Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Spectre helps your Qualys Enterprise server work better by comparing Qualys-subscribed and Qualys-scanned IPs with Spectre-indexed hosts in the same network space. Qualys receives up-to-the-minute endpoint data from Spectre at every polling interval, enabling Qualys to saturate a network space with its service, thereby eliminating any and all gaps in coverage and ensuring the comprehensive provision of Qualys Management to Qualys customers.

The Qualys integration also supports Spectre's new Qualys Management dashboard, which provides device details on IPs managed by Qualys, IPs managed by Spectre, and IPs managed by both services. 

  1. At your Spectre Command Center GUI, browse to Settings > Integrations > Other Solutions > Qualys.
    Note:
    The Qualys Integration is configured from a Command Center's web interface (GUI) only and not its command-line interface (CLI).
  2. Complete the form as follows:
    1. Toggle the status indicator to On to enable the Qualys integration.
    2. Set the Polling Interval.
      The default value of 24 hours is generally appropriate and can also be adjusted later, if desired.
    3. Enter the name of your Qualys server.
    4. Enter the login credentials to it (i.e., Username and Password).
    5. Set your Auto-Subscribe preference:
      1. Select the Auto-Subscribe option to automatically push Spectre-indexed endpoints to the subscription pool managed by Qualys. This expands Qualys' subscription pool by incorporating Spectre-indexed hosts.
      2. Clear the Auto-Subscribe option to do two things:
        1. Create an asset group on Qualys that represents hosts that are both Spectre-indexed AND Qualys-subscribed, yet are not in the Qualys Scan group.
        2. Push to diff–that is hosts not in the Qualys Scan group yet are represented in BOTH Spectre-indexed and Qualys-subscribed to the Qualys server.
    6. Click Submit to save the configuration.

Once you have done so, Spectre-indexed devices that Qualys doesn't know about are incorporated to Qualys Managed and Subscription management services. At each polling interval, the integration is run and a refresh of endpoint data is pushed to the Qualys server.

Here's how it works:

    1. At every polling interval, Spectre retrieves a list of Scanned/Managed hosts (yellow) and a list of Subscribed hosts (red) from Qualys. This information populates two tables on Spectre (i.e., qualys_scanned_ips table and qualys_subscribed_ips table) and ultimately feeds the Qualys Management dashboard on Spectre.

       Legend
      Blue - Spectre-Indexed IPs
      Red - Qualys-Subcribed IPs
      Yellow - Qualys-Scanned/Managed IPs
      Note: Qualys-Scanned/Managed hosts (yellow) are always a subset of Qualys-Subscribed hosts (red).



      1. At the first polling interval, Spectre creates an asset group container on the Qualys server called LUMETA_Spectre_DISCOVERED.

      2. Spectre checks and refreshes the contents of the LUMETA_Spectre_DISCOVERED asset group at every subsequent polling interval. Note:  This is different from IPsonar, where a new asset group is created each time a report is generated.
         
      3. Spectre ingests all of the IPs on LUMETA_Spectre_DISCOVERED to the qualys_scanned_ips table on Spectre.



      4.  Spectre ingests all Subscribed IPs from Qualys' server to Spectre's qualys_subscribed_ips table.

  1. Additionally, when an Spectre user enables Auto-Subscribe (i.e., Settings > Integrations > Qualys > Auto-Subscribe), several events happen:


    1. First, Spectre-Indexed hosts (blue) not present in Qualys' Subscribed list (red) are added to Qualys' Subscribed list (red).


    2. Spectre then identifies hosts in the Qualys Subscribed list (red) that are not in the Qualys Managed list (yellow) and pushes those to the LUMETA_Spectre_DISCOVERED asset list on Qualys.



  2. When an Spectre user disables Auto-Subscribe, IPs that are common to both Spectre-Indexed and Qualys-Subscribed but are not in Qualys-Managed are added to LUMETA_Spectre_DISCOVERED.
  3. Widgets on Spectre's Qualys Management dashboard are populated using a combination of IPs indexed by Spectre and IPs from the qualys_scanned_ips table and the qualys_subscribed_ips table, as follows:

    Widget LabelDescriptionImage
    IPs Unmanaged by Qualys

    IPs indexed by Spectre yet unmanaged by Qualys

    (aka Spectre-Indexed - Qualys-Subscribed table on Spectre)

    IPs Unmanaged by SpectreIPs managed by Qualys yet not indexed by Spectre
    (aka Qualys-Scanned/Managed table on Spectre - Spectre-Indexed)
    Qualys and Spectre Managed IPsIPs both indexed by Spectre and in Qualys managed list
    (aka Intersection of Spectre-Indexed and Qualys-Scanned/Managed table on Spectre)


  • No labels