Hi ,
I would like to suggest u and its good to have it . AWS GuardDuty
GuardDuty is a intelligent threat detection service. It analyzes billions of events across your AWS accounts from AWS CloudTrail (AWS user and API activity in your accounts), Amazon VPC Flow Logs (network traffic data), and DNS Logs (name query patterns).
we are using in daily basis and we are getting notification on real time.. hope this can help u
Regards
------------------------------
Joaquin Martinez Hernandez
------------------------------
Original Message:
Sent: Thu July 02, 2020 09:22 AM
From: Richard Gingras
Subject: Qradar QVM
That would be a fair assumption
------------------------------
Richard Gingras
QRadar SME
IBM Security
Cambridge MA
Original Message:
Sent: Thu July 02, 2020 02:04 AM
From: Jojo Abraham
Subject: Qradar QVM
Ok, that means perhaps we require Managed host as scanners on each subnet right ?
Original Message:
Sent: 7/1/2020 3:38:00 PM
From: Richard Gingras
Subject: RE: Qradar QVM
Spin up an qvm image in the subnet. You prob have to open some backend ports for reporting back.
------------------------------
Richard Gingras
QRadar SME
IBM Security
Cambridge MA
Original Message:
Sent: Wed July 01, 2020 12:53 PM
From: Jojo Abraham
Subject: Qradar QVM
Hi Richard
Yes, my deployment is All in one console and it is on premise. Our requirement is to have a period "Internal" vul scan on different vpc instances
What is the feasible solution
Thanks and Regards
Jojo Abraham
Original Message:
Sent: 7/1/2020 10:05:00 AM
From: Richard Gingras
Subject: RE: Qradar QVM
QRADAR QVM allows for internal (you do that with QVM tool) and external scans (that you schedule). I am not sure if you need AWS to OK an internal scan or not? (it might be detected as potential threat) You can do an external or discovery scan would be my recommendation. Is your deployment of QRadar an All In One instance or Distributed?
------------------------------
Richard Gingras
QRadar SME
IBM Security
Cambridge MA
Original Message:
Sent: Tue June 30, 2020 08:02 AM
From: Jojo Abraham
Subject: Qradar QVM
Hi All,
I would like to know that how can I do a vulnerability scanning on AWS instances from existing on prem quradar (All in one VM appliance) infra.
if not possible then what could be the alternative better solution
Thanks and Regards
Jojo
------------------------------
Jojo Abraham
------------------------------