Qualys Scanning University of Minnesota

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Qualys Scanning University of Minnesota"

Transcription

1 Qualys is a vulnerability scanner that is used for critical servers and servers subject to compliance reporting. This scanner is not generally to be used for desktop or laptop scanning. OIT has purchased a limited number of licenses (licensed by IP address scanned) for scanning critical and other important servers. This document provides background and responsibilities for how QualysGuard scanning, mapping and ticket remediation tracking will be used at the University of Minnesota by departments. Qualys maintains more extensive documentation of their product under Help on the QualysGuard Enterprise Suite menu bar. Business Units Large/decentralized units (i.e., OIT) will have a Business Unit and an assigned Business Unit Manager. The Business Unit will be able to run discovery maps and vulnerability scans and run reports on the IP s assigned to their Business Unit. Priority must be given to critical servers and servers subject to compliance reporting. Business Unit Manager Responsibilities (BUM) Define responsibilities of the other unit managers, scanners and readers in your Business Unit. Manage users (other unit managers, scanners and readers) for your Business Unit. This includes set up and deletions. Assign the users to Asset Groups. Identify to University Information Security ( a list of subnets your area is responsible for. This will be used for discovery mapping your section of the network, similar to NMAP. Discovery maps are free. Identify to University Information Security ( a list of IP/IP Ranges for servers that your unit is responsible for scanning. Each IP scanned costs money, avoid scanning IP addresses not assigned to a host. Set up and maintain the list of IP addresses that should be included in the Critical Servers Reporting Asset Group for your Business Unit following the naming convention for Asset Groups using the corresponding Business Impact level 5 (critical). Manage the other Asset Groups that you create to meet your scanning/reporting needs, following the naming convention for Asset Groups. Use the Business Impact level that meets your reporting needs. Discovery map your section of the network at least monthly and review the Map reports for unknown devices. Scan all IP addresses in the Critical Server Reporting Asset Groups monthly. Review open ticket remediation for IP s assigned to your Business Unit or Asset group. Automated ticket generation will be turned on by Asset Group by the Business Unit Manager. In summary, maintain the following: IP addresses in the Critical Servers Reporting Asset Groups Review vulnerability management for servers scanned with priority for the Critical Servers Reporting Asset Groups, see separate document- Qualys Vulnerability Data Review for Audit Reporting. 3/23/2015 Page 1 of 8

2 User accounts for your Business Unit Optional: o Set up additional Remediation Policies for your area. o Set up additional report templates. o Maintain Host Asset Information. University Information Security will use the Function to track Solutionary/Seccuris OneStone Customer # (S- 1511) Critical Servers Reporting Asset Groups: These asset groups should contain the critical servers for your area and be assigned Business Impact=5 (critical). These Asset Groups will be used for reporting vulnerability management to the internal audits department. Critical Servers include: Security Level High or Medium per the Data Security Classification Policy. Naming Conventions Asset Groups: COLLEGE.DEPT.subgroup _??? (???-each area can define) Critical Servers Reporting Asset Groups: o CRITICAL.COLLEGE.DEPT Report Templates: COLLEGE.DEPT.??? (???-each area can define) See attached sheet for naming convention assigned for your unit. Vulnerabilities Qualys uses 3 categories for classifying vulnerabilities (confirmed, potential and information). Within the category, there are 5 levels for vulnerabilities. o Confirmed (red) Security weaknesses verified by an active test o Potential (yellow) Security weaknesses that need manual verification o Information (blue) Configuration data High Risk Vulnerabilities o Required: Fix Confirmed 4 & 5 (red) - must have the high severity vulnerability mitigated (i.e., patching/configuration, other compensating control or documented as a false positive) for internal audits reporting. o Hosts involved in credit card processing must also mitigate all vulnerabilities marked as PCI Failed. o Documentation of the mitigation plan for your high severity vulnerabilities must be in the Qualys Ticket Remediation. Tickets for unmitigated vulnerabilities need to be documented within 30 days of scan. Priorities for Other Vulnerabilities o Recommended: Review Potential 4 & 5 (yellow) and fix, if applicable o Recommended: Review Confirmed 1, 2 & 3 (red) and fix, if applicable o Recommended: Review & assess the risk with the other vulnerabilities and fix if applicable 3/23/2015 Page 2 of 8

3 Additional information on Set Up, Scans, Maps, Ticket Remediation & Reports Asset Groups (See Asset Group Image) o Follow the naming conventions for Asset Groups. o IPs, list all the IP addresses or IP ranges to be included in the Asset Group. o Scanner Appliances, select all listed. o Business/CVSS Information: o Critical Server Asset Groups- change the default Business Impact to 5 (critical). o Other Asset Groups - the information on this tab is optional Asset Group Business/CVSS Information o Division, Function, Location fields and Business Impact can be maintained for each Asset Group by the user creating the Asset Group. o Business Impact must be set to 5 for the Critical Servers Asset Groups. o CVSS Environmental Metric Info is not being used. Host Asset Information o Location, Function and Asset Tag fields are maintained on individual host IP s. o University Information Security will use the Function field to make notations (i.e., S-1511) related to Solutionary/Seccuris OneStone monitoring of an IP. User Accounts o General Information, all fields with an asterisk are required. o User role, select Scanner scan & map IP addresses in your assigned Asset Groups; create & run reports and manage tickets. Reader create & run reports for your assigned Asset Groups and manage tickets Unit Manager same privileges as Scanner with the exception, you manage user accounts for your unit o Asset Group, assign one or more Asset Groups to the user. o Advanced options, displays Permissions and Options tabs. Scans (See Scan Asset Group, Scan Host and Scheduled Scan images) o There are multiple scan policies and options for scheduling scans. Here are the basics. Schedule scan or scan immediately Option Profile: U of M Initial Options (default); PCI scans use Payment Card Industry Options PCI policy can be more aggressive Scanner Appliance: All Scanners in Asset Group; External for scan from outside the U network. 3/23/2015 Page 3 of 8

4 Select an internal scan appliance when listing IP addresses or ranges. If not scanning an entire asset group, the external scanner is used instead of internal. Scan by Asset Group, Select IPs or IP Range o When the scan is completed, users can view the scan report. Ticket Remediation o The main remediation policy will create tickets for all confirmed 4 & 5 vulnerabilities for the IP s in the Critical Servers Reporting Asset Groups. Tickets will be assigned to the user running the scan. Deadline date for determining overdue tickets will be 30 days. o Business Units can set up additional remediation policies for their area. Reports o Technical Report- Select Asset Group or IP Results as of the last scan Includes all vulnerabilities (confirmed, potential, info.) at all levels (1-5) Details on how to fix Very large report o Technical Report-Select Scan Results Results from a specific scan Includes all vulnerabilities (confirmed, potential, info.) at all levels (1-5) Details on how to fix Very large report o UMN-Summary Report Results as of the last scan Includes all vulnerabilities (confirmed, potential, info) at all levels (1-5) No detail on how to fix o UMN-High Severity Report Results as of the last scan Includes confirmed vulnerabilities at levels 4 & 5 Details on how to fix o UMN-High Severity Summary Report OIT Sec Reporting Results as of the last scan Includes confirmed vulnerabilities at levels 4 & 5 Sorted by vulnerability and lists the vulnerable hosts No detail on how to fix Maps o Similar to nmap o There are multiple discovery map policies and options for scheduling scans. Here are the basics. Schedule map or map immediately Option Profile: University of Minnesota Initial Options (default) 3/23/2015 Page 4 of 8

5 Scanner Appliance: All Scanners in Asset Group; External for scan from outside the U network Map by Asset Group, Select IPs or IP Range o When the map is completed, users can view the map report. 3/23/2015 Page 5 of 8

6 Images Asset Group 3/23/2015 Page 6 of 8

7 Scan Asset Group Scan Host 3/23/2015 Page 7 of 8

8 Scheduled Scan 3/23/2015 Page 8 of 8

Qualys Scanning for PCI Devices University of Minnesota

Qualys Scanning for PCI Devices University of Minnesota Qualys is the vulnerability scanner that will be used to map and scan devices that are involved in credit card processing to meet the PCI-DSS quarterly internal scan and map requirement. This document

More information

Managing Qualys Scanners

Managing Qualys Scanners Q1 Labs Help Build 7.0 Maintenance Release 3 documentation@q1labs.com Managing Qualys Scanners Managing Qualys Scanners A QualysGuard vulnerability scanner runs on a remote web server. QRadar must access

More information

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9) Nessus Enterprise Cloud User Guide October 2, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Enterprise Cloud... 3 Subscription and Activation... 3 Multi Scanner Support... 4 Customer Scanning

More information

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015 QualysGuard WAS Getting Started Guide Version 4.1 April 24, 2015 Copyright 2011-2015 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc.

More information

Sample Vulnerability Management Policy

Sample Vulnerability Management Policy Sample Internal Procedures and Policy Guidelines February 2015 Document Control Title: Document Control Number: 1.0.0 Initial Release: Last Updated: February 2015, Manager IT Security February 2015, Director

More information

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014 QualysGuard WAS Getting Started Guide Version 3.3 March 21, 2014 Copyright 2011-2014 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc.

More information

GETTING STARTED WITH THE PCI COMPLIANCE SERVICE VERSION 2.3. May 1, 2008

GETTING STARTED WITH THE PCI COMPLIANCE SERVICE VERSION 2.3. May 1, 2008 GETTING STARTED WITH THE PCI COMPLIANCE SERVICE VERSION 2.3 May 1, 2008 Copyright 2006-2008 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys,

More information

Security and Compliance Suite Rollout Guide. August 4, 2015

Security and Compliance Suite Rollout Guide. August 4, 2015 Security and Compliance Suite Rollout Guide August 4, 2015 Copyright 2005-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks

More information

Vulnerability Management Isn t Simple (or, How to Make Your VM Program Great)

Vulnerability Management Isn t Simple (or, How to Make Your VM Program Great) Vulnerability Management Isn t Simple (or, How to Make Your VM Program Great) Kelly Hammons Principal Consultant, CISSP Secutor Consulting October 2 nd, 2015 97% of breaches could have been avoided through

More information

AUTOMATING THE 20 CRITICAL SECURITY CONTROLS

AUTOMATING THE 20 CRITICAL SECURITY CONTROLS AUTOMATING THE 20 CRITICAL SECURITY CONTROLS Wolfgang Kandek, CTO Qualys Session ID: Session Classification: SPO-T07 Intermediate 2012 the Year of Data Breaches 2013 continued in a similar Way Background

More information

CLOCKWORK Training Manual and Reference: Inventory. TechnoPro Computer Solutions, Inc.

CLOCKWORK Training Manual and Reference: Inventory. TechnoPro Computer Solutions, Inc. CLOCKWORK Training Manual and Reference: Inventory TechnoPro Computer Solutions, Inc. Table of Contents Inventory Learning Objectives License Key 5 Create a Catalog 6 Assign Permissions 9 Categories and

More information

OCCS Procedure. Vulnerability Scanning and Management Procedure Reference Number: 9.4.2 Last updated: September 6, 2011

OCCS Procedure. Vulnerability Scanning and Management Procedure Reference Number: 9.4.2 Last updated: September 6, 2011 OCCS Procedure Title: Vulnerability Scanning and Management Procedure Reference Number: 9.4.2 Last updated: September 6, 2011 Purpose The purpose of this procedure is to define the management and controls

More information

Qualys PC/SCAP Auditor

Qualys PC/SCAP Auditor Qualys PC/SCAP Auditor Getting Started Guide August 3, 2015 COPYRIGHT 2011-2015 BY QUALYS, INC. ALL RIGHTS RESERVED. QUALYS AND THE QUALYS LOGO ARE REGISTERED TRADEMARKS OF QUALYS, INC. ALL OTHER TRADEMARKS

More information

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9) Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9) Table of Contents Introduction... 3 Nessus Perimeter Service... 3 Subscription and Activation... 3 Multi Scanner Support...

More information

PCI Compliance. Network Scanning. Getting Started Guide

PCI Compliance. Network Scanning. Getting Started Guide PCI Compliance Getting Started Guide Qualys PCI provides businesses, merchants and online service providers with the easiest, most cost effective and highly automated way to achieve compliance with the

More information

PCI Vulnerability Validation Report

PCI Vulnerability Validation Report Friday, March 9, 013 PCI Vulnerability Validation Report Introduction This report shows the results of a vulnerability validation tests conducted by CORE Impact Professional Professional in support of

More information

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Intro to QualysGuard IT Risk & Asset Management Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe A Unified and Continuous View of ICT Security, Risks and Compliance

More information

Security and Compliance Suite Evaluator s Guide. August 11, 2015

Security and Compliance Suite Evaluator s Guide. August 11, 2015 Security and Compliance Suite Evaluator s Guide August 11, 2015 Copyright 2011-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks

More information

TRIPWIRE PURECLOUD. TRIPWIRE PureCloud USER GUIDE

TRIPWIRE PURECLOUD. TRIPWIRE PureCloud USER GUIDE TRIPWIRE PURECLOUD TRIPWIRE PureCloud USER GUIDE 2001-2015 Tripwire, Inc. All rights reserved. Tripwire and ncircle are registered trademarks of Tripwire, Inc. Other brand or product names may be trademarks

More information

QualysGuard Asset Management

QualysGuard Asset Management QualysGuard Asset Management Quick Start Guide January 28, 2014 Dynamic Asset Tagging provides a flexible and scalable way to automatically discover and organize the assets in your environment and make

More information

CRM Sales PDF Productivity Pack Configuration and User Guide Microsoft Dynamics CRM 4.0

CRM Sales PDF Productivity Pack Configuration and User Guide Microsoft Dynamics CRM 4.0 CRM Sales PDF Productivity Pack Configuration and User Guide Microsoft Dynamics CRM 4.0 CRM Addins info@crmaddins.co.uk Table of Contents Introduction... 3 Document Overview.... 3 Version Compatibility....

More information

TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE

TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE .trust TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE 2007 Table of Contents Introducing Trustwave Vulnerability Management 3 1 Logging In and Accessing Scans 4 1.1 Portal Navigation and Utility Functions...

More information

How to Grow and Transform your Security Program into the Cloud

How to Grow and Transform your Security Program into the Cloud How to Grow and Transform your Security Program into the Cloud Wolfgang Kandek Qualys, Inc. Session ID: SPO-207 Session Classification: Intermediate Agenda Introduction Fundamentals of Vulnerability Management

More information

STATE OF NEW JERSEY IT CIRCULAR

STATE OF NEW JERSEY IT CIRCULAR NJ Office of Information Technology P.O. Box 212 www.nj.gov/it/ps/ Chris Christie, Governor 300 River View E. Steven Emanuel, Chief Information Officer Trenton, NJ 08625-0212 STATE OF NEW JERSEY IT CIRCULAR

More information

Security and Compliance Suite

Security and Compliance Suite Security and Compliance Suite Quick Tour The Qualys user interface is easy-to-use with powerful Web 2.0 capabilities featuring interactive dashboards, actionable menus and workflows, context-based interactions

More information

Secret Server Qualys Integration Guide

Secret Server Qualys Integration Guide Secret Server Qualys Integration Guide Table of Contents Secret Server and Qualys Cloud Platform... 2 Authenticated vs. Unauthenticated Scanning... 2 What are the Advantages?... 2 Integrating Secret Server

More information

Asset management guidelines

Asset management guidelines Asset management guidelines 1 IT asset management (ITAM) overview Objective Provide a single, integrated view of agency assets in order to allow agencies to identify the asset location and assess the potential

More information

State of Minnesota. Office of Enterprise Technology (OET) Enterprise Vulnerability Management Security Standard

State of Minnesota. Office of Enterprise Technology (OET) Enterprise Vulnerability Management Security Standard State of Minnesota Office of Enterprise Technology (OET) Enterprise Vulnerability Management Security Standard Approval: Enterprise Security Office (ESO) Standard Version 1.00 Gopal Khanna

More information

Delivering IT Security and Compliance as a Service

Delivering IT Security and Compliance as a Service Delivering IT Security and Compliance as a Service Matthew Clancy Technical Account Manager Qualys, Inc. www.qualys.com Agenda Technology Overview The Problem: Delivering IT Security & Compliance Key differentiator:

More information

CSUSB Vulnerability Management Standard CSUSB, Information Security & Emerging Technologies Office

CSUSB Vulnerability Management Standard CSUSB, Information Security & Emerging Technologies Office CSUSB Vulnerability Management Standard CSUSB, Information Security & Emerging Technologies Office Last Revised: 09/17/2015 Final REVISION CONTROL Document Title: Author: File Reference: CSUSB Vulnerability

More information

Vulnerability Management Policy

Vulnerability Management Policy April 13th, 2015 1.0 SUMMARY Vulnerability management is the processes and technologies that an organization utilizes to identify, assess, and remediate information technology (IT) vulnerabilities, weaknesses,

More information

Novell ZENworks Asset Management

Novell ZENworks Asset Management Novell ZENworks Asset Management Administrative Best Practices and Troubleshooting www.novell.com APRIL 19, 2005 2 GETTING THE MOST OUT OF NOVELL ZENWORKS ASSET MANAGEMENT The award-winning asset tracking

More information

IBM Security QRadar SIEM Version 7.1.0 MR1. Vulnerability Assessment Configuration Guide

IBM Security QRadar SIEM Version 7.1.0 MR1. Vulnerability Assessment Configuration Guide IBM Security QRadar SIEM Version 7.1.0 MR1 Vulnerability Assessment Configuration Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks

More information

Network Detective. Network Detective Inspector. 2015 RapidFire Tools, Inc. All rights reserved 20151013 Ver 3D

Network Detective. Network Detective Inspector. 2015 RapidFire Tools, Inc. All rights reserved 20151013 Ver 3D Network Detective 2015 RapidFire Tools, Inc. All rights reserved 20151013 Ver 3D Contents Overview... 3 Components of the Inspector... 3 Inspector Appliance... 3 Inspector Diagnostic Tool... 3 Network

More information

VULNERABILITY MANAGEMENT

VULNERABILITY MANAGEMENT VULNERABILITY MANAGEMENT A White Paper Presented by: MindPoint Group, LLC 8078 Edinburgh Drive Springfield, VA 22153 (o) 703.636.2033 (f) 866.761.7457 www.mindpointgroup.com blog.mindpointgroup.com SBA

More information

Software Vulnerability Assessment

Software Vulnerability Assessment Software Vulnerability Assessment Setup Guide Contents: About Software Vulnerability Assessment Setting Up and Running a Vulnerability Scan Manage Ongoing Vulnerability Scans Perform Regularly Scheduled

More information

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide

Unified Security Management (USM) 5.2 Vulnerability Assessment Guide AlienVault Unified Security Management (USM) 5.2 Vulnerability Assessment Guide USM 5.2 Vulnerability Assessment Guide, rev 1 Copyright 2015 AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,

More information

SyAM Software Management Utilities. Performing a Power Audit

SyAM Software Management Utilities. Performing a Power Audit SyAM Software Management Utilities Performing a Power Power or How it Works Systems are discovered on the network, and organized into groups. For each group of systems a range of hours is defined to specify

More information

IBM. Vulnerability scanning and best practices

IBM. Vulnerability scanning and best practices IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration

More information

Server Account Management

Server Account Management Server Account Management Setup Guide Contents: About Server Account Management Setting Up and Running a Server Access Scan Addressing Server Access Findings View Server Access Scan Findings Act on Server

More information

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription

More information

PineApp Surf-SeCure Quick

PineApp Surf-SeCure Quick PineApp Surf-SeCure Quick Installation Guide September 2010 WEB BASED INSTALLATION SURF-SECURE AS PROXY 1. Once logged in, set the appliance s clock: a. Click on the Edit link under Time-Zone section.

More information

Digital Pathways. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ. 0844 586 0040 intouch@digitalpathways.co.uk www.digpath.co.

Digital Pathways. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ. 0844 586 0040 intouch@digitalpathways.co.uk www.digpath.co. Harlow Enterprise Hub, Edinburgh Way, Harlow CM20 2NQ 0844 586 0040 intouch@digitalpathways.co.uk Security Services Menu has a full range of Security Services, some of which are also offered as a fully

More information

Reclamation Manual Directives and Standards

Reclamation Manual Directives and Standards Vulnerability Assessment Requirements 1. Introduction. Vulnerability assessment testing is required for all access points into an electronic security perimeter (ESP), all cyber assets within the ESP, and

More information

ISSA SILICON VALLEY SECURITY METRICS SO WHAT?

ISSA SILICON VALLEY SECURITY METRICS SO WHAT? ISSA SILICON VALLEY SECURITY METRICS SO WHAT? WILLIAM TANG, CTO MARCH 10, 2010 ALLGRESS, INC. 2009 ALLGRESS, INC. 1 Security Metrics So What? Why are we gathering metrics? Who are we gathering these metrics

More information

Running the SANS Top 5 Essential Log Reports with Activeworx Security Center

Running the SANS Top 5 Essential Log Reports with Activeworx Security Center Running the SANS Top 5 Essential Log Reports with Activeworx Security Center Creating valuable information from millions of system events can be an extremely difficult and time consuming task. Particularly

More information

Online Compliance Program for PCI

Online Compliance Program for PCI Appendix F Online Compliance Program for PCI Service Description for PCI Compliance Monitors 1. General Introduction... 3 2. Online Compliance Program... 4 2.1 Introduction... 4 2.2 Portal Access... 4

More information

Advanced Event Viewer Manual

Advanced Event Viewer Manual Advanced Event Viewer Manual Document version: 2.2944.01 Download Advanced Event Viewer at: http://www.advancedeventviewer.com Page 1 Introduction Advanced Event Viewer is an award winning application

More information

rating of 5 out 5 stars

rating of 5 out 5 stars SPM User Guide Contents Aegify comprehensive benefits... 2 Security Posture Assessment workflow... 3 Scanner Management... 3 Upload external scan output... 6 Reports - Views... 6 View Individual Security

More information

WEB APPLICATION SECURITY TESTING GUIDELINES

WEB APPLICATION SECURITY TESTING GUIDELINES WEB APPLICATION SECURITY TESTING GUIDELINES 1 These guidelines were developed to support the Web Application Security Standard. Please refer to this standard for additional information and/or clarification

More information

CA Vulnerability Manager r8.3

CA Vulnerability Manager r8.3 PRODUCT BRIEF: CA VULNERABILITY MANAGER CA Vulnerability Manager r8.3 CA VULNERABILITY MANAGER PROTECTS ENTERPRISE SYSTEMS AND BUSINESS OPERATIONS BY IDENTIFYING VULNERABILITIES, LINKING THEM TO CRITICAL

More information

IBM Security QRadar SIEM Version 7.1.0 MR1. Administration Guide

IBM Security QRadar SIEM Version 7.1.0 MR1. Administration Guide IBM Security QRadar SIEM Version 7..0 MR Administration Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks on page 07. Copyright

More information

Vulnerability Management. Information Technology Audit. For the Period July 2010 to July 2011

Vulnerability Management. Information Technology Audit. For the Period July 2010 to July 2011 O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Vulnerability Management Information Technology Audit For the Period July 2010 to July 2011 May 22, 2012 Report

More information

The following text was provided by the vendor during testing to describe how the product implements the specific capabilities.

The following text was provided by the vendor during testing to describe how the product implements the specific capabilities. Vendor Provided Validation Details - McAfee Policy Auditor 6.2 The following text was provided by the vendor during testing to describe how the product implements the specific capabilities. Statement of

More information

Delivering IT Security and Compliance as a Service

Delivering IT Security and Compliance as a Service Delivering IT Security and Compliance as a Service Jason Falciola GCIH, GAWN Technical Account Manager, Northeast Qualys, Inc. www.qualys.com Agenda Technology Overview h The Problem: Delivering IT Security

More information

The Top 10 Reports for Managing Vulnerabilities

The Top 10 Reports for Managing Vulnerabilities guide: The Top 10 Reports for Managing Vulnerabilities Top 10 Reports #1 Network Perimeter Map Report #2 Unknown Internal Devices Report #3 SANS Top 20 Vulnerabilities Report #4 25 Most Vulnerable Hosts

More information

Assets, Groups & Networks

Assets, Groups & Networks Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat

More information

Managed Service Solutions Catalogue. MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014

Managed Service Solutions Catalogue. MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014 Managed Service Solutions Catalogue MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014 1 MANAGED SERVICES SOLUTIONS CATALOGUE Managed Services Solutions Catalogue Managed Service Solutions

More information

Policy Compliance. Getting Started Guide. January 22, 2016

Policy Compliance. Getting Started Guide. January 22, 2016 Policy Compliance Getting Started Guide January 22, 2016 Copyright 2011-2016 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks

More information

Email Security 8.0 User Guide

Email Security 8.0 User Guide Email Security 8.0 User Guide 1 Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your system. CAUTION: A CAUTION indicates potential damage to

More information

MacScan. MacScan User Guide. Detect, Isolate and Remove Spyware

MacScan. MacScan User Guide. Detect, Isolate and Remove Spyware MacScan MacScan User Guide Detect, Isolate and Remove Spyware Part 1 1.1 Introduction MacScan is a spyware detection utility for Macintosh OS X that finds and removes spyware and other Internet files

More information

WHITE PAPER. Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology

WHITE PAPER. Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology WHITE PAPER Attaining HIPAA Compliance with Retina Vulnerability Assessment Technology Table of Contents Overview 3 HIPAA & Retina Enterprise Edition 3 Six Steps of Vulnerability Assessment & Remediation

More information

Patch Management Procedure. e-governance

Patch Management Procedure. e-governance for e-governance Draft DEPARTMENT OF ELECTRONICS AND INFORMATION TECHNOLOGY Ministry of Communication and Information Technology, Government of India. Document Control S/L Type of Information Document

More information

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE AGENDA PCI DSS Basics Case Studies of PCI DSS Failure! Common Problems with PCI DSS Compliance

More information

ProCAP Transfer with Omneon Interface

ProCAP Transfer with Omneon Interface ProCAP Transfer with Omneon Interface 1 Table of Contents: Table of Contents:... 2 Transfer Omneon Overview... 3 Single Transfer... 4 Loading Transfer Files...4 Selecting the Video Clip...5 Encode Properties...7

More information

Software Requirements. Specification. Day Health Manager. for. Version 1.1. Prepared by 4yourhealth 2/10/2015

Software Requirements. Specification. Day Health Manager. for. Version 1.1. Prepared by 4yourhealth 2/10/2015 Software Requirements Specification. for Day Health Manager Version 1.1 Prepared by 4yourhealth Senior Project 2015 2/10/2015 Table of Contents Table of Contents Revision History Introduction Purpose Document

More information

How To... Set Up Compliance Checking Criteria

How To... Set Up Compliance Checking Criteria How To... Set Up Compliance Checking Criteria Contents Scope... 1 Setting Up Case Checking At Advisor Level... 1 Setting Up Case Checking At Product Level... 3 Mortgage Scoring... 5 Compliance Prompts...

More information

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM Policy Compliancy Checklist September 2014 The server management responsibilities described within are required to be performed per University, Agency or State

More information

Introducing the Site Prep Tool

Introducing the Site Prep Tool Introducing the Site Prep Tool Revision A03.10.011 Page 1 of 13 REVISION HISTORY Date Revision Changes January 2009 01.01 Initial Revision August 2009 02.01 November 2010 03.00 Octember 2012 03.00.022

More information

Extreme Networks Security Analytics G2 Vulnerability Manager

Extreme Networks Security Analytics G2 Vulnerability Manager DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

IBM Security SiteProtector System Configuration Guide

IBM Security SiteProtector System Configuration Guide IBM Security IBM Security SiteProtector System Configuration Guide Version 2.9 Note Before using this information and the product it supports, read the information in Notices on page 209. This edition

More information

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach

The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach The Convergence of IT Security and Compliance with a Software as a Service (SaaS) approach by Philippe Courtot, Chairman and CEO, Qualys Inc. Information Age Security Conference - London - September 25

More information

LogLogic Trend Micro OfficeScan Log Configuration Guide

LogLogic Trend Micro OfficeScan Log Configuration Guide LogLogic Trend Micro OfficeScan Log Configuration Guide Document Release: September 2011 Part Number: LL600065-00ELS090000 This manual supports LogLogic Trend Micro OfficeScan Release 1.0 and later, and

More information

Vulnerability Management ROI Calculator User Guide. v2.0 Monday, September 29, 2008. www.lumension.com. Copyright 2008, Lumension Security

Vulnerability Management ROI Calculator User Guide. v2.0 Monday, September 29, 2008. www.lumension.com. Copyright 2008, Lumension Security Vulnerability Management ROI Calculator User Guide v2.0 Monday, September 29, 2008 Copyright 2008, Lumension Security www.lumension.com Vulnerability Management ROI Calculator Overview The Lumension Security

More information

IBM Security QRadar Vulnerability Manager Version 7.2.6. User Guide IBM

IBM Security QRadar Vulnerability Manager Version 7.2.6. User Guide IBM IBM Security QRadar Vulnerability Manager Version 7.2.6 User Guide IBM Note Before using this information and the product that it supports, read the information in Notices on page 91. Product information

More information

Windows Operating Systems. Basic Security

Windows Operating Systems. Basic Security Windows Operating Systems Basic Security Objectives Explain Windows Operating System (OS) common configurations Recognize OS related threats Apply major steps in securing the OS Windows Operating System

More information

Nessus. A short review of the Nessus computer network vulnerability analysing tool. Authors: Henrik Andersson Johannes Gumbel Martin Andersson

Nessus. A short review of the Nessus computer network vulnerability analysing tool. Authors: Henrik Andersson Johannes Gumbel Martin Andersson Nessus A short review of the Nessus computer network vulnerability analysing tool Authors: Henrik Andersson Johannes Gumbel Martin Andersson Introduction What is a security scanner? A security scanner

More information

QualysGuard Tips and Techniques Policy Compliance: File Integrity Monitoring

QualysGuard Tips and Techniques Policy Compliance: File Integrity Monitoring QualysGuard Tips and Techniques Policy Compliance: File Integrity Monitoring January 21, 2013 This document describes File Integrity Monitoring (FIM), a benefit of QualysGuard Policy Compliance. About

More information

Vulnerability Management with the Splunk App for Enterprise Security

Vulnerability Management with the Splunk App for Enterprise Security Copyright 2014 Splunk Inc. Vulnerability Management with the Splunk App for Enterprise Security Randal T. Rioux Principal Security Strategist and Minister of Offense Splunk Inc. Disclaimer During the course

More information

Elastic Detector on Amazon Web Services (AWS) User Guide v5

Elastic Detector on Amazon Web Services (AWS) User Guide v5 Elastic Detector on Amazon Web Services (AWS) User Guide v5 This guide is intended for Elastic Detector users on AWS. Elastic Detector is available as SaaS or deployed as a virtual appliance through an

More information

EML-09 Keeping Operating Systems and Applications up to date with Patch Management 7.1

EML-09 Keeping Operating Systems and Applications up to date with Patch Management 7.1 EML-09 Keeping Operating Systems and Applications up to date with Patch Management 7.1 Description Maintianing consistant and current patch status is a critical part of any security strategy. In this lab,

More information

Ticket Validation Application System User s Guide. Created by:

Ticket Validation Application System User s Guide. Created by: Ticket Validation Application System User s Guide Created by: 12-21-2011 Table of Contents Ticket Validation Application System Desktop Icon... 3 Prerequisites... 4 Ticket Validation Reporting... 5 Merchant

More information

U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC)

U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC) U.S. Department of Health and Human Services (HHS) The Office of the National Coordinator for Health Information Technology (ONC) Security Risk Assessment (SRA) Tool User Guide Version Date: March 2014

More information

Lab 2.3.3 Configure Intrusion Prevention on the PIX Security Appliance

Lab 2.3.3 Configure Intrusion Prevention on the PIX Security Appliance Lab 2.3.3 Configure Intrusion Prevention on the PIX Security Appliance Objective Scenario Topology In this lab exercise, the students will complete the following tasks: Configure the use of Cisco Intrusion

More information

Offline Scanner Appliance

Offline Scanner Appliance Offline Scanner Appliance User Guide March 27, 2015 Copyright 2014-2015 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc. All other

More information

VIRTUAL TERMINAL (OVERVIEW)

VIRTUAL TERMINAL (OVERVIEW) Customization Required fields and adding/deleting fields. Step 1. Merchant can add or delete non-required fields by clicking the GEAR. Fields with red asterisks are required fields as set by the Affiliate.

More information

GOALS. Server Management Program Review / Training. To Review SMP structure, requirements, logistics. To increase quality and benefit of documentation

GOALS. Server Management Program Review / Training. To Review SMP structure, requirements, logistics. To increase quality and benefit of documentation Server Management Program Review / Training GOALS To Review SMP structure, requirements, logistics To increase quality and benefit of documentation Provide/review examples and upgraded templates Unit IT

More information

IT Security & Compliance. On Time. On Budget. On Demand.

IT Security & Compliance. On Time. On Budget. On Demand. IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount

More information

proposalcentral Prepare and Submit a Proposal.

proposalcentral Prepare and Submit a Proposal. proposalcentral Prepare and Submit a Proposal. If you need assistance, contact Customer Service by email at pcsupport@altum.com or by phone at 1-800-875-2562 1 Recommended Software proposalcentral Recommends

More information

ESISS Security Scanner

ESISS Security Scanner ESISS Security Scanner How to use the ESISS Automated Security Scanner January 2013 v1.1 Table of Contents The ESISS Automated Security Scanner... 3 Using The ESISS Security Scanner... 4 1. Logging On...

More information

Tenable Network Security Support Portal. January 12, 2015 (Revision 14)

Tenable Network Security Support Portal. January 12, 2015 (Revision 14) Tenable Network Security Support Portal January 12, 2015 (Revision 14) Table of Contents Introduction... 3 Activate Tenable Support Portal... 3 Locate Your Customer ID... 6 Manage Your Activation Codes...

More information

Network Detective. PCI Compliance Module Using the PCI Module Without Inspector. 2015 RapidFire Tools, Inc. All rights reserved.

Network Detective. PCI Compliance Module Using the PCI Module Without Inspector. 2015 RapidFire Tools, Inc. All rights reserved. Network Detective PCI Compliance Module Using the PCI Module Without Inspector 2015 RapidFire Tools, Inc. All rights reserved. V20150819 Ver 5T Contents Purpose of this Guide... 4 About Network Detective

More information

Email Message Classification user guide

Email Message Classification user guide Email Message Classification user guide Introduction Email message classification tags each email used within the authority with one of three classifications chosen by a user dependant on the content of

More information

Cesview IIi 1.3 Installation and Automation Guide

Cesview IIi 1.3 Installation and Automation Guide Cesview IIi 1.3 Installation and Automation Guide Contents: New ser Quick Guide Cesview IIi asic Installation o Additional Server Installation Notes o Additional rowser Only (Client) Installation Notes

More information

ASV Scan Report Attestation of Scan Compliance

ASV Scan Report Attestation of Scan Compliance ASV Scan Report Attestation of Scan Compliance Scan Customer Information Company: David S. Marcus, Ph. D Approved Scanning Vendor Information Company: ComplyGuard Networks Contact: Contact: Support Tel:

More information

The software can be downloaded from the Spiceworks web site at: http://www.spiceworks.com.

The software can be downloaded from the Spiceworks web site at: http://www.spiceworks.com. Spiceworks 2.0 Review One of the biggest headaches a network or system administrator faces is managing all of the equipment, software and services their network provides. From servers to workstations,

More information

STATE OF ARIZONA Department of Revenue

STATE OF ARIZONA Department of Revenue STATE OF ARIZONA Department of Revenue Douglas A. Ducey Governor September 25, 2015 David Raber Director Debra K. Davenport, CPA Auditor General Office of the Auditor General 2910 North 44 th Street, Suite

More information

Attach receipt options:

Attach receipt options: Attaching Receipts and Receipt Store There are a few ways to attach receipts to an expense report. You will only need to choose one of the following options when attaching receipts. You can add receipts

More information

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Intro to QualysGuard IT Compliance SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Intro to QualysGuard IT Compliance SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe QualysGuard ICT Security Management Integrated Suite of ICT Security

More information