Overview of Qualys Risk service / MROC related material

Qualys service & setup

Qualys Service operation to-do list generic: https://secops.cybertechservices.dk/a/solutions/articles/54000073733

Qualys Service tasks to keep modules working as intended: https://secops.cybertechservices.dk/a/solutions/articles/54000073735
Qualys Subscription and health checks, work-in-progress: https://secops.cybertechservices.dk/a/solutions/articles/54000073745

The full CTS Qualys management guide: Word document
Qualys own playbooks / integrations guides: Sharepoint folder

The automatic Asset Criticality assignment project Fresh ticket

The ready to use Dashboards and support. Sharepoint folder

The Onboarding slides to be used for first talk and setting KPI meeting. Sharepoint folder

Pricing

Qualys' special pricing for CTS service clients only. These prices cannot be shared with clients, they have to be embedded into a service price for the client. Qualys Service price calculator
(for the CTS service pricing: the price is fixed no matter of the size of license. Normal Qualys price per asset is hard declining with number of assets. And they also offer extra discount for 3 years agreements. This means that our price is extremly good for small setup with below 200 assets and still rather competitive up to around 4000 assets. Above that our price might close to standard and we might want to check if its better to buy at the normal Qualys pricing, from where we get 25-35% reseller discount)

Qualys Service descriptions

External Attack Surface management initial document around the service: Word document and a previous version of a to-do lists and another Word document from previously
The list of tasks we do in our service + RACI Qualys mROC service

The original list of services in CTS is here. This is more for inspiration than anything else now. Spreadsheet, service list

Qualys Sales presentations

External attack Surface Management Service: Powerpoint

Pension Danmark, proposal for MROC. This might be the best sales presentation for the service we have so far: Powerpoint
Threat service - this is more like a concept in how to build and measure security from the "right" security threat landscape. Identify threat landscape->Threat actors->techniques and measure/report. Powerpoint

Qualys own datasheets: Sharepoint folder
Qualys sales playbooks from their partner site: Sharepoint folder

Qualys Datasheets from their partner sites: Sharepoint folder

Qualys sales presentations from their partner site: Sharepoint folder

Qualys / Risk Service / MROC area development plan

Qualys MROC

Reporting

What to consider when defining KPI within tech risk / vulnerability management: https://secops.cybertechservices.dk/a/solutions/articles/54000071030
Ideas for KPI's for reporting - everyone could/should contribute with more: https://secops.cybertechservices.dk/a/solutions/articles/54000071031
Vulnerability Management, hardening and risk, KPI/SLA for what is the level a organisation should aim for (this one with NNIT Focus): https://secops.cybertechservices.dk/a/solutions/articles/54000073496

Other organisation/standard bodies proposed procedures/KPI etc. for Vulnerability management + asset management: https://secops.cybertechservices.dk/a/solutions/articles/54000071063

The ready to use Dashboards and support. Sharepoint folder
Threat technique & Mitigation assessment based on MITRE export and further analysis in Excel. Made for NNIT. Spreadsheet here

Qualys E-learning material

Most of the training material from the Qualys e-learning: Sharepoint folder

Qualys training portal, create an user yourself free of charge and take learning and certification: https://www.qualys.com/training/

Qualys Video material - training and conference talks. Look for the long conference talks - and the newer 8-20 min focussing on specific topic https://vimeo.com/qualys