May 21 2020 05:26 PM
There seems to be a dearth of info on this topic (or I'm just not searching correctly)
We have a customer who has Splunk and wants to do a parallel PoC of Sentinel.
One use case they called out was:
... how would this be achieved in Sentinel?
I can see there is Qualys integration with ASC but not finding much about Qualys with Sentinel
May 22 2020 03:37 AM
@Col_Sanders For raw data, see the following for an example of what exists from the ASC connector for Azure Sentinel:
SecurityAlert
| where ProviderName contains "asc" and ExtendedProperties contains "qualys"
| project RemediationSteps
For a Workbook for Qualys, see: https://github.com/Azure/Azure-Security-Center/tree/master/Workbooks/ASCQualysDashboard
May 22 2020 10:32 AM
Also Qualys in these Sentinel workbooks (with some correlation logic to Sentinel)
https://techcommunity.microsoft.com/t5/azure-sentinel/compliance-reporting-for-azure/ba-p/1259574
Sep 01 2020 10:06 AM
I was working today to integrate Qualys with Sentinel with the Data connector available on Sentinel. When i execute the function i get the below error. I deployed the function as is as mentioned in the documentation.
Nov 04 2020 08:13 AM
I was getting that same error and finally traced it down to having ":443" with the URI. So I took that out, and no longer get that error. Instead, now I get HTTP 404 Page Not Found. WTH. This is the URL provided by Qualys: https://qualysapi.qg3.apps.qualys.com/api/2.0/fo
Anyone actually get this to work?