ETM WAS Integration
The integration of Qualys Web Application Scanning (WAS) with Enterprise TruRisk Management (ETM) allows security teams to connect web application vulnerability findings directly to the ETM platform. This integration enables security teams to view identified vulnerabilities as findings within ETM's unified risk management interface.
By consolidating security findings from WAS into ETM, organizations gain a holistic view of their security posture across the enterprise. This comprehensive perspective allows for more effective risk management through a single interface.
The findings provide detailed information about each vulnerability, including the affected asset, severity, and current status. This crucial information assists security teams in prioritizing remediation efforts based on risk levels and the potential impact on the organization.
Accessing WAS findings directly within ETM helps security teams streamline their workflow, allowing them to address security issues more efficiently without the need to switch between multiple management interfaces.
Prerequisite
Web Application Security (WAS) must be enabled for your subscription for implementing the WAS integration with ETM.
How Does the Integration Work?
The integration process follows these steps:
The system automatically ingests findings from WAS into ETM as a vulnerability.
- Contact your TAM or support to enable your subscription for WAS.
- Create a CSV connector and select WAS Findings as the Type of Findings (refer to CSV Connector).
- Run a scan for WAS to generate current vulnerability data.
- Web App findings from WAS application displays in ETM with their respective risk scores, allowing for precise identification of security issues that require remediation.
After completing the integration, you can view and manage WAS findings within the ETM interface:
The integration ensures data synchronization between systems for current security posture information in ETM for effective risk management.
View Assets and Findings in ETM
- Navigate to Risk Management > Findings > Vulnerabilities to access the consolidated view of security posture findings.
- To filter specifically for WAS findings, use the QQL query syntax:
finding.vendorProductName:WAS.
-
To view details about vulnerability, click View Details from Quick Actions menu of the selected vulnerability.
You can view various details in different tabs.
Summary
The Summary page has different details, such as Basic Details, Description, and Asset Information, such as Identification and Activity. The Basic Details include details such as the Finding ID, the Type Detected, and whether it has been Confirmed. Information about Sources is available, along with the Last Detected and First Detected dates and details on the Port and Protocol used.
For CVSS metrics, you can find the CVSS V3 Base, CVSS V3 Temporal, and the CVSS V3 Attack Vector.
QDS Details
The Qualys Detection Score (QDS) Details includes Contributing Factors for Qualys Detection Score. Additional Insights such as Technical Attributes, Temporal Attributes, Trending, and Remediation.
Detection Details
The Detection Details page displays Parameters, Payloads, Payload Details, Rationale (Detection Logic), Impact, Recommendations / Remediation Guidance
Exploitability
The Exploitability page lists known exploits for this vulnerability available from third-party vendors and/or publicly available sources.
Patches
The Patches page displays patch reference, type, and Vendor Severity.
Malware
The Associated Malware pages displays a list which includes Malware ID, type, Platform, and Risk.
Sources
The Sources page displays details like Title, CVE ID, Status, Category, Sources, Last Detected, First Detected, Port, and Finding Id. Source Records shows a list that includes source, vendor ID, Title, Status, first detected, and last detected.
-