Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
610
Views
0
Helpful
3
Replies

MARS and Qualys vulnerability scanning integration

genewolfe
Level 1
Level 1

‎06-16-2009 08:24 AM

What does adding Qualys vulnerability scan data to MARS allow MARS, help MARS to do?

Does it help MARS identify an alert as a false positive in the context of a host which Qualys says isn't vulnerable OR does it do something else like when the Qualys data is retrieved simply listing each vulnerability as an incident?

Labels:
0 Helpful
3 Replies 3

eegilbert
Level 1
Level 1

‎06-16-2009 12:17 PM

My understanding was the Qualys would inform MARS if a system was really vulnerable or not based on it's (the qualys box) information of the situation.

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgVulAs.html

Erric

0 Helpful

flavendhomme
Level 1
Level 1
In response to eegilbert

‎07-15-2009 11:49 AM

I just made the configuration to day, it seems to work corectly, but I am wondering something. Does anyone has really estimated the real benefits of using qualysquard with Csmars ?

0 Helpful

genewolfe
Level 1
Level 1
In response to flavendhomme

‎07-15-2009 12:45 PM

I haven't been able to set this up yet. If MARS is able to mark alerts which don't apply to a device as false positives or something like that it could be valuable because it would save the staff time hunting down false positives.

0 Helpful
Customers Also Viewed These Support Documents