McAfee IntruShield / QualysGuard Integration

File uploaded by Eric Perraudeau Employee on Feb 18, 2011
Version 1Show Document
  • View in full screen mode

Overview

 

Many QualysGuard® customers that have IPS devices would like to reduce the number of events they need to review by prioritizing them and reducing false positives. Integrating and correlating vulnerability data with IPS events provides environmental context for perceived attacks and helps customers to understand the risk of an event.

 

Vulnerability data can provide host information such as OS data that may promote an overall reduction in false positives by defining host relevance for the perceived attack and using common vulnerability exposure references (CVE).

 

As of June 10, 2007, McAfee has provided a DTD that defines the format of XML that can be imported from vulnerability assessment tools. The scope of this integration is to provide an XSLT that creates a mapping between XML produced via QulaysGuard API calls (please refer to the QualysGuard API User Guides at http://www.qualys.com/api) and the acceptable format for import of this data into the McAfee Intercept IPS as specified in their document VulnerablityScannerReportIntegration.pdf.

 

[... rest of the document in the attached PDF file]

Outcomes