QGIR: QualysGuard Integration with Reporting

Document created by Parag Baxi on Jan 14, 2013Last modified by Parag Baxi on Dec 3, 2013
Version 10Show Document
  • View in full screen mode

Note: This is unsupported and only a proof of concept. It is also customized to a specific non-standard configuration of JIRA. Much customization is required to leverage this open source script..

 

This script automates the workflow to integrate QualysGuard with JIRA and Google Docs for reporting and for asset group synchronization.

 

Code: On Github: https://github.com/paragbaxi/QualysGuard-QGIR

Background: Powerpoint attached.

 

The challenge has always been how to address vulnerabilities in hundreds of offices — which will be a daunting task initially, given that this has never been done before — in a truly comprehensive way that keeps us organized, makes it as simple as possible and provides valuable results and metrics for all of us and senior management.

 

Screen Shot 2013-05-10 at 2.23.58 PM.png

 

We decided to concentrate on optimizing the last half of the Remediation Workflow cycle (in red) shown above.

 

For QGIR, the above illustration translates to the following sequence:

 

  1. QGIR creates a QGIR ticket in Reporting with a list of affected hosts attached.
  2. IT Director patches (or otherwise fixes) the vulnerability in each affected host from the QGIR ticket.
  3. IT Director marks QGIR ticket resolved.
  4. QGIR verifies each affected host from the QGIR ticket has, in fact, been resolved.
  5. Based on the previous step, QGIR does one of two things:
    1. If a listed host is still found vulnerable, QGIR reopens the QGIR ticket.  QGIR will attach a separate csv file listing the remaining original hosts that are still vulnerable.
    2. No originally listed hosts are still vulnerable, so QGIR closes the QGIR ticket.
1 person found this helpful

Outcomes