ETM PC/SCA Integration

The PC/SCA integration with Enterprise TruRisk Management (ETM) connects your PC and SCA security posture information directly to the ETM platform. This integration enables security teams to view failed postures as misconfigurations within ETM's unified risk management interface. By consolidating security findings from PC and SCA into ETM,

Organizations achieve a comprehensive view of their security posture throughout the enterprise environment. They can manage risks more effectively through a single interface.

The findings display detailed information about each misconfiguration, including the affected asset, severity, and current status. This information helps security teams prioritize remediation efforts based on risk levels and organizational impact.

By accessing PC/SCA findings directly within ETM, security teams can streamline their workflow and address security issues more efficiently without switching between multiple security management interfaces.

Prerequisites

Before implementing the PC/SCA integration with ETM, ensure your environment meets the following requirements:

• PC/SCA must be enabled for your subscription
• PCAS version 1.2.3 and higher
• Enterprise TruRisk platform 10.32.1.0 and higher
• Verify your current versions before proceeding with the integration setup to ensure compatibility with ETM.

How Does the Integration Work?

The integration process follows these steps:

1. Contact your TAM or support to enable your subscription for PC/SCA.
2. Run baseline for PC/SCA to ingest existing PC/SCA data in ETM.

   The ETM automatically ingests findings from PC and SCA into as misconfigurations.

   Failed postures from your PC/SCA environment is displayed in ETM with their respective risk scores, allowing for precise identification of security issues that require remediation.

The integration ensures data synchronization between systems for current security posture information in ETM for effective risk management.

View Assets and Findings in ETM

After completing the integration, you can view and manage PC/SCA findings within the ETM interface:

1. Navigate to Risk Management > Findings > Misconfigurations to access the consolidated view of security posture findings.
2. To filter specifically for PC or SCA findings, use the QQL query syntax:
   finding.vendorProductName:PC or finding.vendorProductName:SCA respectively.

   

3. To view details about misconfiguration, click View  Details from Quick Action menu of the selected configuration.

   You can view various details in different tabs.

   Summary

   The Summary page has different details, such as Basic Details, Description, and asset Information, such as Identification and Activity. The Basic Details include details such as the Finding ID and the Type Detected. Information about Sources is available, along with the last-detected and first-detected dates, instances, and technology used. 

   

   QDS Details 

   The Qualys Detection Score (QDS) Details includes Contributing Factors for Qualys Detection Score and Additional Insights.

   

   Detection Details

   The Detection Details page displays Result, Rationale (Detection Logic), and Recommendations/Remediation Guidance.

   

   Additional Details

   The Additional Details page lists Control/Rule Details like Reference ID, Misconfiguration Type, sub type, Severity, Control URL and so on. Policy Details section displays Policy Name, Policy URL, Decription, Evaluated On, Created By and so on.

   

   MITRE ATT&CK 

   The MITRE ATT&CK page displays Tactics with Privilege Escalation, Mitigations details with a list of name and ID.

   

   Sources

   The Sources page displays details like Aggregated Record and Source Records like Connector Name, Connector ID, Source Policy URL, Source Asset ID, Policy Name, Technology, and Technology Category .