[meta] Qualys VMDR: Enhancement to leverage cloud workflows

[kcreddy]

As part of effort to support Cloud Security features with the data from these 3rd party integrations, the vulnerabilities findings data from Qualys VMDR should be enriched.

The vulnerability data resides in 2 datastreams in Qualys VMDR integration.

1. Asset Host Detection: Provides some vulnerability information for hosts in users’s account.
2. Knowledge Base: Provides detailed vulnerability data from the Qualys KnowledgeBase. Doesn’t associate with any user’s resources.

We will need both datastreams and use it to enrich vulnerability findings workflow, as Asset Host Detection is missing CVE and description which would be important to stitch in the vulnerability findings coming from Qualys. The integration should be performing the join as it queries the data. For example, as it queries the assets, it could fetch the related knowledge base entries related by the QID field.

Tasks:

• [x] Create Qualys user with access to asset host detections and knowledge base: https://github.com/elastic/infosec/issues/19399
• [x] Setup Qualys Asset(s) to use with the asset host detections API.
• [x] Setup Asset Host Detection data in demo environment.
• [ ] Analyse and get clarifications on mapping changes with Cloud team.
• [ ] Implement mapping changes and transform.

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[kcreddy]

Update: With @clement-fouque's assistance 🏅 , the asset is now available with vulnerability data. Also got access to the relevant API for fetching the asset vulnerability data.