Getting Qualys VM data into LogPoint is something many of our customers have been asking for. In this post, we outline how data is pulled from the Qualys Reporting API, into LogPoint for easy analysis, correlation, and reporting.
When you are using Qualys, either from the cloud or via an on-premise appliance, the scan results and management of the scan is maintained from the Qualys Cloud. Qualys exposes an API that LogPoint uses to pull the data. To get started you have to download the Qualys Fetcher and install it. Once installed and configured, data will be ingested and can be analyzed and further correlated with observables in the network.
On your LogPoint system, import the application and configure the fetcher (from the localhost device):
After the fetcher has been configured, it will pull information from the Qualys API and store it in two places. A table and a repo.
By storing the data in a repository, historical data and trending of vulnerabilities and the security posture of a given device can be achieved.
In the table, the latest full scan result for all devices are stored. This is for real-time correlations of observed data with an updated scan result. Also, since scans can include different devices from scan to scan, having the table updated with the latest result from all devices can come in handy when searching through data.
Overview of out-of-the-box analytics
Dashboard with information about vulnerabilities observed
Dashboard with rich information about vulnerabilities and hosts