AnsweredAssumed Answered

Need specifics regarding SAN/NAS device scanning

Question asked by Michael Rosile on Jul 21, 2015
Latest reply on Oct 29, 2015 by djprakash

I'm looking for specifics on how Qualys handles the identification and scanning of SAN/NAS hosts.

 

The Qualys appliance documentation discusses authenticated scans for Microsoft Windows, Unix/Linux, Cisco iOS, databases such as Oracle and MSSQL, and even SNMP.

Where do storage appliances come in?  Most devices can be accessed via SSH and SNMP, but what works best for Qualys?
I know these devices have been susceptible to major vulnerabilities such as Shell Shock or Heart bleed.


Can the Qualys appliance access Web based API's offered by some of these devices?  (e.g. NetApp's Data OnTAP)

 

Finally, assuming an authenticated scan can be done against SAN/NAS devices, I would like specifics on the level of access required (permissions, roles, etc.)

I work for a hosting provider, so least required access would be best.

Outcomes