Per an old question on here (User Activity through Qualys API ), Qualys updated the api to expose the activity logs.
Anyone using the api to route this data to a SIEM or dropping it to local disk and running scripts on it to review activity logs? If so, what kind of monitors/checks/alerts are you doing?
Just thinking off the top of my head, I think the following would be interesting to put monitors around:
-Odd login times
-Bulk edits of AGs
Just wanted to start a discussion and see if anyone else is doing this. Thinking about putting some time towards doing this and just curious if anyone else has already gone this path and had ideas they could share.