Qualys asset groups can now be created per zone such that the data push from Lumeta to Qualys is grouped by zone rather than arriving in one single group, which is still the default behavior. User can select assets from specific zones to push to Qualys.
- Network ID from Qualys isused to map zones
- If user does not configure a network ID in Qualys and uses option to use network mapping, no assets will be pushed to Qualys
- Asset group will be named by zone. If zone name is ZoneX, asset group Lumeta_ZoneX will be created in Qualys
- Each time a zone is added, user must go to Qualys integration page and add mapping for that zone
- Zone can only be mapped to one network ID
- User must set credentials and server information for this integration before selecting option 'Asset mapping by zone'. This will enable Lumeta to retrieve list of network IDs.
- Each time integration page is loaded and Asset mapping by zone is enabled, list of network IDs will be retrieved from Qualys
- If a zone name gets updated after mapping, this zone would appear in list of zones with empty network ID. User will need to add mapping or else, this zone will not be pushed to Qualys. Asset group that was created prior (with old zone name) will still stay in Qualys
- user can create the asset group by zone by enabling option 'Asset mapping by zone' and selecting zones they would like Spectre to push to Qualys
A checkbox will be provided to give user option to map assets by zone. If this checkbox is not checked, user is not using mapping and Spectre would fall back to old behavior (all devices will be pushed to one asset group)
- Get a list of Qualys Network IDs (API - curl call -
curl --insecure -v -u"fremn2mh:o39dYnuBog" -H "Content-Type:text/csv" -H "X-Requested-With:LumetaIPsonarIntegration" "https://qualysguard.qg2.apps.qualys.com/api/2.0/fo/network/?action=list" )
- Add user interface to display
- list of existing zones
- list of network IDs that were retrieved from Qualys
- allow user to map zone to one network ID
- allow user to save mapping when user click on Submit button.
- a check box ("Asset mapping by zone") that user can use to enable or disable mapping feature.
- Add enhancement to existing logic to push all devices into Qualys asset group as mentioned below
- Check if 'enable network mapping' is selected
- If 'enable network mapping' is not selected
- Continue with default processing (pushing all devices into one Qualys asset group)
- If 'enable network mapping' is selected
- Retrieve zone to network ID mapping
- For the zones that contain this mapping
- Identify a difference between list of assets for that zone vs assets received from Qualys (There is no change in logic that identifies this diff keeping auto subscribe in mind except it would perform this diff for a particular zone instead of across all the zones)
- Create asset group by zone. Asset group naming convention: Spectre_<Zone name>
- push difference to above asset group
A Table where first column shows list of existing zones. Second column would be a drop down of available Network IDs as well as empty value. Empty value will be displayed either on initial setup when no mapping exists Or when network ID that is mapped does not exist. On initial set up, no data will be displayed on second column. Third column would be a checkbox , if the network Id is selected the ‘Enabled’ checkbox should checked automatically. If network Id is not selected and the user want to create asset group without network ID selection , just checked the “Enabled” check box it will create the asset group with zone name in qualys server User will need to select network ID for all the zones they want to create mapping and click Submit button to Save it. After initial setup, second column would be populated with mapped network ID. If user wants to delete a mapping, they will need to uncheck the “Enabled” column and click the Submit button.
Below table describes behavior surrounding asset mapping
|Asset mapping by zone is checked and zone2 and zone4 are enabled||Two asset groups Spectre_Zone2 and Spectre_Zone4 will be created in Qualys and appropriate devices (within those zones) will be pushed to those groups.|
|Asset mapping by zone is checked and no zones are enabled||No asset group will be created in Qualys and nothing will be pushed to Qualys|
|Asset mapping by zone is checked and a networkID is selected for Zone3 and enabled checkbox for Zone3 is also checked||Asset group Spectre_Zone3 will be created in Qualys and appropriate devices (within that zone) will be pushed to this group|
|Asset mapping by zone is not checked||Default asset group will be pushed to Qualys and all candidate devices (from all zones) will be pushed to this group.|
UI calls that would need to be added
- call saved query to retrieve list of available Spectre zones
- call rest api to retrieve a list of Qualys network IDs
- call API to retrieve existing zone to network ID mapping
API support needed
- If a zone name gets updated after mapping, what would happen? - This zone would appear in list of zones with empty network ID. User will need to add mapping or else, this zone will not be pushed to Qualys. Talked to Ed. If a zone name gets updated, user will need to go to integrations page and map this renamed zone. Asset group that was created prior (with old zone name) will still stay in Qualys
- If other customers do not want this feature, how do we toggle it? Do we need a checkbox to denote if mapping needs to be used? Or if there is no mapping defined, we fall back to current behavior.