by eric perraudeau, product manager advanced reporting using api and report frameworks san...
TRANSCRIPT
by Eric Perraudeau, Product Manager
Advanced reporting using API and Report frameworks
San Francisco, CA March 22 nd 2010
Agenda
Manual Data vs Automatic Data
Qualys API frameworks
Reporting
Q&A
C O M P A N Y C O N F I D E N T I A L
2
C O N F I D E N T I A L
3
Manual Data vs Automatic Data
Scan 1Result 1
Option Profile 1Result 1
Scan 2Result 2
Option Profile 2Result 2
Scan 3Result 3
Option Profile 3Result 3
Scan nResult n
Option Profile nResult n
Manual Data World
Auto Data World
Report Templates
Reports
Normalize
DatabaseStored in report center for
7 days+
Encrypted PDF distribution lists
C O M P A N Y C O N F I D E N T I A L
4
API frameworks
Two API frameworks: V1 – legacy V2 introduced better scalability and two authentication schemes
(session based and basic)
V2 api allow to pull automatic data in XML for external usage. Ex: import in a local database
Documentation: API user guide available through resources section in the UI. Quick reference guide will be available soon.
C O M P A N Y C O N F I D E N T I A L
5
API: leverage auto vuln data
First option: full download every time Second option: 2 steps process to enhance scalability
1st : initial import. Get all the vuln data 2nd : on a regular basis, download only what changed.
Define a report template in UI and get the template ID Use trend and analysis for a given period (1 day, 1 week, 1 month) Use filter capabilities to get what you need. Recommended filter: all vulnerabilities with status NEW – FIXED –
REOPEN; Ignore ACTIVE Use API v2 to run execute the report on the Qualys’ report servers. USE
SAME FREQUENCY THAN THE PERIOD DEFINED IN THE REPORT TEMPLATE.
Targets of the report template (Asset groups or IP ranges) can be overridden at execution time one template for many usage
C O M P A N Y C O N F I D E N T I A L
6
Reporting
Using a database populated with CSV or XML results pulled from QualysGuard using API v2 for automatic vulnerability data
Usage of a reporting framework. First suggestion: zoho report from zoho.com
http://reports.zoho.com/login/login.jsp Business intelligence in your browser
Second suggestion: BIRT plugin for Eclipse http://www.eclipse.org/birt/phoenix/ “BIRT is an open source Eclipse-based reporting system that
integrates with your Java/J2EE application to produce compelling reports.” require a Java/J2EE environment.
C O M P A N Y C O N F I D E N T I A L
8
Going forward
Define a DB structure for vuln including status (new – active – fixed – reopened)
Define a DB structure for the assets – asset groups