Qualys integration with AWS Security Hub

Document created by Hari Srinivasan Employee on Dec 19, 2018Last modified by Robert Dell'Immagine on Dec 28, 2018
Version 5Show Document
  • View in full screen mode

Introduction

Customers can now access Qualys vulnerability and policy compliance findings in the Amazon Web Services (AWS) Security Hub. This will help them prioritize risks and automate remediation using native services such as AWS Lambda.

 

AWS Security Hub provides users with a comprehensive view of their high-priority security alerts and compliance status across their AWS accounts. It aggregates organizes and prioritizes alerts and findings from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie as well as from other AWS Partner Network (APN) security solutions. The findings are then visually summarized on integrated dashboards with actionable graphs and tables.

 

Vulnerability and configuration assessments are key to any security program. By natively integrating findings from Qualys Vulnerability Management, Policy Compliance and Cloud Security Assessment apps within AWS Security Hub, customers will get real-time, up-to-date visibility into their security and compliance posture, directly in the AWS console. These insights gained by the correlation of Qualys information with other data in AWS Security Hub allow customers to quickly detect risks in their AWS environments and take rapid, automated remedial actions.

 

Qualys Security Solutions Integration with AWS Security Hub

Currently, the integration supports Qualys Vulnerability Management (VM). Vulnerabilities detected via the Qualys network scanners or Cloud Agents on the EC2 instances are sent to AWS Security Hub as 'findings'[1].

 

Within AWS Security Hub, the findings from Qualys are grouped into Insights. Qualys provides a set of pre-packaged insight cards. Users can drill down into these insights to identify the list of affected assets and subsequently to see vulnerability details.

 

Qualys Insight cards are available within the Insights tab. Qualys insights for vulnerabilities includes AMIs with a high number of vulnerabilities, instances with critical vulnerabilities, instances with exploitable vulnerabilities, and instances with missing patches.

 

Qualys Insight: AMIs with highest number of vulnerabilities 

        Pic-1: Qualys Vulnerability Insights - "AMI with Highest Number of Vulnerabilities"

 

Users can use the insight to go to the source and repair the AMI that is introducing the greatest number of vulnerabilities. Fix the AMI and impact all instances launched from the AMI.

 

         Pic-2: Qualys Vulnerability Insights - "Instances with exploitable vulnerabilities"

 

Drill down into the insights to find the instance list.

 

Pic-3: Insight Results - Instance list for the insight.

 

Drill down into an instance to see the findings and the details of the vulnerability found.

 

Pic-4: Investigate- Qualys Vulnerability Findings.

Navigate back to Qualys' console from the 'Source URL' link to get more details about the vulnerability.

 

How to get started

Users can configure Qualys to send findings individually for every AWS account they have configured to be connected via the cloud connector in Qualys.

 

  1. Subscribe to Qualys Insights in AWS Security Hub
    Enable the required product from the products listed in AWS Security Hub under the Providers tab in Settings


  2. Complete the subscription within your Qualys subscription
    Currently, you can complete the configuration by contacting Qualys Support.
    Contact Support - Technical Assistance Inquiry
    Please provide: 
    1. Qualys Login Id
    2. Qualys Platform or POD you are hosted on
    3. AWS account id(s) to enable for this integration (you need to have the AWS Connector configured in Qualys)

       

      Soon there will be support directly from within your Qualys portal, so usres can either use the REST API or the UI to complete the subscribing AWS accounts to integrate with AWS Security Hub.

 

FAQ

  1. What Qualys products are integrated with Security Hub?

     

    1. Vulnerability Management - Complete, available

    2. Policy Compliance -  In Progress

    3. Cloud Security Assessment - In Progress

  2. Is there a licensing cost associated with this?

             There are no additional costs for Qualys to send these findings to AWS Security Hub.

    However, AWS Security Hub might have charges for findings. Refer to AWS Security Hub for its pricing details.
  3. Who do I contact if there are issues with the data seen in AWS Security Hub?
    For any Security Hub issues contact AWS support. For data issues or configuration issues within Qualys, please contact the Qualys support team.

  4. Can I create custom insights?
    Currently, the customization feature isn't supported by AWS Security Hub.
    Submit a request to Qualys support team, based on the generality and popularity of the request, Qualys will update the default insight cards seen in AWS. 

 

Related Links

Attachments

    Outcomes