ETM PC/SCA Integration

The PC/SCA integration with Enterprise TruRisk Management (ETM) connects your PC and SCA security posture information directly to the ETM platform. This integration enables security teams to view failed postures as misconfigurations within ETM's unified risk management interface. By consolidating security findings from PC and SCA into ETM,

Organizations achieve a comprehensive view of their security posture throughout the enterprise environment. They can manage risks more effectively through a single interface.

The findings display detailed information about each misconfiguration, including the affected asset, severity, and current status. This information helps security teams prioritize remediation efforts based on risk levels and organizational impact.

By accessing PC/SCA findings directly within ETM, security teams can streamline their workflow and address security issues more efficiently without switching between multiple security management interfaces.

Prerequisites

Before implementing the PC/SCA integration with ETM, ensure your environment meets the following requirements:

  • PC/SCA must be enabled for your subscription
  • PCAS version 1.2.3 and higher
  • Enterprise TruRisk platform 10.32.1.0 and higher
  • Verify your current versions before proceeding with the integration setup to ensure compatibility with ETM.

How Does the Integration Work?

The integration process follows these steps:

  1. Contact your TAM or support to enable your subscription for PC/SCA.
  2. Run baseline for PC/SCA to ingest existing PC/SCA data in ETM.

    The ETM automatically ingests findings from PC and SCA into as misconfigurations.

    Failed postures from your PC/SCA environment is displayed in ETM with their respective risk scores, allowing for precise identification of security issues that require remediation.

The integration ensures data synchronization between systems for current security posture information in ETM for effective risk management.

View Assets and Findings in ETM

After completing the integration, you can view and manage PC/SCA findings within the ETM interface:

  1. Navigate to Risk Management > Findings > Misconfigurations to access the consolidated view of security posture findings.
  2. To filter specifically for PC or SCA findings, use the QQL query syntax:
    finding.vendorProductName:PC or finding.vendorProductName:SCA respectively.

    View PC misconfiguations.

  3. To view details about misconfiguration, click View  Details from Quick Action menu of the selected configuration.

    You can view various details in different tabs.

    Summary

    The Summary page has different details, such as Basic Details, Description, and asset Information, such as Identification and Activity. The Basic Details include details such as the Finding ID and the Type Detected. Information about Sources is available, along with the last-detected and first-detected dates, instances, and technology used. 

    View PC misconfiguations summary.

    QDS Details 

    The Qualys Detection Score (QDS) Details includes Contributing Factors for Qualys Detection Score and Additional Insights.

    View PC misconfiguations QDS Details.

    Detection Details

    The Detection Details page displays Result, Rationale (Detection Logic), and Recommendations/Remediation Guidance.

    View PC misconfiguations Detection details.

    Additional Details

    The Additional Details page lists Control/Rule Details like Reference ID, Misconfiguration Type, sub type, Severity, Control URL and so on. Policy Details section displays Policy Name, Policy URL, Decription, Evaluated On, Created By and so on.

    View PC misconfiguations additional details.

    MITRE ATT&CK 

    The MITRE ATT&CK page displays Tactics with Privilege Escalation, Mitigations details with a list of name and ID.

    View PC misconfiguations MITRE ATT&CK .

    Sources

    The Sources page displays details like Aggregated Record and Source Records like Connector Name, Connector ID, Source Policy URL, Source Asset ID, Policy Name, Technology, and Technology Category .

    View sources in details.