Last updated on: September 6, 2020
Earlier today I gave a presentation at RSA Conference 2014 in San Francisco about the 20 Critical Security Controls (CSC) and some ideas on how to implement them using QualysGuard. The document for the 20 CSC provides a number of suggestions for each control, called Quick Wins that point out aspects of the controls that are relatively easy to implement. One example is the detection of new machines, or how to report on machines that do not run an approved version of the operating system.
The presentation looks at how QualysGuard data can be used to answer these questions. We show how a script can access the QualysGuard API to pull down data and populate a database in a format that is then easily used to output the relevant reports. In our example we use Splunk as the database, mainly for its ease to treat time-based data, its intuitive query language and built-in reporting, alerting and graphing capabilities.
Attach please find the presentation. I would be very interested in hearing from you, especially if you have used solutions such as Splunk to enhance your reporting.