Back to qualys.com
64 posts

Integrating Qualys Data with RSA Archer

Is your organization using RSA Archer to manage your governance, risk and compliance program? Would you like to integrate vulnerability and configuration data from Qualys? RSA Archer integrates with both Qualys Vulnerability Management (VM) through the Qualys XML APIs.

Why RSA Archer?

RSA Archer is the leading enterprise governance, risk and compliance (GRC) solution. Qualys, Inc. is the leading provider of on-demand IT security risk and compliance management solutions — delivered as a service. Since Qualys and RSA Archer have a large number of joint customers, it was logical to integrate our solutions, allowing customers to maximize their investment in both solutions.

Vulnerability Management

Using the Qualys VM scanning infrastructure, vulnerability data can be collected for all enterprise assets in an automated and accurate manner. This integration automatically updates RSA Archer with asset vulnerability data to be used in remediation efforts.

RSA Archer’s integration leverages the Qualys XML API frameworks.

Integration Details

For full integration details with RSA Archer, please see Qualys / RSA Archer integration.

Filtering Frameworks within Policy Compliance

Do you ever want to see the control mappings in a report without doubling or tripling the size of the report? What about excluding certain control mappings from the control API to limit data exported? With the release of QualysGuard 6.17, users can now filter the frameworks at the subscription and/or report level within Policy Compliance.

The Need for Framework Filtering

The current control knowledgebase includes over 6,700 configuration checks mapped to dozens of frameworks, including the Center for Internet Security (CIS) benchmarks, the Control Objectives for Information and related Technology (CObIT) 4.0 and 4.1, the Health Insurance Portability and Accountability Act (HIPAA), etc.  These extensive mappings create a large number on control/mapping pairs available in the subscription.  For the majority of organizations that require only a subset of this data, the current data is too large to consume.

Filtering Frameworks with Policy Compliance

In order to limit the number of control/mapping pairs, QualysGuard 6.17 introduces the capability to limit which frameworks are displayed in the subscription and/or reports.  Each filter is described in detail below:

Subscription Filter

A subscription level filter will reduce the number of frameworks available for view in the subscription, which includes control search, reports, and the control API. Applying this filter will not filter the Controls knowledgebase, just the framework mappings visible in the subscription.

All available frameworks are enabled by default in the subscription. Change which frameworks are visible by selecting Setup/Frameworks… from the menu. Once the frameworks have been filtered, the following areas of the subscription will be affected:

  1. The Control API will limit the framework mappings in the output when the parameter “details=All” is set.
  2. The Search dialog within the Controls knowledgebase will limit the framework mappings based on the subscription settings.
  3. The Report Templates will limit the framework mappings based on the subscription settings if the Glossary or External Mappings sections are selected.

Report Template Filter

Frameworks are filtered in reports based on the subscription settings, but this feature also allows additional filtering in reports. The report level filter will reduce the number of frameworks available in the reports only.

All available frameworks in the subscription are enabled by default in reports. Change which frameworks are visible by selecting the new tab, Frameworks, in the report template.  Once the frameworks have been filtered, reports using this template will only show the selected frameworks in the Glossary or External Mappings sections, if selected.

Demo and Technical Paper

To see a demo of these steps, please view the Filter Framework Demo.

For full technical details on Filter Frameworks, please download the QualysGuard Tips and Techniques, Filter Frameworks Document.

Notifying Users of New Controls

Ever wonder when new controls are published for Policy Compliance?  You’re not alone.  With the rapid increase in Policy Compliance Control IDs (CIDs) over the past year, many customers wanted a more proactive notification of new content.  We have heard you loud and clear.  With the release of QualysGuard 6.16, users can now receive weekly or monthly email notifications for new and modified CIDs within Policy Compliance.

Setting Up Control Notification

Control Notification is not enabled by default. To receive email notifications for new and modified CIDs, perform the following steps:

  1. From the Tools section, select User Accounts
  2. Edit the User Account that wants to receive Control Notifications
  3. Click on Advanced
  4. Under Notification Options, select Weekly or Monthly for Latest Controls

Notification Options

Figure 1: Edit User: Latest Controls Notification

Receiving Control Notifications

After enabling Control Notifications, the user will receive an email summarizing the new and modified CIDs for Policy Compliance.

Control Notification Email

Figure 2: Control Notification: Email

In addition, a .CSV file is attached to the email with additional information.

Control Notification CSV

Figure 3: Control Notification: .CSV File

Demo

To see a demo of these steps, please view the Control Notification Demo.

Making Passwords More Secure

Even after you implement policy compliance checks to enforce best practices for strong passwords, your users can still create insecure passwords. They may not be able to create passwords with eight or fewer characters or with only alphabetical characters. But as long as their passwords conform to the policies you implement, your users can create passwords that match their user name or company name. And those passwords are among the easiest to guess.

To prevent this type of password vulnerability, your policy compliance scans need to check the actual passwords of your users, not just the rules governing the passwords they can create. Three of these password auditing checks are now available in QualysGuard 6.15 Update:

  1. CID 3893Empty passwords
    This control identifies user accounts with empty passwords.
  2. CID 3894 – Password matches user name
    This control identifies passwords that match the actual user name or the user name in upper- or lower-case.
  3. CID 3895 – Password matches an entry in the password dictionary
    This control identifies user accounts where the password is equal to an entry in the user-defined password dictionary.

To access your passwords, the scanning engine uses a dissolvable agent on Windows systems to collect user password information from target hosts. The dissolvable agent securely sends the passwords to the scanner for analysis and securely erases its copy of passwords after it completes the tests.

Using Password Auditing

Enable Password Auditing

Password Auditing is not enabled in compliance scans by default. To use this feature, create or edit a compliance profile with the following settin:

  1. Enable Password Auditing controls

    Password Auditing - Compliance Profile
    Figure 1: Compliance Profile : Enable Password Auditing

  2. Accept the dissolvable agent

    Password Auditing - MLDA
    Figure 2: Compliance Profile : Accept Dissolvable Agent

  3. Configure a password dictionary.

    Password Auditing - Custom Dictionary
    Figure 3: Compliance Profile : Configure Custom Dictionary

Run Compliance Scan

Launch or schedule a compliance scan on the hosts that you want to scan for password auditing controls. Select a compliance profile with Password Auditing enabled, and optionally a password dictionary defined.

Add Password Auditing Controls to Policy

Add the three new password auditing controls (Control IDs 3893, 3894 and 3895) to a new or existing compliance policy. These controls are supported for Windows and Unix technologies.

Run Compliance Report

Generate compliance reports to compare the data gathered on your hosts during your compliance scan to the expected values defined in your compliance policy. Each user account that violates a Password Auditing control appears in the Actual field of your report.

Password-Auditing-Report-2

Figure 4: Compliance Report with Password Auditing controls

Demo and Technical Paper

To see a demo of these steps, please view the Password Auditing Demo.

For full technical details on Password Auditing, please download the QualysGuard Tips and Techniques, Policy Compliance: Password Auditing Document.