Qualys meets VMware ESXi

Discussion created by justin.lute on Apr 16, 2012
Latest reply on Apr 17, 2012 by justin.lute

I would like to draw your attention to six QIDs which we published between April 9th and April 12th:


216002     VMWare ESXi 5.0.0 Update 1 Missing (KB2010823)

216003     VMWare ESXi 5.0.0 Patch Release ESXi500-201112001 Missing (KB2007680)

216004     VMWare ESXi 4.1.0 Patch Release ESXi410-201201001 Missing (KB2009137)

216005     VMWare ESXi 4.0.0 Patch Release ESXi400-201203001 Missing (KB2011768) 

216006     VMWare ESXi 4.1.0 Patch ESXi410-Update02 Missing (KB2002338)

216007     VMWare ESXi 4.1.0 Patch Release ESXi410-201104001 Missing (KB1035111)


These represent the beginning of QualysGuard Vulnerability Management coverage for the VMware vSphere ESXi operating system, as well as the beginning of QualysGuard interactions with the vSphere Web Services SDK (SOAP) API, generally.


The checks for this batch of QIDs are executed via unauthenticated remote discovery against the vSphere Web Services SDK (SOAP) API on port 443, and they are made possible by the SOAP client module which we initially embedded into the QualysGuard scanners in February.  Unauthenticated, remote discovery is sufficient for authoritatively pulling the ESXi build number from the vSphere API, and knowing the build number is sufficient for execution of a vulnerability check against ESXi.


Vulnerability Management checks against the other vSphere components (ESX, vCenter); Policy Compliance checks against vSphere components, and more involved integration work with the vSphere API will require authentication.  This work is well underway, and you can expect to see a new authentication module in support of the vSphere SOAP API in the QualysGuard platform soon.