Compliancelowexperimental

Host Without Firewall

Host Without Firewall. Alert means not complied. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management.

Convert In Phoenix Studio

Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.

Launch

Alexandr Yampolskyi, SOC PrimeCreated Tue Mar 19Updated Sat Nov 016b2066c8-3dc7-4db7-9db0-6cc1d7b0dde9product

Log Source

qualys

Productqualys← raw: qualys

Detection Logic

detection:
    selection:
        event.category: 'Security Policy'
        host.scan.vuln_name|contains: 'Firewall Product Not Detected'
    condition: selection

References

Resolving title…

cisecurity.org

Resolving title…

pcisecuritystandards.org

Resolving title…

nvlpubs.nist.gov

Rule Metadata

Rule ID

6b2066c8-3dc7-4db7-9db0-6cc1d7b0dde9

Status

experimental

Level

low

Type

Compliance

Created

Tue Mar 19

Modified

Sat Nov 01

Author

Alexandr Yampolskyi, SOC Prime

Path

rules-compliance/product/qualys/qualys_host_without_firewall.yml

View on GitHub