Sentinel: Running a report to see the Qualys Data that has been loaded into the eSecurity system

  • 3995854
  • 06-Dec-2006
  • 26-Apr-2012

Environment

Microsoft Windows Server 2003 Standard Edition
Microsoft Windows 2000 Server
RedHat Linux
Solaris 9

Situation

How can I run a report to see the Qualys Data that has been loaded into the eSecurity system?

Resolution

There are two ways to view a report on the Vulnerability Data (including data uploaded via a Qualys vulnerability agent). They are:

1) Run one or more of the Crystal Reports found in the following directory on the eSecurity CD-ROM:

For an Oracle Sentinel Database: 3rdparty/reporting/crystal/Oracle/Advisor_Vulnerability

For a MS SQL Server Sentinel Database: 3rdparty\reporting\crystal\ODBC\Advisor_Vulnerability

You can view a sample of the data returned by the reports by looking at the corresponding PDF file in: 3rdparty/reporting/crystal/PDFS/Advisor_Vulnerability

2) You can also view vulnerabilities for that are related to a specific set of events. To do this, highlight a set of events in an Active View or Historical Query Window. Then right-click on the selection and choose "Analysis->Current Vulnerability". A window will popup displaying an HTML report of the vulnerabilities that are on IP's that are affected by the selected events. For Qualys vulnerabilities, the best Template to use will be the QualysVulnResponseHtmlTransformer.


The two suggestions above are ways of viewing vulnerabilities from any vulnerability scanner product. If you have vulnerability data from other vulnerability scanner products in your database and would like to view a report of only the Qualys vulnerability data, then you will need to create a Qualys-specific vulnerability Crystal Report. To create this report, you will need information on the Sentinel vulnerability database schema so you can create the proper SQL queries.