SIGN IN YOUR ACCOUNT TO HAVE ACCESS TO DIFFERENT FEATURES

FORGOT YOUR PASSWORD?

FORGOT YOUR DETAILS?

AAH, WAIT, I REMEMBER NOW!
Need Help? Email [email protected]
  • LOGIN

E-SPIN Group

CONTACT US / GET A QUOTE
  • No products in cart.
  • HOME
  • PROFILE
    • Corporate Profile
    • About us
    • Customer Overview
    • Investor Relations
    • Procurement
  • GLOBAL THEMES
    • Artificial Intelligence (AI)
    • Big Data
    • Blockchain
    • Cloud Computing
    • Cognitive Computing
    • Cyber Security
    • DevSecOps
    • Digital Transformation (DT)
    • Modern Workplace
    • Internet of Things (IoT)
    • Quantum Computing
  • SOLUTIONS
    • Application Security
    • DevSecOps
    • Digital Forensics
    • IT Operations Management (ITOM)
    • Malware Analysis and Reverse Engineering
    • Network Management System (NMS)
    • Network Operation (NetOps)
    • Network Performance Monitoring and Diagnostics (NPMD)
    • Penetration Testing
    • Secure Development
    • Security Information & Event Management (SIEM)
  • INDUSTRIES
    • Aerospace & Defense
    • Automotive
    • Banking & Financial Markets
    • Chemical & Petroleum
    • Commercial and Professional Services
    • Construction & Real Estate
    • Consumer Products
    • Education
    • Electronics
    • Energy & Utilities
    • Food & Beverage
    • Information Technology
    • Insurance
    • Healthcare
    • Goverment
    • Telecommunications
    • Transportation
    • Travel
    • Manufacturing
    • Media & Entertainment
    • Mining & Natural Resources
    • Life Sciences
    • Retail
  • PRODUCTS
    • Brand Overview
      • Acunetix
      • E-Lock
      • Hex-Rays
      • Immunity
      • Progress | Ipswitch
      • Metageek
      • Qualys
      • Parasoft
      • Tenable
      • Titania
      • Veracode
    • Rest of Brands
      • Adobe
      • BeyondTrust
      • Core Security
      • DefenseCode
      • HCL
      • ImmuniWeb
      • LiveAction
      • McAfee
      • Micro Focus
      • Microsoft
        • Microsoft Surface
      • Netsparker
      • Nutanix
      • Paessler
      • PECB
      • Portswigger
      • Red Hat
      • Riverbed
      • RSA
      • Solarwinds
      • TamoSoft
      • Trend Micro
      • TSFactory
      • Trustwave
      • VMware
      • VanDyke
      • Visiwave
    • Services Overview
    • Line Card
  • e-STORE
    • e-STORE
    • eSTORE Guide
    • SUPPORT
  • CAREERS
    • Careers
    • Culture, Values and CSR
    • How We Hire
    • Job Openings
  • BLOG / NEWS
    • Blogs and News
    • Resources Library
    • Calendar of Events
  • CONTACT
  • Home
  • FAQ
  • Qualys vulnerability information for IBM QRadar SIEM
0
E-SPIN
Thursday, 14 December 2017 / Published in FAQ, IBM, Qualys, Solution

Qualys vulnerability information for IBM QRadar SIEM

Qualys vulnerability information for IBM QRadar SIEM is popular being ask topic. Beside make use of the free application develop by Qualys for QRadar. QRadar can retrieve vulnerability information from the Qualys API or through a download of a scan reports from a QualysGuard appliance. This article will be address co customer who had Qualys and QRadar implement to achieve continuous vulnerability, risk monitoring and security intelligence.

Qualys vulnerability information for IBM QRadar SIEM in general make use of Qualys Scanner. The Qualys Detection Scanner uses the QualysGuard Host Detection List API to query across multiple scan reports to collect vulnerability data for assets. The returned data contains the vulnerability as an identification number, which QRadarcompares against the latest Qualys Vulnerability Knowledge Base. The Qualys Detection Scanner does not support live scans, but enables the Qualys Detection Scanner to retrieve vulnerability information aggregated across multiple scan reports. QRadar supports the key search parameters, such as the Operating System Filter and Asset Group Name field. The Qualys Detection Scanner provides an option to configure how frequently the Qualys Vulnerability Knowledge Base is retrieved and cached by QRadar. This is the Qualys Vulnerability Retention Period field. Administrators have an option to force an update of the Qualys Vulnerability Knowledge Base for every scan. The Qualys user account you specify for QRadarmust have permissions enabled to download the Qualys KnowledgeBase. QualysGuard vulnerability and asset information is supported on QualysGuard appliances using software version 4.7 to 7.10.

QRadar retrieve vulnerability information from the Qualys API

To configure a Qualys host detection API

  • Adding a Qualys detection scanner
    The Qualys Detection Scanner uses the QualysGuard Host Detection List API to query across multiple scan reports to collect vulnerability data for assets.

Procedure

  1. Click the Admin tab.
  2. Click the VA Scanners icon.
  3. Click Add.
  4. In the Scanner Name field, type a name to identify your Qualys scanner.
  5. From the Managed Host list, select the managed host from your QRadar® deployment that manages the scanner import.
  6. From the Type list, select Qualys Detection Scanner.
  7. In the Qualys Server Host Name field, type the Fully Qualified Domain Name (FQDN) or IP address of the QualysGuard management console based on your location. When an administrator specifies the FQDN, they must type the host name and not the URL. For example, type qualysapi.qualys.com, qualysapi.qualys.eu, or the FQDN of the internal Qualys for systems that use full scanning infrastructure with an internal management console.
  8. In the Qualys Username field, type the username necessary for requesting scans. This is the same username required to log in to the Qualys server. The user you specify must have access to download the Qualys KnowledgeBase or you must enable the user account with the option to download the Qualys KnowledgeBase. For more information, see your Qualys documentation.
  9. In the Qualys Password field, type the password required to access the Qualys scanner.
  10. In the Operating System Filter field, type a regular expression (regex) required to filter the scan data by operating system. The default regular expression is .*, which matches all operating system.
  11. In the Asset Group Names field, type a comma-separated list to query IP addresses by the asset group name. An asset group is a name provided by a user in the Qualys management interface to identify a list or range of IP addresses. For example, an asset group named Building1 can contain the IP address 192.168.0.1. An asset group Webserver can contain 192.168.255.255. In QRadar, to retrieve vulnerability information for both of these assets, type Building1,Webserver When the scan completes, the Asset tab in QRadar displays vulnerabilities by their IP address. In this example, QRadar can display all vulnerabilities for assets 192.168.0.1 and 191.168.255.255.
  12. In the Host Scan Time Filter (Days) field, type a numeric value to create a filter for the last time the host was scanned. Host scan times that are older than the specified number of days are excluded from the results returned by Qualys.
  13. In the Qualys Vulnerability Retention Period (Days) field, type the number of days you want QRadar to store the Qualys Vulnerability Knowledge Base. The default is 7 days. If a scan is scheduled and the retention period has expired, the system downloads an update.
  14. Select the Force Qualys Vulnerability Update check box to force the system to update to the latest Qualys Vulnerability Knowledge Base for each scheduled scan.
  15. To configure a proxy, select the Use Proxy check box. This following parameters are required:
    1. In the Proxy Host Name field, type the host name or IP address for the proxy server.
    2. In the Proxy Port field, type the port for the proxy server.
    3. In the Proxy Username field, type the username for the proxy server.
    4. In the Proxy Password field, type the username for the proxy server.
  16. To configure a CIDR range for your scanner:
    1. In the text field, type the CIDR range you want this scanner to consider or click Browse to select a CIDR range from the network list.
    2. Click Add.
  17. Click Save.
  18. On the Admin tab, click Deploy Changes. Any changes to the proxy configuration requires a Deploy Full Configuration.
  • Adding a Qualys scheduled live scan
    Live scans enables administrators to launch preconfigured scans on the Qualys Scanner and collect the scan results when the live scan completes.

Procedure

  1. Click the Admin tab.
  2. Click the VA Scanners icon.
  3. Click Add.
  4. In the Scanner Name field, type a name to identify your Qualys scanner.
  5. From the Managed Host list, select the managed host from your QRadar® deployment that manages the scanner import.
  6. From the Type list, select Qualys Scanner.
  7. In the Qualys Server Host Name field, type the Fully Qualified Domain Name (FQDN) or IP address of the QualysGuard management console based on your location. When an administrator specifies the FQDN, they must type the host name and not the URL. For example, type qualysapi.qualys.com, qualysapi.qualys.eu, or the FQDN of the internal Qualys for systems that use full scanning infrastructure with an internal management console.
  8. In the Qualys Username field, type the username necessary for requesting scans. This is the same username required to log in to the Qualys server. The user you specify must have access to download the Qualys KnowledgeBase or you must enable the user account with the option to download the Qualys KnowledgeBase. For more information, see your Qualys documentation.
  9. In the Qualys Password field, type the password required to access the Qualys scanner.
  10. To configure a proxy, select the Use Proxy check box. This following parameters are required:
    1. In the Proxy Host Name field, type the host name or IP address for the proxy server.
    2. In the Proxy Port field, type the port for the proxy server.
    3. In the Proxy Username field, type the username for the proxy server.
    4. In the Proxy Password field, type the password for the proxy server.
  11. From the Collection Type list, select Scheduled Live – Scan Report.
  12. In the Scanner Name field, type the name of the scanner that you want to perform the scan, as it is displayed on the QualysGuard server. To obtain the scanner name, contact your network administrator. Public scanning appliance must clear the name from this field.
  13. In the Option Profiles field, type the name of the option profile to determine which scan is started as a live scan.QRadar retrieves the completed live scan data after the live scan completes. Live scans only support one option profile name per scanner configuration.
  14. To configure a CIDR range for your scanner:
    1. In the text field, type the CIDR range you want this scanner to consider or click Browse to select a CIDR range from the network list.
    2. Click Add.
  15. Click Save.
  16. On the Admin tab, click Deploy Changes. Any changes to the proxy configuration requires a Deploy Full Configuration.
  • Adding a Qualys scheduled import asset report
    An asset report data import enables administrators to schedule QRadar to retrieve a single asset report from your Qualys scanner.

Live scans enables administrators to launch preconfigured scans on the Qualys Scanner and collect the scan results when the live scan completes.

Procedure

  1. Click the Admin tab.
  2. Click the VA Scanners icon.
  3. Click Add.
  4. In the Scanner Name field, type a name to identify your Qualys scanner.
  5. From the Managed Host list, select the managed host from your QRadar® deployment that manages the scanner import.
  6. From the Type list, select Qualys Scanner.
  7. In the Qualys Server Host Name field, type the Fully Qualified Domain Name (FQDN) or IP address of the QualysGuard management console based on your location. When an administrator specifies the FQDN, they must type the host name and not the URL. For example, type qualysapi.qualys.com, qualysapi.qualys.eu, or the FQDN of the internal Qualys for systems that use full scanning infrastructure with an internal management console.
  8. In the Qualys Username field, type the username necessary for requesting scans. This is the same username required to log in to the Qualys server. The user you specify must have access to download the Qualys KnowledgeBase or you must enable the user account with the option to download the Qualys KnowledgeBase. For more information, see your Qualys documentation.
  9. In the Qualys Password field, type the password required to access the Qualys scanner.
  10. To configure a proxy, select the Use Proxy check box. This following parameters are required:
    1. In the Proxy Host Name field, type the host name or IP address for the proxy server.
    2. In the Proxy Port field, type the port for the proxy server.
    3. In the Proxy Username field, type the username for the proxy server.
    4. In the Proxy Password field, type the password for the proxy server.
  11. From the Collection Type list, select Scheduled Live – Scan Report.
  12. In the Scanner Name field, type the name of the scanner that you want to perform the scan, as it is displayed on the QualysGuard server. To obtain the scanner name, contact your network administrator. Public scanning appliance must clear the name from this field.
  13. In the Option Profiles field, type the name of the option profile to determine which scan is started as a live scan.QRadar retrieves the completed live scan data after the live scan completes. Live scans only support one option profile name per scanner configuration.
  14. To configure a CIDR range for your scanner:
    1. In the text field, type the CIDR range you want this scanner to consider or click Browse to select a CIDR range from the network list.
    2. Click Add.
  15. Click Save.
  16. On the Admin tab, click Deploy Changes. Any changes to the proxy configuration requires a Deploy Full Configuration.
  • Adding a Qualys scheduled import scan report
    An scan report data import enables administrators to schedule QRadar to retrieve scan reports from your Qualys scanner.

Procedure

  1. Click the Admin tab.
  2. Click the VA Scanners icon.
  3. Click Add.
  4. In the Scanner Name field, type a name to identify your Qualys scanner.
  5. From the Managed Host list, select the managed host from your QRadar deployment that manages the scanner import.
  6. From the Type list, select Qualys Scanner.
  7. In the Qualys Server Host Name field, type the Fully Qualified Domain Name (FQDN) or IP address of the QualysGuard management console based on your location. When an administrator specifies the FQDN, they must type the host name and not the URL. For example, type qualysapi.qualys.com, qualysapi.qualys.eu, or the FQDN of the internal Qualys for systems that use full scanning infrastructure with an internal management console.
  8. In the Qualys Username field, type the username necessary for requesting scans. This is the same username required to log in to the Qualys server. The user you specify must have access to download the Qualys KnowledgeBase or you must enable the user account with the option to download the Qualys KnowledgeBase. For more information, see your Qualys documentation.
  9. In the Qualys Password field, type the password required to access the Qualys scanner.
  10. To configure a proxy, select the Use Proxy check box. This following parameters are required:
    1. In the Proxy Host Name field, type the host name or IP address for the proxy server.
    2. In the Proxy Port field, type the port for the proxy server.
    3. In the Proxy Username field, type the username for the proxy server.
    4. In the Proxy Password field, type the password for the proxy server.
  11. From the Collection Type list, select Scheduled Import – Scan Report.
  12. In the Option Profiles field, type the name of the option profile to determine which scan is started as a live scan.QRadar retrieves the completed live scan data after the live scan completes. Live scans only support one option profile name per scanner configuration.
  13. In the Scan Report Name Pattern field, type a regular expression (regex) required to filter the list of scan reports. All matching files are included in the processing. The default value regular expression is .*. The .* pattern imports all scan reports.
  14. In the Max Reports Age (Days) field, type the maximum file age for your scan results file. Files that are older than the specified days and timestamp on the report file are excluded when the schedule scan starts. The default value is 7 days.
  15. Optional. In the Import File field, type a directory path to download and import a single scan report from Qualys. For example, /qualys_logs/test_report.xml. If you specify an import file location, QRadar downloads the contents of the asset report from Qualys to a local directory and imports the file. When the Import File field does not contain a value or if the file or directory cannot be found, then the Qualys scanner attempts to retrieve the latest scan report using the Qualys API based on the information in the Option Profiles field.
  16. To configure a CIDR range for your scanner:
    1. In the text field, type the CIDR range you want this scanner to consider or click Browse to select a CIDR range from the network list.
    2. Click Add.
  17. Click Save.
  18. On the Admin tab, click Deploy Changes. Any changes to the proxy configuration requires a Deploy Full Configuration.

Remark: above steps and procedure is compile from IBM QRadar document for this common ask topic Qualys vulnerability information for IBM QRadar SIEM, if future version QRadar change the way for the import, please refer the latest guideline accordingly.

Feel free to contact E-SPIN for Vulnerability Management and Security Information Event Management (SIEM) integration for continuous vulnerability, risk monitoring and security intelligence implementation and requirement.

Tagged under: Continuous Monitoring, Continuous Vulnerability, IBM, QRadar, Qualys, Unified Security Monitoring, Vulnerability Management

What you can read next

Cybersecurity Predictions for 2018
Cybersecurity Predictions for 2018
The Advantages & Disadvantages of User Activity Monitoring to Employee
7 Security Steps To Protect Your Server
7 Security Steps To Protect Your Server

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Why paper planner, notebook and journal still one of modern productivity tool

    Paper planner is symbol of dated work practice?...
  • The future of work after COVID-19

    Let’s get real, despite the vaccine rolli...
  • Retail trends for 2021 and beyond

    After a year long of COVID-19 pandemic, lockdow...
  • AppSec Lab AppUse Pro product discontinued notice

    For all the business partners and customers, Be...
  • Linux dominance DevSecOps

    Whether from the DevOps to modern DevSecOps, Li...

Recent Comments

  • Dorai M on 5 Common ML Challenges Data Scientists Face

Archives

  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • March 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • February 2016
  • January 2016
  • December 2015
  • November 2015
  • October 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • January 2015
  • December 2014
  • October 2014
  • September 2014
  • July 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013
  • February 2013
  • January 2013
  • December 2012
  • November 2012
  • October 2012
  • September 2012
  • August 2012
  • July 2012
  • June 2012
  • May 2012
  • February 2012
  • July 2011
  • June 2011
  • February 2009
  • July 2008

Categories

  • Acunetix
  • Adobe
  • Aerospace and Defence
  • AppSec Labs
  • Automotive
  • Banking and Financial Markets
  • BeyondTrust
  • Brand
  • Chemical and petroleum
  • Codified Security
  • Commercial and Professional Services
  • Construction and Real Estate
  • Consumer products
  • Contact Us
  • Core Impact
  • Core Security
  • DefenseCode
  • E-Lock
  • Education
  • Electronics
  • Energy and utilities
  • FAQ
  • Food and Beverage (F&B)
  • GFI
  • Global Themes and Feature Topics
  • Government
  • HCL
  • Healthcare
  • Hex-Rays
  • IBM
  • Immunity
  • ImmuniWeb
  • Industries
  • Information Technology
  • Insurance
  • Ipswitch
  • Job
  • Life Science
  • LiveAction
  • Logpoint
  • Manufacturing
  • McAfee
  • Media and Entertainment
  • Metageek
  • Micro Focus
  • Microsoft
  • Mining and Natural Resources
  • Nessus
  • Netsparker
  • News
  • Nutanix
  • Paessler
  • Parasoft
  • PECB
  • PortSwigger
  • Pradeo
  • Product
  • Qualys
  • Rapid7
  • RedHat
  • Retail
  • Retina
  • Riverbed
  • RSA
  • Security Innovation
  • Security Roots
  • Services
  • SILICA
  • Smart City
  • Soft Activity
  • SolarWinds
  • Solution
  • Symantec
  • TamoSoft
  • Telecommunications
  • Tenable
  • Titania
  • Transportation
  • Travel
  • Trend Micro
  • Trustwave
  • TSFactory
  • Uncategorized
  • Vandyke
  • Veracode
  • Videos
  • VisiWave
  • VMware
  • Webinar Archive

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

CORPORATE

  • Profile
  • About us
  • Careers
  • Investor Relations
  • Procurement

SOLUTIONS & PRODUCTS

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services

STORE & SUPPORT

  • Shop
  • Cart
  • Checkout
  • My Account
  • Support

PRODUCTS & SERVICES

  • Industries
  • Solutions
  • Products
  • Brand Overview
  • Services

FOLLOW US

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn
  • YouTube
  • WordPress Blog
© 2005 - 2021 E-SPIN Group of Companies | All rights reserved.
  • Contact
  • Privacy
  • Terms of use
TOP