Qualys Custom Assessment and Remediation (CAR) lets you leverage your same Qualys Cloud Agent for custom detection and remediation measures. Yes, the same agent you rely on for VMDR, Patch Management, Policy Compliance, EDR, or FIM can now be used for custom detection and response activities, empowering you to create your own logic for your unique security needs.
Every organization has specific requirements, such as version detection for custom software, or simply uninstalling it from all endpoints, checking permissions and ownership rights for custom files, or restricting permissions, or perhaps detection and mitigation of a zero-day vulnerability. Also, searching for Active Directory accounts with vulnerable password hashes, or disabling these user accounts. The use cases could be endless, but if you have the right script, CAR is your solution.
But creating a script needs time! No problem, Qualys can help.
Qualys has introduced Script Library for CAR, which is a centralized repository or collection of pre-defined scripts that can be leveraged to enhance security measures and maintain compliance with industry standards and regulations.
This Script Library was developed by our team of research analysts to address diverse use cases. The primary intention behind implementing a Script Library is to reduce the time and effort required by end-users or administrators to handle security-related tasks and challenges, especially in the context of zero-day detection and mitigation. By providing a curated collection of pre-written scripts, the library empowers security teams to directly perform operations, eliminating the dependency on IT teams while also accelerating response times.
What’s inside our comprehensive library – a closer look!
The Script Library contains use case-based scripts written in PowerShell, Shell, Python, Lua, or Perl, and covers a wide range of dynamic categories such as QID without Patch, CIS Remediation, Active Directory Security, Remediation, Forensic Analysis, and more. The list is dynamic and will keep on growing as our research team continuously adds more scripts based on evolving needs and emerging trends, and most importantly – your feedback.
How to use this Script Library
It’s simple to use!
Filter the scripts based on category, such as ‘Data Collection,’ and then import them.
You can customize the imported script if needed, assign the assets or asset tags, and execute it on-demand or scheduled. Qualys CAR incorporates robust role-based access control, ensuring only authorized users can import scripts from the CAR Library and execute them, while providing a secure environment for managing and utilizing script resources.
Content enrichment: Script additions and enhancements in our Library
Library content enrichment is our primary target and that’s the reason this Library is independent of product release cycle. We all know that detection measures keep on changing with new findings or product enhancements, so to address these scenarios, the Qualys CAR Library is dynamic in nature. We will update new versions of the scripts as needed, and you’ll only need to import and execute them.
Rich Public APIs
Qualys CAR comes with API support. You can generate reports via APIs, and ingest the data into your Security Information and Event Management (SIEM) solutions to generate incidents, all within a single solution.
What’s coming up?
Qualys CAR integration with VMDR – which will allow you to create custom QIDs in CAR and will act as any other QID under VMDR, basically allowing you to flag your QIDs based on custom conditions to improve the overall security posture of your assets.
Qualys CAR integrates with Policy Compliance (PC). You can create script-based user-defined controls in PC, and these controls are evaluated for pass or failed conditions based on script output.
Review the new Library
Start a free trial and check out the new library and its content. Share with us what you would like to see in this library. https://www.qualys.com/forms/custom-assessment-remediation/
- Mohd Anas Khan, Compliance Research Analyst, Qualys
- Mukesh Choudhary, Compliance Research Analyst, Qualys