?v=RG07IEDbSUo

images.icon_attachment.alt
Qualys Asset.txt ‏95 KB
images.icon_attachment.alt
Qualys Minimal 2.0.txt ‏0 KB
images.icon_attachment.alt
Qualys Security.txt ‏20 KB
Reply
Re: Updated Integration - Infoblox Integration with Qualys 9-30-2020
New Member
RustyQualyz
Posts: 6
Registered: ‎07-02-2021

‎09-12-2022 10:57 AM

RustyQualyz
New Member
Posts: 6

I really like the thought of this.  I do have a question though.  Could this be setup to send our team a list of subnets that were created in Infoblox every week?  In our current state, we scan by CIDR blocks not individual assets.

 

Please let me know what/how I could configure the integration to do this.

 

Thank you very much in advance.

 

R

Reply
0 Kudos
Re: Updated Integration - Infoblox Integration with Qualys 9-30-2020
Techie
dzenone
Posts: 16
Registered: ‎07-22-2019

‎09-12-2022 12:18 PM

dzenone
Techie
Posts: 17

Hi RustyQualys,

 

It doesn't appear that the Qualys API call supports an email flag; however it looks like you can add an email notification when a scan is completed: https://qualysguard.qg2.apps.qualys.com/portal-help/en/was/scans/scan_complete_email_notification.ht... But I'm not sure if this is what you were looking for.

 

Additionally, some API calls in Qualys do support email flags but they appear to be outside of that specific use case: https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf

 

NIOS doesn't appear to have an email notification setting relating directly to outbound API or to subnet addition. (Documentation link: https://docs.infoblox.com/space/nios86/35818808/What's+New)

 

Hope this helps,

David

Reply
0 Kudos
Re: Updated Integration - Infoblox Integration with Qualys 9-30-2020
New Member
RustyQualyz
Posts: 6
Registered: ‎07-02-2021

‎09-13-2022 05:52 AM

RustyQualyz
New Member
Posts: 6

Could this integration be setup to add any new assets in Infoblox to an asset group and not scan them?  Is that possible?

Reply
0 Kudos
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: