Dashboard Toolbox - AssetView: Open Ports Management & RTI (v1.0)

Document created by Felix Jimenez Employee on Oct 8, 2018Last modified by Felix Jimenez Employee on Oct 13, 2018
Version 20Show Document
  • View in full screen mode

fjimenez This page contains information to create a Scorecard dashboard leveraging the AssetView interface and the data in your Qualys Vulnerability Management subscription.  

This dashboard is part of AssetView Dashboard Program, if you have any questions regarding the content, please comment below or Contact Support - Technical Assistance Inquiry Form | Qualys, Inc.                                                                                                              

                         

This AssetView Dashboard will enable you to be more pro-active in your Open Ports Management.

Get a quick easy glance to KPIs for Open Ports.

 

Data packets travel to and from numbered network ports associated with particular IP addresses and endpoints, using the TCP or UDP transport layer protocols.

All ports are potentially at risk of attack, because no port is natively secure. Each port and underlying service has its risks. The risk comes from the version of the service,

whether someone has configured it correctly, and, if there are passwords for the service, whether these are strong?

There are many more factors that determine whether a port or service is safe.

 

What makes these ports risky?

Total of 65,535 TCP ports and another 65,535 UDP ports!

TCP and UDP port protocols are used by protocols of the application layer,

 of the Internet protocol suite for the establishment of host-to-host connectivity. 

Port numbers are assigned in various ways, based on three ranges: 

System Ports (0-1023)

User Ports (1024-49151)
Dynamic and/or Private Ports (49152-65535) (ephemeral ports)

See [RFC6335] for more info

 

Dashboard Demonstration Images:

*The Pre-built Dashboard JSON file can be found attached below ready for download & import into your Qualys subscription*

 

 

* * * Requirements * * *

The Dashboard requires the following Tags to be created for each as shown below,

and named exactly the same for the "Commonly Hacked Ports" Widget to work without any edits. 

The following Widgets Require ThreatProtection to be Purchased or in Trial mode:  

1. Vuln by Ports Protocol - Severity 1 - 5

2. Ports Protocol - RTI - DOS

3. Ports Protocol - RTI - Public Exploit

4. Ports Protocol - RTI - ZeroDay

5. Ports Protocol - RTI - Malware

6. Ports Protocol - RTI - High Data Loss

 

Example of Tags & Widget Structure:

 

 

How to Enable Trending on the widgets:

Open the desired widget in edit mode and select the Collect trend data check box.

 

 

 

API Guide  - Evaluate Tag: 

Asset Mgmt and Tagging v2 API

See Page:  31

* * * Re-Evaluate the Tags as needed * * *

Evaluate all tags that have OPEN_PORTS tag rules.

API Request:  **Note the POD API url & the file.xml needs to be created**

POD 1: curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qualys.com/qps/rest/2.0/evaluate/am/tag" < file.xml

POD 2: curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qg2.apps.qualys.com/qps/rest/2.0/evaluate/am/tag< file.xml

POD 3: curl -u "USERNAME:PASSWORD" -H "content-type: text/xml" -X "POST" --data-binary @- "https://qualysapi.qg3.apps.qualys.com/qps/rest/2.0/evaluate/am/tag< file.xml

Request POST data:   file.xml
<?xml version="1.0" encoding="UTF-8" ?>
<ServiceRequest>
<filters>
<Criteria field="ruleType"
operator="EQUALS">OPEN_PORTS</Criteria>
</filters>
</ServiceRequest>

 

 

 

 

Qualys - Training Videos:

Self-Paced Class: Vulnerability Management Asset Tags

Self-Paced Class: AssetView and Threat Protection

AssetView Dashboards

 

Help Link:

POD - 1 - Apply Tags to Organize Your Assets

POD - 2 - Apply Tags to Organize Your Assets

POD - 3 - Apply Tags to Organize Your Assets

 

 

 

More to Come ... 

References: 

Looking for additional Qualys Documentation use the Resource link in the Qualys Portal (Help > Resources)

 

Related community Post:

 

Additional AssetView Dashboards: performance_mgmt

Dashboard Toolbox - Asset View: How To - Importing Dashboard json 

- - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - - - - - - - - - - - - - - - - - - - - - 

Dashboard Toolbox - AssetView: Performance Management (v1.0)
Dashboard Toolbox - AssetView: Host Scan Time Management (v1.0) 
Dashboard Toolbox - AssetView: Scanning Activity Management (v1.0)

Dashboard Toolbox - AssetView: EOL/Obsolete Software & RTI MGMT (v1.0)

Dashboard Toolbox - AssetView: Windows Authentication Management (v1.0) 

 

External References: 

List of TCP/IP Ports 

Ephemeral port - Wikipedia 

List of TCP and UDP port numbers - Wikipedia 

Service Name and Transport Protocol Port Number Registry - iana.org

TCP/IP Ports 

Trojan TCP/IP Ports 

https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

RFC 6335 - Internet Assigned Numbers Authority (IANA) Procedures for the Management 

 

Back to Dashboarding and Reporting 

1 person found this helpful

Outcomes