nexus/knowledgebase/csd-wiki/ICSD/Process-on-how-to-handle-Security-Issues-found-by-Qualys-Scan_688996390.md

Process-on-how-to-handle-Security-Issues-found-by-Qualys-Scan_688996390

Introduction

This document describes the detailed process for filtering, reviewing, and addressing security issues found in Cloud Application production environments through the Qualys Security Scanning Tool. This document focuses on explaining the process and does not address specific remediation scenarios.

Process Summary

Filtering

Currently we regularly aggregate and categorize Qualys Scan data for all currently covered AWS Accounts in the form of Power BI reporting.

ITOM Qualys Scan Summary Report: Link

The purpose of Flitering is mainly to triage all the scanned problems in order to specify a reasonable fix and plan. The main points that will be categorized and managed are as follows:

• Severity Level: Description of Severity Level
• Types of problems: Usually Qualys scanning will mainly find some problems at OS level and give appropriate references for patching and fixing them. We need to categorize the problems so that we can assign an appropriate batch fix plan to them to get more results with less effort.

For exmaple: in the figure below, based on severity and the type of problem, we fliter out that the version of K8S (Kubernates) in some Linux servers in a given AWS account is old and approaching the end of life, and that we need to specify a plan to upgrade the version of K8S in order to achieve a more secure operating environment.

Reviewing

Review work currently needs to be done by the ITOM CSD Security virtual team. The main workflow is:

1. Export the report from the first step of the filter to determine the scope of the review.
2. Discussing and reviewing certain types of issues, agreeing on fixes, and documenting them in writing in the exported file.
3. According to the urgency of the problem, the degree of difficulty of repair to develop a reasonable repair plan. In particular, discuss whether a specific maintenance window is required, whether there will be any downtime to Cloud Applicaiton during the remediation process, and the extent of the impact on the customer.

The review owner need to add relevant fields in export datasheet to describe detail review result:

• Fix Solution - Short describe the solution to fix this issue
• Fix Change ID - This will link to the relevant change request for fixing the problem.
• Status - The review owner should responsible to update status. If Cloud Ops implement relevant change, need to update the status as "Done" to close the loop.

Fixing

The output of the review is converted into various forms of change requests, such as upgrading the K8S version, updating the windows server patch, updating the CCOE AMI version, etc. Depending on the environment, the Cloud Ops team will define different change requests to track. To ensure that all the issues can be solved effectively.

Related pages

• Page: ESM Cloud Farm Version Tracking
• Page: How to get an Opentext Confluence account
• Page: ITOM APM AppPluse Cloud Farm Information
• Page: ITOM Cloud Service Ops Doc Management Process
• Page: ITOM ESM Cloud Service Catalog
• Page: ITOM OpsB NOM Cloud Service Catalog
• Page: OpsB and NOM Cloud Deployments Version Tracking