Can you please help benefits of integrating ArcSight with Qualys logs.
This would be better handled by your SIEM vendor but there can be a million use cases when you can correlate the past events from cross platform log and event sources with what was vulnerable on that host. A good starting point would be your ArcSight smart connector guide.
We are continuously fetching the Qualys logs via the Qualys API and we are feeding them into ArcSight. Main reason for this is to be able to control the activities ongoing in Qualys and to identify any unusual activities. We get triggered for examples if large amount of IP's get removed within a certain time, if users lock themselves out, if a user is created (to check if this past the official process), etc... I'd say it's very usefull to monitor activities in Qualys in ArcSight, because oft he sensitive data existing in Qualys regarding your IT landscape.
Retrieving data ...