Customers can now access Qualys vulnerability findings in the Google Cloud Security Command Center (SCC). This will help them prioritize risks and automate remediation using native services such as Google Cloud Functions.
Google Cloud Security Command Center provides users with a comprehensive view of their high-priority security alerts and compliance status across their Google cloud projects. By natively integrating findings from Qualys Vulnerability Management with Google Cloud SCC, customers will get real-time, up-to-date visibility into their security, directly in the GCP console. These findings gained by the correlation of Qualys information with other data in Google Cloud SCC, allow customers to quickly detect risks in their GCP environments and take rapid, automated remedial actions.
- User should have active Qualys subscription. If you do not have active Qualys subscription, contact Support or sign up on Qualys website.
- Ensure that you have ‘Vulnerability Management’ & 'Cloud Agent' module available and enabled in your subscription.
- Cloud Agents should be installed on GCP instances.
- Google Cloud SCC must be enabled for your Google Organization. Refer to Quickstart for Cloud SCC for more information.
Qualys Security Solutions Integration with Google Cloud SCC (Security Command Center)
Currently, the integration supports Qualys Vulnerability Management (VM) data. Vulnerabilities that are active and with severity 3, 4 & 5 and detected via the Qualys Cloud Agents installed on the GCP instances, are sent to Google Cloud SCC as 'findings'.
How to get started
Users can configure Qualys Cloud Platform to send vulnerability findings for those instances which have cloud agent installed on them. To connect to Google Cloud SCC, Qualys will be using Service Account based authentication.
The end to end Integration of Qualys Security Solution with Google Cloud SCC follows a two step process.
- Add Qualys Security for Cloud SCC solution in Google Cloud SCC.
- Configuration within Qualys Cloud Platform
- Add 'Qualys Cloud Security for SCC' Solution in Security Command Center
Following are the steps that needs to be performed in GCP console to Add Qualys Cloud Security for SCC:
1. Navigate to Security Command Center dashboard.
2. Select your Project and Organization. Then, click 'SELECT' to proceed.
3. Click on "Add Security Sources".
4. Click on "Visit Qualys Site to Sign Up".
5. Once user clicks the Sign-up link, a new tab opens. Select the Google organization from the dropdown and click SELECT. This will take you to a “Create Service Account & Enable Qualys Cloud Security for CSCC” page.
6. Select Google Project. By Default, “Create a new service account” will be selected. Qualys recommends using a separate service account for integration. Specify “Service account name” & “Service account ID” and click “Submit”.
7. A Source ID will be created. Note down the "Source ID". This is required when you setup this integration in Qualys Platform.
8. Locate the service account created by navigating to IAM >> Service accounts.
9. Locate the service account created in step 6. Select “Create key” option within Actions menu. Select Key Type as “JSON” and click Create. The JSON file is automatically downloaded.
10. Keep Service Account JSON Key file handy to pass file contents as input to Qualys REST APIs to enable Integration with Qualys Cloud Platform.
II. Configuration within Qualys Cloud Platform
The REST APIs will be available for setting up the configuration within the Qualys Cloud Platform.
The list of REST APIs are as provided
- Add Integration: Qualys API to configure the integration by providing the Service Account JSON, Source ID & Project ID.
- Update Integration: Qualys API to update Project Ids and Enable/Disable Status.
Sample API URL: https://qualysapi.qualys.in/qps/rest/2.0/update/integration/googlecscc/<id>
- List Integration: Qualys API to list out all Integrations or specific Integration associated with a specific Id.
Sample API URL: https://qualysapi.qualys.in/qps/rest/2.0/get/integration/googlecscc OR /qps/rest/2.0/get/integration/googlecscc/<id>
- Delete Integration: Qualys API to Delete/Remove the Integration with Qualys.
Sample API URL: https://qualysapi.qualys.in/qps/rest/2.0/delete/integration/googlecscc/<id>
Please refer the User guide attached for more details.
View Findings in Google Cloud SCC
Within Google Cloud SCC, the findings from Qualys are grouped into a Findings summary card under the source "Qualys Cloud Security for SCC". Users can view the individual finding from a list of findings or can further click on specific finding to view details.
User can, even check instance level findings by clicking on ASSETS >> Asset type >> compute.Instance. Then click on instance from list of instances available to view instance level findings.
To optimize the search, users can filter findings based on attributes and properties of findings.
1. Which of the Qualys products are integrated with Google CSCC?
2. Is there a licensing cost associated with this?
There are no additional costs for Qualys to send these findings to Google Cloud SCC. However, Google Cloud SCC might have charges for findings. Refer to Google CSCC pricing for its pricing details.
3. Whom do I contact if there are issues with the data seen in Google Cloud SCC?
For data issues or configuration issues within Qualys, please contact the Qualys Support.
4. What is the Limit for findings to be sent to Google Cloud SCC?
Please refer to the usage per-organization usage Quotas.