Qualys Scanner Appliance Parser¶
About¶
Qualys Virtual Scanner Appliance is packaged and qualified for deployment on a variety of virtualization and cloud platforms. The appliance scans local systems, processes the resulting data, and then sends the processed data back to the Qualys Cloud Platform.
Product Details¶
Vendor URL: Qualys Scanner
Product Type: SIEM
Product Tier: Tier III
Integration Method: Custom
Integration URL: Not available
Log Guide: N\A
Parser Details¶
Log Format: Syslog, KV
Expected Normalization Rate: 95%
Data Label: QUALYS_SCAN
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| CAT | additional.fields[category] |
| EVENT | metadata.product_event_type |
| IPV4 | target.ip |
| SCANNER | observer.hostname |
| SLICEID | metadata.product_log_id |
| RANGE | additional.fields[RANGE] |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| all | GENERIC_EVENT |
Log Sample¶
<14>Aug 16 20:14:35 src@localhost app_name[2010]: ML: SLICEID='12345678:90' SCANNER='observer001' CAT='SLICE' EVENT='START'
<
Sample Parsing¶
metadata.product_log_id = "1234568:90"
metadata.event_type = GENERIC_EVENT
metadata.vendor_name = "Qualys"
metadata.product_event_type = "START"
additional.fields["category"] = "SLICE"
observer.hostname = "observer001"