🍩
HackBook.io
  • Pentesting Pocket Book for hackers and developers.
  • Reconnaissance
    • Internal Recon Basics
    • OSINT
      • Infrastructure
      • Recon-ng
      • Users
      • Google Dorks
    • Active Scanning
      • NMAP
        • NSE
          • reconnoitre
        • NMap Evasion
      • NC Scan
      • Finger Printing
    • Web Server OSINT
      • WhatWeb
      • Subdomains
      • Directory & File Enumeration
        • Enumeration
          • GoCutty
          • gobuster
          • Dirb
          • nikto
        • Fuzzing
        • Crawling
  • Web Application Hacking
    • Web 101
      • Clients
      • Servers
      • Encodings
    • Web Hacking Techniques
      • SOP
      • Open Redirect
      • File & Resource Attacks
        • Directory Traversal
          • Dir Traversal Fuzzer
        • LFI
        • RFI
        • Unrestricted File Uploads
      • XSS
        • DOM
        • Stored
        • Reflected
        • Blind
        • Self XSS
      • XXE
        • XXE Payloads
      • XPath
      • SSRF
      • CSRF
      • SQLi
        • SQL Basics
        • Securing SQL
        • Hacking SQL
          • sqlmap
          • In-Band
          • Error Based
          • Blind
      • Authorization
      • Session Hijacking
      • Command Injection
      • Insecure Deserialization
      • File Uploads
        • File Upload Mitigations
      • HPP
      • Click Jacking
        • Adobe SWF Investigator
      • HTTP Response Splitting
      • Flash 101
        • Flash Hacking
      • HTML5
        • WebSockets
        • CORS
          • iframe
          • Headers
    • Web Hacking Procedures
      • Captcha
      • Username Generation
      • Username Enumeration
      • Inhouse WebApps
      • SSL Cert Generation
      • CMS
        • WordPress
        • Joomla
      • Popular Exploits
        • Bludit CMS
        • ShellShock
        • WebDav
  • Weaponization
    • Buffer Overflows (BOF)
      • DSBOFG
        • Scripts
  • Initial Access
    • 😈Services
      • Finger
      • SNMP
      • LDAP
      • SMTP
      • NFS
      • RPC
        • RPCBind
      • RDP
      • SQL
        • NoSQL
      • POP3
      • Samba
      • SMB
      • SSH
      • Telnet
      • NetBios
      • VOIP/SIP
      • DNS
        • DNS Lookups
        • Zone Transfer
        • SubDomain Enums
        • dnsdumpster
    • 😈Shells
      • Powercat
      • Odd Shells
      • Troubleshoot
      • TTY/PTTY
  • Persistence
    • File Transfers
      • Py->Exe->Txt
      • Cross compile example
    • Backdoors
  • Privilege Escalation
    • Universal Escalation
    • Windows Escalation
      • Automated
      • Popular Exploits
        • ActiveXObject to Wscript RCE
        • Macros
        • Object Linking
    • Linux Escalation
      • Automated
    • Passwords
      • John
      • Medusa
      • Cewl
      • ncrack
      • Crunch
      • Hydra
      • MITM
      • Responder
        • SAM
          • pwdump and fgdump
          • Pass-the-hash
      • Crack the hash
      • NTLM
  • Network Discovery
    • Network Traffic
      • tcpdump
    • Internal Discovery
  • Collection and Staging
    • Collection
      • File types
  • Hacking Objectives
    • Non Kinetic War (Quick Guide)
  • Procedures
    • Bash Guide
    • Active Directory
    • Crypto 101
    • Forensics
  • Glossary
  • Hacking Frameworks
    • Metasploit
      • msfvenom
    • Dsnif
  • ThreatModeling
    • Threat Modeling Overview
  • Certifications
    • VMDR
      • Qualys Asset Management
      • Qualys Vulnerability Management
      • Qualys Threat Prioritization
      • Qualys Response (Patch Deployment)
    • OSCP Cheat Sheet
  • RF - Radio Frequency
    • Ham Technician
Powered by GitBook
On this page
  • VMDR Applications:
  • Sensors:
  • Scanner Appliance:
  • Cloud Agent:
  • Passive Sensors:
  • Qualys Cloud Connector:
  • Container Sensor:
  • Global IT Asset Inventory:
  • GITAI Terms:

Was this helpful?

  1. Certifications
  2. VMDR

Qualys Asset Management

VMDR Applications:

  • Security Configuration Assessment (SCA)

  • Container Security and Container Runtime Security, (CS) and (CRS)

  • CloudView (CV) & Cloud Security Assessment (CSA)

  • CertView (CERT)

  • Continuous Monitoring (CM)

  • VMDR for Mobile Devices

Sensors:

  • Cloud agent: Installs to endpoints as a system service

  • Passive sensors: Collect asset telemetry through TAPs and Switches in promiscuous mode

  • Scanners: Scanner appliances

  • Cloud connectors: Collect and pipe data from services

  • API: Integration between Qualys and CMDBs like ServiceNow

  • Container Sensors: Docker Containers that install alongside the containers to watch.

  • Out-of-band sensors: Typically for air-gapped networks portions.

Scanner Appliance:

This can be cloud based (good for scanning internet edge nodes). Hardware based for internal asset scans. And Virtual Scanners for Hybrid or Cloud based networks.

Cloud Agent:

You can distribute the agent with management software or group policies:

When viewing the Keys you can also edit or use multiple keys if you need different functionality outside of the default lifecycle.

In this case we see Asset inventory is left out:

Qualys warns against using Policy Compliance and Secure Configuration Assessment modules in the same key.

Key Management Best Practice:

It is recommended to use a different key set for each subnet/logical grouping of hosts and then to assign static tags to the keys to keep track of the assigned grouping that the keys manage.

Passive Sensors:

Can be installed as virtual or hardware appliances, both require port mirroring to be sent to them. Collect data on NIC in promiscuous mode. These packet captures are then sent to Qualys Cloud Platform. The data is analyzed and sorted to its asset and new assets are sorted into the Unmanaged set.

Qualys Cloud Connector:

Connectors for AWS, GCP, and Azure. Pipes Qualys to these cloud platforms to scan for misconfigurations using the setup accounts.

Container Sensor:

  • General: Scans containers on a docker host

  • Registry: Scans images in public and private docker registries

  • CI/CD Pipeline (aka: build sensor): Scans images within DevOps CI?CD pipeline projects to allow those teams to correct vulnerabilities in the build process.

Qualys Container Runtime Security (CRS):

Rules for hive control to block real time processes based on the docker sensors visibility.

Global IT Asset Inventory:

All of the collected data and telemetry from sensors can be fed into Global IT Asset Inventory application. Qualys will normalize and categorize the scan data and then enrich it for viewing. It uses similar normalization and categorization taxonomy as you might have seen in SIEM platforms. Below is a sample of this. In Blue is normalization/categorization and in Green is the enrichment.

Qualys Searching:

A search for any logs from switches..

A search for hardware that is virtualized in the cloud..

You can get a table of all category items via the UI:

GITAI Terms:

  • General Availability: The product is still sold, maintained, and patched

  • End-of-Sale: No longer sold

  • End-of-Life: The product is no longer sold nor new features added, but is still maintained

  • End-of-Service: The product is no longer maintained or patched

  • Unidentified: There is insufficient data collection to determine what the node is

  • Unknown: There is sufficient data to determine the asset but it does not match cataloged assets

PreviousVMDRNextQualys Vulnerability Management

Last updated 3 years ago

Was this helpful?