compliances , security

QualysGuard Assigning Asset Owners

April 8, 2015

All assets must have an owner assigned that is responsible for remediating any vulnerabilities found on the system. In most cases, the owner information is tracked by IPControl.

To assign asset owners, click on the Host Assets button in the Tools Pane on the left of the QualysGuard application. Each of the assets can be edited to assign an owner. See the screenshot below:

Clicking on the edit icon will bring up the next screen:

You could also add a location tag and a function tag. There is room for comments as well for special instructions or escalation phone list or other information.

Standard Remediation Policy

The default remediation policy is to open a ticket for all level 4 and 5 vulnerabilities detected. Additional policies can be created for business units that want more granularity. The remediation policy can be viewed by clicking on Remediation Policy under the tools section.

Update Qualys Asset Groups

You may wish to group assets that are all owned by a single user into a single asset group. You can use the asset search function to look for assets by IP address. Clicking on the checkboxes and selecting add to asset group in the dropdown list will allow you to create a new asset group or add the hosts to an existing group.

Business Units

It is advisable to organize remediation teams into business units. A business unit can be a group of IT persons grouped together by region, such as APAC, or by function, such as UnixOps. To create a business unit, click the item under the tools pane and you can edit an existing business unit or create a new one.

You can add assets to the business unit and also assign users to the business unit. The advantage of using business units is that Business Unit managers can manage their own scans and remediation efforts.

Account Management

New Users will need to be added to Qualys as they are identified as asset owners so they will need to be given guidelines on how to handle tickets assigned to them. Be sure to setup these users with the option to be notified daily of tickets in their QualysGuard queue.

Also make sure you assign the new users just those asset groups that belong to them.

Typical End User Workflow:

A user will receive an email from QualysGuard stating that a vulnerability has been found on an asset assigned to him.

User will login to Qualys to review vulnerability. If the vulnerability is actionable, he can create a ticket. If it is a false positive, he can close the ticket with an explanation.

If a ticket is created, he should create a corresponding Remedy Ticket to track his time working on the remediation. The remedy ticket should contain the Qualys ticket number and the Qualys ticket should contain the corresponding Remedy ticket.

If ticket must be reassigned, it can be routed within Qualys.

When the remediation is completed, the ticket should be closed, along with the Remedy ticket.