How to create Unit Managers in Qualys for Remediation Management
January 26, 2015Background: In order to remediate vulnerabilities found, all assets must have an identified asset owner who will work to either fix the vulnerabilities or route the issue to someone who will. Persons who will remediate assets are called “Unit Managers.” This document outlines how to setup an individual as a Unit Manager. Only Qualys Administrators will be able to perform this setup function.
InfoSec Policy: All external assets that are internet facing, and therefore at a higher risk, must be scanned on a weekly basis. All internal assets that are not exposed to the Internet must be scanned on a monthly basis.
Steps:
Identify Assets, and group into asset groups. Note that there should be separate groups for internal and external facing assets since the scanning schedule. Admins should already be familiar with creating asset groups.
Create or Promote user to Unit Manager Role.
Assign Asset group to Business Unit, or create new Business Unit using the New Business Unit button. Name the Business Unit to include the Unit Manager’s name and the geographic region or asset type, such as US-Eastern or UnixOps, etc. Then assign the asset groups to the Business Unit.
Create a standard Remediation Policy for the Business Unit. Under Tools in the Navigation Pane, click on Remediation Policy and then select New and choose Rule. Name it after the geographic region or asset type. Add the asset groups. Ensure that all levels 4 and 5, including potential vulnerabilities are checked. Assign the remediation to the Unit Manager. Set the deadline for remediation as 14 days (standard).
Schedule the Scan. Admins should be familiar with scheduling scans. Remember to schedule scans for external assets on a weekly basis, typically on Fridays after business hours on the West Coast. 23:00 hrs PST works fine. Schedule the internal assets to be scanned on a monthly basis, typically earlier in the month, or at a negotiated time that is best for the Unit Manager.
Review the Open Tickets. After the first scan completes, ensure that the Unit Manager received his automated alert about his asset groups being scanned. If so, schedule a meeting to review his scan results, review open tickets and answer any questions he may have about the remediation process. Be sure he knows how to close, ignore or route tickets and to reference Remedy ticket numbers in the comment field.