Qualys asset groups can now be created per zone such that the data push from Lumeta to Qualys is grouped by zone rather than arriving in one single group, which is still the default behavior. User can select assets from specific zones to push to Qualys.
Users can opt to selectively push data to Qualys' Lumeta Asset Group by:
- Mapping zones using Qualys Network IDs,
- Selecting the "Asset Mapping by Zone" option, and
- Selecting the Lumeta Zones whose assets you want transferred to Qualys
See Qualys Integration Enhancement for more.
- Network ID from Qualys isused to map zones
- If user does not configure a network ID in Qualys and uses option to use network mapping, no assets will be pushed to Qualys
- Asset group will be named by zone. If zone name is ZoneX, asset group Lumeta_ZoneX will be created in Qualys
- Each time a zone is added, user must go to Qualys integration page and add mapping for that zone
- Zone can only be mapped to one network ID
- User must set credentials and server information for this integration before selecting option 'Asset mapping by zone'. This will enable Lumeta to retrieve list of network IDs.
- Each time integration page is loaded and Asset mapping by zone is enabled, list of network IDs will be retrieved from Qualys
- If a zone name gets updated after mapping, this zone would appear in list of zones with empty network ID. User will need to add mapping or else, this zone will not be pushed to Qualys. Asset group that was created prior (with old zone name) will still stay in Qualys
- user can create the asset group by zone by enabling option 'Asset mapping by zone' and selecting zones they would like Spectre to push to Qualys
A checkbox will be provided to give user option to map assets by zone. If this checkbox is not checked, user is not using mapping and Spectre would fall back to old behavior (all devices will be pushed to one asset group)
- Get a list of Qualys Network IDs (API - curl call -
curl --insecure -v -u"fremn2mh:o39dYnuBog" -H "Content-Type:text/csv" -H "X-Requested-With:LumetaIPsonarIntegration" "https://qualysguard.qg2.apps.qualys.com/api/2.0/fo/network/?action=list" )
- Add user interface to display
- list of existing zones
- list of network IDs that were retrieved from Qualys
- allow user to map zone to one network ID
- allow user to save mapping when user click on Submit button.
- a check box ("Asset mapping by zone") that user can use to enable or disable mapping feature.
- Add enhancement to existing logic to push all devices into Qualys asset group as mentioned below
- Check if 'enable network mapping' is selected
- If 'enable network mapping' is not selected
- Continue with default processing (pushing all devices into one Qualys asset group)
- If 'enable network mapping' is selected
- Retrieve zone to network ID mapping
- For the zones that contain this mapping
- Identify a difference between list of assets for that zone vs assets received from Qualys (There is no change in logic that identifies this diff keeping auto subscribe in mind except it would perform this diff for a particular zone instead of across all the zones)
- Create asset group by zone. Asset group naming convention: Spectre_<Zone name>
- push difference to above asset group
Below table describes behavior surrounding asset mapping
|Asset mapping by zone is checked and zone2 and zone4 are enabled||Two asset groups Spectre_Zone2 and Spectre_Zone4 will be created in Qualys and appropriate devices (within those zones) will be pushed to those groups.|
|Asset mapping by zone is checked and no zones are enabled||No asset group will be created in Qualys and nothing will be pushed to Qualys|
|Asset mapping by zone is checked and a networkID is selected for Zone3 and enabled checkbox for Zone3 is also checked||Asset group Spectre_Zone3 will be created in Qualys and appropriate devices (within that zone) will be pushed to this group|
|Asset mapping by zone is not checked||Default asset group will be pushed to Qualys and all candidate devices (from all zones) will be pushed to this group.|