I could find the information on integrating Arcsight with Qualysgaurd VM , is there any such a thing for integrating Arcsight for PC module in qualys ?
To date, Arcsight can't consume PC data but the API are ready. Did you make the request to Acrsight? Can you please describe how this integration should work in your opinion.
If you can join us at QSC in Las Vegas later this month (www.qualys.com/qsc), a customer will present an example of a customized integration with Arcsight (not with PC though). You might be interested.
It is my thought that incorparating PC data into arcsight would help security analyst in assessing the risk level of an asset and it even helpful for incident handlers to assess the potential scope of an incident.
This make sense and I'll be happy to facilitate this integration. What was Arcsight 's reply?
We've got a customer here in Texas that would like to see Policy Compliance data integrated with their ArcSight solution.
My thought would be that ArcSight could import "fail" data for specific assets and make the information available as meta data. I think it would have to be one of those situations where an analyst would be reviewing an alert and they'd potentially look at vuln data and control data to think about the risk to the asset.
Nice thought. Would love to have a feature where the QG scanner or the SoC can trigger a syslog or SNMP trap or similar to ArcSight or any other log management or SIEM system. Minimal info like pass/fail, CID, IP, regulation, risk level and a short detail section.
+1 interest into integration between the products. Is there any API scripts available or notes on how customers have performed this in the past?
We are in talks with HP to improve their VM integration. Please reach out to your HP account managers with the specific use cases you would like to see.
Retrieving data ...