FireMon Asset Manager
Page tree

Versions Compared

Old Version 3

changes.mady.by.user user-05670

Saved on

compared with

New Version Current

changes.mady.by.user Dong Pak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Lumeta Asset Manager helps your Qualys Enterprise server work better by comparing Qualys-subscribed and Qualys-scanned IPs with LumetaAsset Manager-indexed hosts in the same network space. Qualys receives up-to-the-minute endpoint data from Lumeta Asset Manager at every polling interval, enabling Qualys to saturate a network space with its service, thereby eliminating any and all gaps in coverage and ensuring the comprehensive provision of Qualys Management to Qualys customers.

The Qualys integration also supports LumetaAsset Manager's new Qualys Management dashboard, which provides device details on IPs managed by Qualys, IPs managed by LumetaAsset Manager, and IPs managed by both services. 

Expand
titleTo set up the integration, first configure Qualys in Lumeta:
  1. At your Lumeta Asset Manager Command Center GUI, browse to Settings > Integrations > Other Solutions > Qualys.
    Note:     The Qualys Integration is configured from a Command Center's web interface (GUI) only and not its command-line interface (CLI).
  2. Complete the form as follows:
    1. Toggle the status indicator to On to enable the Qualys integration.
    2. Set the Polling Interval.
      The default value of 24 hours is generally appropriate and can also be adjusted later, if desired.
    3. Enter the name of your Qualys server.
    4. Enter the login credentials to it (i.e., Username and Password).
    5. Set your Auto-Subscribe preference:
      1. Select the Auto-Subscribe option to automatically push LumetaAsset Manager-indexed endpoints to the subscription pool managed by Qualys. This expands Qualys' subscription pool by incorporating LumetaAsset Manager-indexed hosts.
      2. Clear the Auto-Subscribe option to do two things:
        1. Create an asset group on Qualys that represents hosts that are both LumetaAsset Manager-indexed AND Qualys-subscribed, yet are not in the Qualys Scan group.
        2. Push to diff–that is hosts not in the Qualys Scan group yet are represented in BOTH LumetaAsset Manager-indexed and Qualys-subscribed to the Qualys server.
    6. Click Submit to save the configuration.

Once you have done so, LumetaAsset Manager-indexed devices that Qualys doesn't know about are incorporated to Qualys Managed and Subscription management services. At each polling interval, the integration is run and a refresh of endpoint data is pushed to the Qualys server.

...

    1. At every polling interval, Lumeta Asset Manager retrieves a list of Scanned/Managed hosts (yellow) and a list of Subscribed hosts (red) from Qualys. This information populates two tables on Lumeta Asset Manager (i.e., qualys_scanned_ips table and qualys_subscribed_ips table) and ultimately feeds the Qualys Management dashboard on LumetaAsset Manager.

       


      		Legend
      		Blue - LumetaAsset Manager-Indexed IPs
      		Red - Qualys-Subcribed IPs
      		Yellow - Qualys-Scanned/Managed IPs
      		Note: Qualys-Scanned/Managed hosts (yellow) are always a subset of Qualys-Subscribed hosts (red).



      Expand
      titleWant more on how this is accomplished?
      1. At the first polling interval, Lumeta Asset Manager creates an asset group container on the Qualys server called LUMETAAsset Manager_Spectre_DISCOVERED.

      2. Lumeta Asset Manager checks and refreshes the contents of the LUMETA_Spectrethe Lumeta_DISCOVERED asset group at every subsequent polling interval. Note:  This is different from IPsonar, where a new asset group is created each time a report is generated.
         
      3. Lumeta Asset Manager ingests all of the IPs on LUMETA_Spectre Lumeta_DISCOVERED to the qualys_scanned_ips table on LumetaAsset Manager.



      4.  Lumeta Asset Manager ingests all Subscribed IPs from Qualys' server to LumetaAsset Manager's qualys_subscribed_ips table.


  2. Additionally, when an Lumeta Asset Manager user enables Auto-Subscribe (i.e., Settings > Integrations > Qualys > Auto-Subscribe), several events happen:


    1. First, LumetaAsset Manager-Indexed hosts (blue) not present in Qualys' Subscribed list (red) are added to Qualys' Subscribed list (red).


    2. Lumeta Asset Manager then identifies hosts in the Qualys Subscribed list (red) that are not in the Qualys Managed list (yellow) and pushes those to the LUMETAAsset Manager_Spectre_DISCOVERED asset list on Qualys.



  3. When an Lumeta Asset Manager user disables Auto-Subscribe, IPs that are common to both LumetaAsset Manager-Indexed and Qualys-Subscribed but are not in Qualys-Managed are added to LUMETAAsset Manager_Spectre_DISCOVERED.

  4. Widgets on LumetaAsset Manager's Qualys Management dashboard are populated using a combination of IPs indexed by Lumeta Asset Manager and IPs from the qualys_scanned_ips table and the qualys_subscribed_ips table, as follows:

    Widget LabelDescriptionImage
    IPs Unmanaged by Qualys

    IPs indexed by Lumeta Asset Manager yet unmanaged by Qualys

    (aka LumetaAsset Manager-Indexed - Qualys-Subscribed table on LumetaAsset Manager)

    IPs Unmanaged by LumetaAsset ManagerIPs managed by Qualys yet not indexed by LumetaAsset Manager
    (aka Qualys-Scanned/Managed table on Lumeta Asset Manager - LumetaAsset Manager-Indexed)
    Qualys and Lumeta Asset Manager Managed IPsIPs both indexed by Lumeta Asset Manager and in Qualys managed list
    (aka Intersection of LumetaAsset Manager-Indexed and Qualys-Scanned/Managed table on LumetaAsset Manager)