The University I work for has began using Qualys for our Enterprise Vulnerability Scanning and so far it’s been well received. The problem is that every “College/School” maintains their own systems thus we are decentralized, which makes maintaining Reports/Scans/Maps/etc. very difficult.
Because I have not found many posts/articles focused on a decentralized environment I decided I would explain the way we are approaching this. This is all a work in progress – if you have any questions or ideas, please get a hold of me.:)
So our basic process for setting up Qualys goes like this (overview):
- Gather IPs to add to our Qualys subscription (we are only worrying about servers at this time)
- Create Asset Groups (Naming Conventions: CAMPUS DEPT VLAN QUALYSCANNER#)
- Create User that will be the Unit Manager of a Business Unit
- Create Business Unit while creating user
- Assign Asset Group to Business Unit
- Setup a Scheduled Scan
- Have the Unit Manager create scheduled reports based on Global Templates that we’ve create
Again, this is a high level overview but this is our basic process. In future posts I will try to break down Qualys in more detail and how to manage a large diverse group of systems across a decentralized campus.