Ingesting Vulnerability Management data to LogPoint

334

Ingesting Vulnerability Management data to LogPoint 

February 2017

Getting Qualys VM data into LogPoint is something many of our customers have been asking for. In this document we outline how data is pulled from the Qualys Reporting API, into LogPoint for easy analysis, correlation and reporting. 

Overview 

Qualys 1

When you are using Qualys, either from the cloud or via an on premise appliance, the scan results and management of the scan is maintained from the Qualys Cloud. Qualys exposes an API that LogPoint uses to pull the data. To get started you have to download the Qualys Fetcher and install it. Once installed and configured, data will be ingested and can be analyzed and further correlated with observables in the network.

Getting Started

Go to our Help Center and find our Qualys Application.

On your LogPoint system, import the application and configure the fetcher (from the localhost device):

 Qualys 3

After the fetcher has been configured, it will pull information from the Qualys API and store it in two places. A table and a repo.

Qualys 3

By storing the data in a repository, historical data and trending of vulnerabilities and the security posture of a given device can be achieved.

In the table the latest full scan result for all devices are stored. This is for real-time correlations of observed data with an updated scan result. Also; Since scans can include different devices from scan to scan, having the table updated with the latest result from all devices can come in handy when searching through data.

Overview of out-of-the-box analytics

Dashboard with information about vulnerabilities observed

Qualys 4

Dashboard with rich information about vulnerabilities and hosts

Qualys 5

More Information?

You are always welcome to get in touch, if you have any questions! Find your local LogPoint office here.

Why LogPoint?

With LogPoint, you will discover a full enterprise SIEM solution. 

LogPoint is EAL 3+ certified and the solution is tailored to solve the specific security management challenges of your business - whether the goal is compliance, forensics or operational insight.

And the best part..? We have the most predictable licensing model in the industry.