VMDR Lab Tutorial Supplement V2

Download as pdf or txt
Download as pdf or txt
You are on page 1of 42
At a glance
Powered by AI
This document discusses various components of Qualys' Vulnerability Management, Detection and Response (VMDR) platform including scanners, agents, sensors and applications to detect vulnerabilities, monitor assets, and deploy patches.

The document discusses scanners, agents, sensors, asset inventory, vulnerability management, dashboards, patch deployment and prioritization reporting.

Additional applications discussed include Security Configuration Assessment, CloudView, Container Security, and CertView.

Vulnerability Management

Detection & Response (VMDR)


Lab Tutorial Supplement

1
Table of Contents
COMPREHENSIVE SENSORS ................................................................................................................................. 3
SCANNER APPLIANCE .................................................................................................................................................................. 3
DOWNLOAD CLOUD AGENT ........................................................................................................................................................ 4
CONFIGURE AGENTS FOR VMDR .............................................................................................................................................. 6
PASSIVE SENSOR ........................................................................................................................................................................... 9
CLOUD CONNECTOR ................................................................................................................................................................... 11
CONTAINER SENSOR .................................................................................................................................................................. 12
CONTAINER RUNTIME SECURITY ............................................................................................................................................. 13
GLOBAL IT ASSET INVENTORY ........................................................................................................................ 14
DYNAMIC RULE-BASED TAGS .................................................................................................................................................. 14
MANAGED VS. UNMANAGED ASSETS ....................................................................................................................................... 15
UNIDENTIFIED VS. UNKNOWN ................................................................................................................................................. 16
CMDB SYNC ............................................................................................................................................................................... 17
VULNERABILITY MANAGEMENT ..................................................................................................................... 18
VMDR PRIORITIZATION REPORT ................................................................................................................... 20
DASHBOARDS & WIDGETS ................................................................................................................................ 24
PATCH DEPLOYMENT JOB ................................................................................................................................. 27
CREATE DEPLOYMENT JOB ....................................................................................................................................................... 28
PATCH CATALOG .................................................................................................................................................. 32
APPENDIX A: ADDITIONAL VMDR APPLICATIONS ................................................................................... 35
SECURITY CONFIGURATION ASSESSMENT (SCA) ................................................................................................................. 35
CLOUDVIEW & CLOUD SECURITY ASSESSMENT (CSA) ....................................................................................................... 36
CONTAINER SECURITY (CS) ..................................................................................................................................................... 37
CERTVIEW (CERT) ................................................................................................................................................................... 39
CONTINUOUS MONITORING (CM) ........................................................................................................................................... 41
VMDR FOR MOBILE DEVICES BETA .................................................................................................................................... 42

2
Comprehensive Sensors
Qualys Sensors provide the most comprehensive approach to collecting all your asset
and software inventory data.

Scanner Appliance
Any Qualys user with scanning privileges has access to Qualys’ pool of Internet-based
Scanner Appliances.

Qualys Hardware-based and Virtual Scanner Appliances can be deployed throughout


your business or enterprise architecture.
Qualys Virtual Scanner appliances are available for multiple virtualization platforms:

For a detailed discussion of Scanner Appliance deployment and usage, please see the “Scanning
Strategies and Best Practices Self-Paced Training Course” (qualys.com/learning).

3
Download Cloud Agent
Qualys Cloud Agents install locally on the host assets they protect, sending all collected
data to the Qualys Cloud Platform, for analysis.

Qualys agents presently support various Windows, Mac, Linux, and Unix-based
operating systems.
Agents can be downloaded from the Qualys Cloud Agent application or the VMDR
“Welcome” page.
Navigate to the following URL to view the “Download Cloud Agent” tutorial:

Lab 1 - http://ior.ad/7bZq

Welcome Page

The VMDR “Welcome” page provides one more place for you to download and install
Qualys agents.

Here, you’ll find the same download executables and installation commands, as you
would within the Qualys Cloud Agent application.

4
Qualys Cloud Agent supports multiple operating systems. For a complete list of
supported operating systems, see the Cloud Agent Getting Started Guide:
https://www.qualys.com/docs/qualys-cloud-agent-getting-started-guide.pdf
When deploying agents from the VMDR “Welcome” page, the “Default VMDR Activation
Key” will be used.

This key is automatically generated for VMDR accounts. Other activation keys, you have
created, can be viewed and edited from the “Cloud Agent” application.
For a detailed discussion of agent installation steps, see the “Cloud Agent Self-Paced Training
Course” (qualys.com/learning).

5
Configure Agents for VMDR
Multiple VMDR applications are supported by Qualys Cloud Agent:
§ Asset Inventory (AI)
§ Vulnerability Management (VM)
§ Security Configuration Assessment (SCA) / Policy Compliance (PC)
§ Patch Management (PM)
These supported application modules must be activated for your VMDR host assets.
Navigate to the following URL to view the “Configure Agents for VMDR” tutorial:

Lab 2 - http://ior.ad/7bZE

Welcome Page

The VMDR “Welcome” page provides another place to configure agent Activation Keys
for VMDR.

This typically replaces the option to “Download Cloud Agent” for accounts that have
multiple Activation Keys.

6
Pick a key and then select the “Upgrade” option from the “Actions” button.

The key will be upgraded to include required VMDR application modules (AI, PM, VM,
SCA).

While VMDR includes the “Security Configuration Assessment” module (by default),
agent Activation Keys can be updated to include Policy Compliance (PC) instead of SCA.

Activation Key Tagging Strategy


Asset Tags provide an effective way to assign your agent host assets to their appropriate
configuration settings, assessment profiles, and patch jobs.
Unlike dynamic tags, static tags “stick” to their host systems. Once a “static” tag is
assigned to a target host, it will remain assigned to that host, until it is manually
removed or replaced.

7
The non-dynamic or predictable nature of a static tag makes it especially useful for
tracking host assets that are installed from the same Activation Key.

The same Asset Tags that are assigned to agent Activation Keys can then be used to
assign patching licenses to specific hosts and ensure agent hosts are correctly assigned
to their appropriate Configuration Profile, Patch Assessment Profile, and Patch Jobs.
For a detailed discussion of agent configuration and tuning, see the “Cloud Agent Self-Paced
Training Course” (qualys.com/learning).

8
Passive Sensor
Qualys Passive Sensor operates in “promiscuous” mode, capturing network traffic and
packets from either a network TAP, or the SPAN port of a network switch.

Simply deploy passive sensors at strategic network locations, to begin monitoring


network traffic and conversations.
Both physical (hardware-based) and virtual sensor appliances are available:

The Management Interface of the sensor appliance is assigned an IP address and must
successfully connect to the Qualys Cloud Platform.
The Sniffing Interface is not assigned an IP address and receives traffic from a network
TAP or the SPAN port of a network switch.

9
An important advantage to capturing network traffic, comes from the bonus
information collected from network conversations (conversations between
communicating hosts).

A passive sensor not only collects the traffic from “managed” company assets, but it also
sees traffic from other host assets and services that are attempting to communicate
with your “managed” host assets (including communications coming from unknown or
“unmanaged” assets).
For more information and details on deploying and using Passive Sensor, see the “Global
IT Asset Inventory and Management Self-Paced Training Course” (qualys.com/learning).

10
Cloud Connector
Create connectors for your AWS, Google, and Azure accounts.

Enumerate cloud instances and collect useful metadata such as:


• Instance or virtual machine ID
• Location or region
• External and private IPs
• Installed software and active services
• and much more...
Search Tip: Within the Qualys Asset Inventory application, use the “inventory.source”
query token, to quickly find AWS, Azure, and Google instances:
• AWS - inventory.source:INSTANCE_ID
• Azure – inventory.source:VIRTUAL_MACHINE_ID
• Google – inventory.source:GCP_INSTANCE_ID
Leverage Qualys Cloud Security Assessment (CSA), to identify and correct
misconfigurations.

11
Container Sensor
Qualys Container Sensor is installed on a Docker host as a container application, right
alongside other containers.

Once installed, CS will assess all new and existing Docker images and containers for
vulnerabilities (i.e., Qualys KnowledgeBase).

Types of Container Sensors:


• General – Scan Docker hosts.
• Registry – Scan images in public or private registries.
• CI/CD Pipeline – Scan images within CI/CD pipeline (e.g., Jenkins and Bamboo).
For more information and details on deploying and using Qualys Container Sensors, see
the “Container Security Self-Paced Training Course” (qualys.com/learning).

12
Container Runtime Security
Qualys Container Runtime Security provides container runtime visibility and protection
and allows you to create rules or policies to actively block or prevent unwanted actions
or events within your container applications.

This is achieved by instrumenting images with Container Security components that


gather functional-level, behavioural data about the processes running within a
container.
We use an application-native instrumentation process that provides complete visibility of
the application inside the container. The instrumentation is very lightweight and
provides configurable data collection options with low\no impact on application
containers.
This behavioural data is then used by Container Security to monitor process activity,
allowing you to apply security policies and custom security controls, to block specific
events or attempted activities.
Container Runtime Security (CRS) can be deployed for both on-prem and cloud
container environments and is particularly useful for securing containers in a CaaS
environment where the underlying host infrastructure is managed by a cloud service
provider.
Presently, the Container Runtime Security instrumenter supports the following registries
for instrumentation:
• Public registries: Docker Hub
• Private registries: v2-private registry: JFrog Artifactory (secure: auth + https)

13
Global IT Asset Inventory

The Qualys Asset Inventory (AI) application collects raw data from Qualys Sensors and
then adds its own categorization, normalization and enrichment.
Qualys provides Level 1 and 2 categories for Hardware, Operating Systems, and
Software Application assets.

Dynamic Rule-Based Tags


Qualys Asset Inventory provides multiple rule engines for creating dynamic Asset Tags.

The “Asset Inventory” rule engine allows you to build tags using the Qualys Query
Language and various query tokens, including the hardware, OS, and software category
tokens.
Navigate to the following URL to view the “Dynamic Rule-Based Tags” tutorial:

Lab 3 - http://ior.ad/7dEg

14
Example Queries
To build a dynamic tag for Relational Database Management Systems, use the “Asset
Inventory” rule engine with the following query:
software:(category:Databases / RDBMS)

The first value (Databases) is separated from the second value (RDBMS) by the slash
(“/”) symbol.
To build the same tag exclusively for “Server” host assets, use the “Asset Inventory” rule
engine with this modified query:
software:(category:Databases / RDBMS) and operatingSystem.category2:server

The Boolean operator “AND” combines the query from the previous example, with an
additional query token/condition. Boolean operators AND, OR and NOT can be
leveraged to build accurate and effective queries.

Managed vs. Unmanaged Assets


With Qualys Passive Sensor, the Asset Inventory application will help you to distinguish
between managed and unmanaged host assets.

Managed assets in your account, will have known values for (hostname, IP address, MAC
address, etc...). Newly discovered hostnames, IPs, and MAC Addresses will be initially
labeled as new or “Unmanaged.”

15
Unidentified vs. Unknown
The OS and Hardware values for some assets may be displayed as Unidentified or
Unknown. This is especially common within the list of “Unmanaged” assets.
Unidentified
§ Not enough data has been discovered/collected for Qualys to determine the
hardware or operating system.
§ To reduce the number of unidentified assets in your account, attempt to
perform scans in “authenticated” mode and ensure network filtering devices
allow your scan traffic to pass.
Unknown
§ Adequate data exists for Qualys to categorize the asset, but it has yet to be
cataloged.
§ Assets are processed by Qualys labs for analysis and categorization. Qualys
researchers review data and update the catalog daily.

Global IT Asset Inventory provides confidence levels (HIGH, MEDIUM, and LOW) for OS
and hardware detections of unmanaged assets.
New data collected can potentially be merged with existing data only when:
1. Both IP address and MAC address have been successfully matched, or
2. Both IP address and hostname have been successfully matched.
**NOTE: A single asset can potentially have multiple interfaces.

16
CMDB Sync
With the Qualys CMDB Sync App, your ServiceNow CMDB can serve as another source
of data. To work successfully, the app needs to be installed in Qualys and ServiceNow.
Once installed, metadata can move in both directions.
Asset metadata synchronization is performed only for assets already in both Qualys and
ServiceNow (i.e., not for new asset discovery). ServiceNow CMDB can benefit from
Qualys categorization, normalization, and data enrichment.

For more information and details about the CMDB Sync App, see the “Asset Inventory CMDB
Sync App” User Guide: https://www.qualys.com/docs/qualys-asset-inventory-cmdb-sync.pdf

17
Vulnerability Management
Vulnerability findings can be viewed from multiple Qualys applications, Global IT Asset
Inventory also provides response capabilities.

When viewing asset details from within the Asset Inventory application, vulnerability
findings are initially displayed graphically.

Specific vulnerability details can be quickly displayed with a click of your mouse.
Qualys severity levels rank the potential impact or outcome from a successful
vulnerability exploit.

Patches for specific vulnerabilities can then be added to a new or existing patch job,
directly from Asset Inventory.

18
Qualys VMDR provides extensive tools and features for working with vulnerabilities,
including dynamic Widgets and Dashboards, search and query tools, and the
“Prioritization Report.”
Once required assessment data is collected from Qualys scanners and agents, the
VULNERABILITIES section of Qualys VMDR, displays your complete list of discovered
vulnerabilities along with powerful search and query capabilities.
Patch Jobs can be quickly and conveniently created for a specific list of high-risk
vulnerabilities, allowing you to deploy patches, based upon the vulnerabilities they
actually fix.
Navigate to the following URL to view the “Vulnerability Assessment” tutorial:

Lab 4 - http://ior.ad/7dEB

After selecting one or more patchable vulnerabilities, click the “View Missing Patches”
option, to automatically begin job creation (within the Patch Management application).
Not all vulnerabilities are patchable. Use the following query to locate vulnerabilities
that are patchable by Qualys’ PM module:
vulnerabilities.vulnerability.qualysPatchable:TRUE
Remember, the task of deploying and uninstalling patches requires Qualys Cloud Agent
and the Patch Management module.
19
VMDR Prioritization Report
Use the VMDR Prioritization report to automatically prioritize the riskiest vulnerabilities
for your most critical assets – reducing potentially thousands of discovered
vulnerabilities, to the few that matter.
By correlating vulnerability information with threat intelligence and asset context, The
Prioritization Report will help you to “zero in” on your highest risk vulnerabilities and
quickly patch them.
The VMDR Prioritization report :
• Guides you to target and quickly patch your highest risk vulnerabilities.
• Helps you find the specific patch to fix a particular vulnerability.
• Allows you to quickly identify and remediate the vulnerabilities that are most
likely to get exploited.
• Empowers security analysts to pick and choose the relevant threat indicators for
your specific and unique organization.
• Provides an integrated workflow that reduces the time between vulnerability
detection and patch deployment.
Navigate to the following URL to begin the “VMDR Prioritization” tutorial:

Lab 5 - http://ior.ad/7dEE

After selecting one or more Asset tags to specify your targeted assets, prioritization
options are provided in three categories:
Age: Prioritize vulnerabilities by their age. Detection age is the number of days since the
vulnerability was first discovered (e.g., by a scanner or cloud agent). The “Vulnerability”
option will distribute vulnerabilities by actual or real age.

20
Real-Time Threat Indicators (RTI): Prioritize vulnerabilities by their known and existing
threats.

Combine multiple threat indicators, using the “Match Any” or “Match All” operators.
RTIs are divided into two groups: Potential Impact and Active Threats.

21
Attack Surface: Remove vulnerabilities from the report that are not associated with a
running kernel, actively running service and other attack surface indicators.

**NOTE: 300+ vulnerabilities in the Qualys KnowledgeBase can be effectively mitigated by


configuration. To view them, open the KnowledeBase and search for "Not Exploitable due
to Configuration."
Example: Enable Network Level Authentication (NLA) to block unauthenticated attackers
from exploiting the Windows RDP "Seven Monkeys/BlueKeep" vulnerability (QID 91563).
With NLA turned on, an attacker would first need to authenticate to Remote Desktop
Services using a valid account on the target system before the attacker could exploit the
vulnerability.

Once your priority options have been selected, click the “Prioritize Now” button.

The displayed assets, vulnerabilities and patches will reflect the priority options you
specify.

22
As you continue to make adjustments to the priority options, the displayed
vulnerabilities and patches are automatically adjusted. Patches can be deployed
individually or all at once.

23
Dashboards & Widgets
Continuously monitor assets and vulnerabilities with any number of “out-of-box”
Dashboards and Widgets, or build your own custom Dashboards and Widgets.

Navigate to the following URL to begin the “Dashboards & Widgets” tutorial:

Lab 6 - http://ior.ad/7ena

Widget Types
Widgets are designed to display query results graphically. There are four different
graphic options:

Widgets are automatically updated to reflect changes in your asset data and findings.

24
The “count” widget can be configured to change color, as changes to assets and
vulnerability findings reach specific thresholds or special conditions.

A “reference” query in the count widget, is useful for comparing the “initial” query’s
result set to some type of control or benchmark. The difference between the result sets
of both queries is represented as a percentage.
In the example above, HIGH severity vulnerabilities (Sev. 3, 4, 5) are presently about
94% of ALL vulnerabilities (Sev. 1, 2, 3, 4, 5). The “count” widget is configured to change
from its base color to red, when this percentage is greater than 50 percent.

25
Export to Dashboard
Export the results of any VMDR Prioritization Report and monitor them as a widget.

Results will be continuously updated within the Dashboard Widget.

26
Patch Deployment Job

While a patch assessment is useful for providing a list of “installed” and “missing”
patches, “Deployment Jobs” perform the tasks of actually installing patches to host
assets.
Navigate to the following URL to view the “PM Deployment Job” tutorial:

Lab 7 - http://ior.ad/7dVY

Before creating any job, you’ll need to add “patchable” agent hosts to the “Licenses” tab
(withing the CONFIGURATION section of the Patch Management application).

Use Asset Tags to include host assets for license consumption. The “Total Consumption”
indicator is updated with the number of agent hosts labelled with the tag(s) included.

27
Create Deployment Job
You can create a “Deployment Job” for agent host assets that are missing patches.
Presently, you can add a maximum of 2000 patches to a single job.

While it is common to build a job from the JOBS section, of the PM application, jobs can
also be created within the PATCHES and ASSETS sections.

You can add assets to a job by Host Name or by Asset Tag. If you include more than one
Asset Tag, be sure to select an appropriate Boolean operator (i.e., Any or All).
By default, the “Patch Selector” displays patches that are “Within Scope” of the host
asset(s) your job is targeting.

For greater patching efficiency, consider selecting patches that have NOT been
superseded (“isSuperseded:false”) to eliminate older, redundant patches.

Patches that display the symbol will require a reboot.

28
If you attempt to add patches (to an existing job) that are already included, you will
receive a warning message similar to the one below:

Duplicate patches will not be added to a job.


You can run jobs on demand, or you can schedule your jobs to run at a future date and
time.

Schedule jobs to run once, or to recur on a daily, weekly or monthly basis.


You have the option to configure a “Patch Window” (i.e., “Set Duration” option), to run
the deployment job within a specific time frame.

A job will display the “Timed out” status, if the installation does not start within the
specified patch window.
Select the “None” option to give a job as much time as it needs.

29
The Deployment and Reboot Communication Options, allow you to specify the type of
“pop-up” messages end-users will receive, before, during and after job deployment.

The “Deferment” settings provide active end-users the option to postpone the start of a
job and to postpone a system reboot (if required).

If no user is logged-in, patching will begin as scheduled and rebooting will start
immediately following patch deployment.

The option to “Enable opportunistic patch downloads” potentially allows scheduled jobs
to save time by attempting to download patches, prior to job execution.

30
Assets and patches can be added to any job that is “Disabled.”

Assets and patches can be added to a “Recurring” job, both before and after it is
“Enabled.”
Once patch deployment is complete, another patch assessment scan will begin
automatically and the number of missing and installed patches will be updated for the
affected host(s).
Use the “Quick Actions” menu to view the progress of any job.

31
Patch Catalog
The Patch Catalog contains tens of thousands of OS and application patches. Presently
you can add up to 2000 patches to a single job.
Navigate to the following URL to view the “Patch Catalog” tutorial:

Lab 8 - http://ior.ad/7eq0

By default, only the latest (non-superseded) and missing patches are displayed. This is
done to help you focus on the essential patches required by your host assets.

To view ALL patches in the catalog, remove (uncheck) the “Missing” and “Non-
superseded” filter options and then click somewhere outside of the “Filters” drop-down
menu (to refresh the displayed patches).

32
Quickly search for specific groups of patches in the Patch Catalog, using
the faceted search pane on the left.
Search for patches by:
• Application Family
• Vendor
• Category
• Type
• Vendor Severity
• Reboot Requirements
For more sophisticated queries, use Query Tokens and the Qualys
Query Language (QQL) in the “Search” field, at the top of the Catalog.
Any query entered into the “Search” field will be affected by the
current filtering options. Be sure to verify the filter options, prior to
submitting queries.

Type the following query into the “Search” field and press the “Enter” or “Return” key:
downloadMethod:AcquireFromVendor
Patches identified with the “key-shaped” icon, cannot be downloaded by Qualys’ Cloud
Agent.

33
isRollback:true
The “Rollback” patches in the catalog are candidates for an Uninstall Job. Not all
patches can be uninstalled.
Patch jobs can also be created and updated from within the PATCHES section of the
Patch Management application.
For more assessment and patching details, enroll in the “Patch Management Self-Paced
Training” course (qualys.com/learning).

34
Appendix A: Additional VMDR Applications
While this “VMDR Overview” training course focuses on four Qualys applications (i.e.,
AI, VM, TP, and PM), there are more VMDR applications that address and mitigate
vulnerabilities as well as enforce security policies.

Security Configuration Assessment (SCA)


Monitor and assess technical security controls and security-related misconfigurations.
Qualys Scanners and Agents collect the data points needed to perform host compliance
assessments.

Qualys SCA provides over 400 CIS Benchmark Policies for hundreds of OS and
application technologies. All compliance scans are performed using the "Scan by Policy"
option.
Qualys SCA contains a subset of the tools and features found in the Qualys Policy
Compliance application. For more information and details, please see the Qualys Policy
Compliance Self-Paced Training Course (qualys.com/learning).

35
CloudView & Cloud Security Assessment (CSA)
Continuously monitor and assess your PaaS/IaaS resources for misconfigurations and
non-standard deployments.

With Qualys Cloud Connectors and the Qualys CloudView application, you can
enumerate your cloud instances and collect metadata from your AWS, Google Cloud,
and Microsoft Azure accounts:

With Qualys Cloud Security Assessment (CSA) you can leverage “out-of-box” policies to
assess technical controls and identify security-related misconfigurations, for your AWS,
Azure, and Google accounts.

36
Container Security (CS)
The Qualys Container Security application uses the same KnowledgeBase as Qualys VM
and VMDR, to assess and detect vulnerabilities in Docker images and containers.

Qualys Container Sensor downloads as a Docker image and is installed on a Docker host
as a container application, right alongside other container applications.
Presently, there are 3 different types of Container Sensors:
1. A General Sensor will scan images and containers on a single docker host.
2. A Registry Sensor will scan images in public and private Docker registries.
3. A CI/CD Pipeline Sensor (also referred to as a "Build" sensor), scans images
within your DevOps CI/CD pipeline projects, allowing you to identify and correct
vulnerable images, during the build process. Integrations with Jenkins and
Bamboo are presently supported.

37
Another feature in the Qualys Container Security application is Container Runtime
Security, which provides runtime visibility and protection into container applications.
This is achieved by instrumenting images with Qualys Container Security components, to
gather functional and behavioural data about the container’s running processes;
thereby allowing you to create rules and policies that actively block or prevent
unwanted actions or events.

As one example, you could build a policy that prohibits access to sensitive system files,
such as the shadow or passwd files on a Linux host.
The instrumentation process places a few binaries into the image at the security layer.
This application-native instrumentation process provides complete visibility of the
application inside the container. The instrumentation is very lightweight and provides
configurable data collection options with low\no impact on application performance.

38
CertView (CERT)
Qualys CertView provides visibility into certificates and their configurations, across your
network and enterprise architecture (on-premise and cloud-based).
CertView leverages Qualys Scanner Appliances to collect all the certificate, vulnerability
and configuration data required for inventory and analysis, helping you to identify and
prevent expired and expiring certificates from interrupting business functions.

Qualys CertView also provides the ability to enroll or renew certificates to avoid potential
service interruptions.
Certificate Assessment generates certificate instance grades that allow administrators to
quickly assess server SSL/TLS configurations.

Certificate Assessment identifies out-of-policy certificates with weak signatures or key


lengths and shows you how many certificates were issued by Certificate Authorities (CAs)

39
that have been vetted and approved (per your policy) and how many certificates are self-
signed or were issued by CAs that have not been authorized to issue certificates in your
environment.
For more information and details, please see the Qualys Certificate View video series
(https://www.qualys.com/training/library/certview/).

40
Continuous Monitoring (CM)
Get alerts when new threats and unexpected changes to your hosts are detected,
including:
§ New hosts detected within your Qualys subscription.
§ High severity vulnerabilities and vulnerabilities with known exploits detected.
§ New ports and services detected.
§ New or unexpected software applications detected
§ Expiring or vulnerable SSL certificates
§ Remediation tickets that are opened or closed

CM works in tandem with VM/VMDR:


§ Deploy Qualys Scanner Appliances and/or activate the VM module for deployed
Qualys Agents.
§ Schedule frequent or continuous vulnerability scans.
Qualys CM evaluates rules against your most recent vulnerability scans. Alerts are
generated as soon as scan results are processed. Certificate rules are evaluated daily,
and are not based on scans.
For more information and details, please see the Qualys Continuous Monitoring video
series (https://www.qualys.com/training/library/continuous-monitoring/).

41
VMDR for Mobile Devices BETA
Qualys Secure Enterprise Mobility (SEM) provides visibility into your mobile devices by
collecting their inventory and configuration data.

Your company's mobile device inventory is added to the Qualys Global IT Asset
Inventory application, providing you with greater insight into mobile devices that are
managed vs. unmanaged (especially when combined to Qualys Passive Sensor).
Qualys vulnerability and compliance assessments help to keep your mobile devices
hardened and secure. Vulnerability assessment tests are provided for both OS and
applications.
Compliance assessment examples include: passcode not present, encryption status,
unauthorized root access (rooted), etc...
With Qualys SEM, you can perform active device operations, like locking a screen or
locating a missing device.

42

You might also like