FireMon Asset Manager
Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Lumeta helps your Qualys Enterprise server work better by comparing Qualys-subscribed and Qualys-scanned IPs with Lumeta-indexed hosts in the same network space. Qualys receives up-to-the-minute endpoint data from Lumeta at every polling interval, enabling Qualys to saturate a network space with its service, thereby eliminating any and all gaps in coverage and ensuring the comprehensive provision of Qualys Management to Qualys customers.

The Qualys integration also supports Lumeta's new Qualys Management dashboard, which provides device details on IPs managed by Qualys, IPs managed by Lumeta, and IPs managed by both services. 

  1. At your Lumeta Command Center GUI, browse to Settings > Integrations > Other Solutions > Qualys.
    Note:     The Qualys Integration is configured from a Command Center's web interface (GUI) only and not its command-line interface (CLI).
  2. Complete the form as follows:
    1. Toggle the status indicator to On to enable the Qualys integration.
    2. Set the Polling Interval.
      The default value of 24 hours is generally appropriate and can also be adjusted later, if desired.
    3. Enter the name of your Qualys server.
    4. Enter the login credentials to it (i.e., Username and Password).
    5. Set your Auto-Subscribe preference:
      1. Select the Auto-Subscribe option to automatically push Lumeta-indexed endpoints to the subscription pool managed by Qualys. This expands Qualys' subscription pool by incorporating Lumeta-indexed hosts.
      2. Clear the Auto-Subscribe option to do two things:
        1. Create an asset group on Qualys that represents hosts that are both Lumeta-indexed AND Qualys-subscribed, yet are not in the Qualys Scan group.
        2. Push to diff–that is hosts not in the Qualys Scan group yet are represented in BOTH Lumeta-indexed and Qualys-subscribed to the Qualys server.
    6. Click Submit to save the configuration.

Once you have done so, Lumeta-indexed devices that Qualys doesn't know about are incorporated to Qualys Managed and Subscription management services. At each polling interval, the integration is run and a refresh of endpoint data is pushed to the Qualys server.

Here's how it works:

    1. At every polling interval, Lumeta retrieves a list of Scanned/Managed hosts (yellow) and a list of Subscribed hosts (red) from Qualys. This information populates two tables on Lumeta (i.e., qualys_scanned_ips table and qualys_subscribed_ips table) and ultimately feeds the Qualys Management dashboard on Lumeta.

       Legend
      		Blue - Lumeta-Indexed IPs
      		Red - Qualys-Subcribed IPs
      		Yellow - Qualys-Scanned/Managed IPs
      		Note: Qualys-Scanned/Managed hosts (yellow) are always a subset of Qualys-Subscribed hosts (red).



      1. At the first polling interval, Lumeta creates an asset group container on the Qualys server called LUMETA_Spectre_DISCOVERED.

      2. Lumeta checks and refreshes the contents of the LUMETA_Spectre_DISCOVERED asset group at every subsequent polling interval. Note:  This is different from IPsonar, where a new asset group is created each time a report is generated.
         
      3. Lumeta ingests all of the IPs on LUMETA_Spectre_DISCOVERED to the qualys_scanned_ips table on Lumeta.



      4.  Lumeta ingests all Subscribed IPs from Qualys' server to Lumeta's qualys_subscribed_ips table.

  2. Additionally, when an Lumeta user enables Auto-Subscribe (i.e., Settings > Integrations > Qualys > Auto-Subscribe), several events happen:


    1. First, Lumeta-Indexed hosts (blue) not present in Qualys' Subscribed list (red) are added to Qualys' Subscribed list (red).


    2. Lumeta then identifies hosts in the Qualys Subscribed list (red) that are not in the Qualys Managed list (yellow) and pushes those to the LUMETA_Spectre_DISCOVERED asset list on Qualys.



  3. When an Lumeta user disables Auto-Subscribe, IPs that are common to both Lumeta-Indexed and Qualys-Subscribed but are not in Qualys-Managed are added to LUMETA_Spectre_DISCOVERED.

  4. Widgets on Lumeta's Qualys Management dashboard are populated using a combination of IPs indexed by Lumeta and IPs from the qualys_scanned_ips table and the qualys_subscribed_ips table, as follows:

    Widget LabelDescriptionImage
    IPs Unmanaged by Qualys

    IPs indexed by Lumeta yet unmanaged by Qualys

    (aka Lumeta-Indexed - Qualys-Subscribed table on Lumeta)

    IPs Unmanaged by LumetaIPs managed by Qualys yet not indexed by Lumeta
    (aka Qualys-Scanned/Managed table on Lumeta - Lumeta-Indexed)
    Qualys and Lumeta Managed IPsIPs both indexed by Lumeta and in Qualys managed list
    (aka Intersection of Lumeta-Indexed and Qualys-Scanned/Managed table on Lumeta)


  • No labels