- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Updated Integration - Infoblox Integration with Qualys 9-30-2020
We are excited to announce an update to the Infoblox® integration with Qualys.
By combining Infoblox’s DNS technology with the Qualys Cloud Platform, organizations can automate scanning as new devices join the network, or when malicious activity is detected. Infoblox provides a single source of truth for devices and networks which Qualys can leverage to organize new assets, automate tracking, and generate a detailed view of the network. Additionally, Infoblox’s robust DNS security can be used to inform Qualys of potential infected hosts, which effectively increases the visibility to indicators of compromise. In summary, Infoblox paired with Qualys, allows for increased automation, improved remediation, and a better ROI on both products.
This Integration supports a wide variety of events in IPv4 Only: ADP, Fixed Addresses, Host Addresses, Lease, Network, RPZ, Range, and Tunnel.
The Infoblox Integration with Qualys - Deployment Guide will cover the steps required to properly deploy this integration. Integration templates that are referenced in the deployment guide are attached to this blog post. Templates are in a .json format and are provided “as is”. As always, with any changes to your network, this integration should be fully tested before deploying into a production environment.
The templates require the extensible attributes described in the table below. It is recommended to inherit attributes with the default values from the network view level.
Extensible Attributes |
Description |
Qualys_Asset_PC |
True or False. Defines if an asset should be created in the Qualys Policy Compliance Module. |
Qualys_Asset_VM |
True or False. Defines if an asset should be created in the Qualys Vulnerability Management Module. |
Qualys_Assets_Group |
Defines which Qualys Asset Group the network object belongs to. If the group does not exist it will be automatically generated by Infoblox. |
Qualys_LastScanTime |
True or False. Defines if an asset should be added to Qualys. |
Qualys_Scan |
True or False. Defines if an object should be scanned as a response to a security event. |
Qualys_Scan_On_Add |
True or False. Defines if an object should be scanned when it is added to Qualys. |
Qualys_Scan_Option |
Defines Qualys Scan option profile to be used. |
Qualys_Scanner |
Defined Qualys scanner appliance to be used. |
Qualys_SyncTime |
Internal attribute. Provides the time when an object was synced with Qualys |
Qualys_User_SNMP |
SNMP credentials to be used to scan an object. |
Qualys_User_Unix |
Unix Credentials used to scan an object. |
For more information regarding capabilities and configuration of the Infoblox and Qualys integration, please view the video here: https://www.youtube.com/watch?v=RG07IEDbSUo
Re: Updated Integration - Infoblox Integration with Qualys 9-30-2020
09-12-2022 10:57 AM
I really like the thought of this. I do have a question though. Could this be setup to send our team a list of subnets that were created in Infoblox every week? In our current state, we scan by CIDR blocks not individual assets.
Please let me know what/how I could configure the integration to do this.
Thank you very much in advance.
R
Re: Updated Integration - Infoblox Integration with Qualys 9-30-2020
Hi RustyQualys,
It doesn't appear that the Qualys API call supports an email flag; however it looks like you can add an email notification when a scan is completed: https://qualysguard.qg2.apps.qualys.com/portal-help/en/was/scans/scan_complete_email_notification.ht... But I'm not sure if this is what you were looking for.
Additionally, some API calls in Qualys do support email flags but they appear to be outside of that specific use case: https://www.qualys.com/docs/qualys-api-vmpc-user-guide.pdf
NIOS doesn't appear to have an email notification setting relating directly to outbound API or to subnet addition. (Documentation link: https://docs.infoblox.com/space/nios86/35818808/What's+New)
Hope this helps,
David
Re: Updated Integration - Infoblox Integration with Qualys 9-30-2020
09-13-2022 05:52 AM
Could this integration be setup to add any new assets in Infoblox to an asset group and not scan them? Is that possible?