1 / 9

by Eric Perraudeau, Product Manager

by Eric Perraudeau, Product Manager. Advanced reporting using API and Report frameworks. San Francisco, CA March 22 nd 2010. Agenda. Manual Data vs Automatic Data Qualys API frameworks Reporting Q&A. 2.

tyrell
Download Presentation

by Eric Perraudeau, Product Manager

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. by Eric Perraudeau, Product Manager Advanced reporting using API and Report frameworks San Francisco, CA March 22nd 2010

  2. Agenda • Manual Data vs Automatic Data • Qualys API frameworks • Reporting • Q&A 2 C O M P A N Y C O N F I D E N T I A L

  3. Manual Data vs Automatic Data Scan 1 Result 1 Option Profile 1 Result 1 Scan 3 Result 3 Option Profile 3 Result 3 Scan n Result n Option Profile n Result n Scan 2 Result 2 Option Profile 2 Result 2 Manual Data World Auto Data World Normalize Database Report Templates Stored in report center for 7 days + Encrypted PDF distribution lists Reports C O N F I D E N T I A L

  4. API frameworks • Two API frameworks: • V1 – legacy • V2 introduced better scalability and two authentication schemes (session based and basic) • V2 api allow to pull automatic data in XML for external usage. Ex: import in a local database • Documentation: API user guide available through resources section in the UI. Quick reference guide will be available soon. 4 C O M P A N Y C O N F I D E N T I A L

  5. API: leverage auto vuln data • First option: full download every time • Second option: 2 steps process to enhance scalability • 1st : initial import. Get all the vuln data • 2nd : on a regular basis, download only what changed. • Define a report template in UI and get the template ID • Use trend and analysis for a given period (1 day, 1 week, 1 month) • Use filter capabilities to get what you need. • Recommended filter: all vulnerabilities with status NEW – FIXED – REOPEN; Ignore ACTIVE • Use API v2 to run execute the report on the Qualys’ report servers. USE SAME FREQUENCY THAN THE PERIOD DEFINED IN THE REPORT TEMPLATE. • Targets of the report template (Asset groups or IP ranges) can be overridden at execution time  one template for many usage 5 C O M P A N Y C O N F I D E N T I A L

  6. Reporting • Using a database populated with CSV or XML results pulled from QualysGuard using API v2 for automatic vulnerability data • Usage of a reporting framework. • First suggestion: zoho report from zoho.com • http://reports.zoho.com/login/login.jsp • Business intelligence in your browser • Second suggestion: BIRT plugin for Eclipse • http://www.eclipse.org/birt/phoenix/ • “BIRT is an open source Eclipse-based reporting system that integrates with your Java/J2EE application to produce compelling reports.”  require a Java/J2EE environment. 6 C O M P A N Y C O N F I D E N T I A L

  7. Reporting – zoho report example 7 C O M P A N Y C O N F I D E N T I A L

  8. Going forward • Define a DB structure for vuln including status (new – active – fixed – reopened) • Define a DB structure for the assets – asset groups 8 C O M P A N Y C O N F I D E N T I A L

  9. Questions? Thank you!eperraudeau@qualys.com

More Related