Correlating between Qualys data with other sources of log data ?
The ability to import Qualys data was present on 3.5.1 however it didnt really do anything. Version 3.7 fully supports Qualys as a vulnerability feed which we can use to correlate with attack data from supported Network IDS systems.
The VAM IDS devices supported are Cisco Secure IDS (XML), Enterasys Networks Dragon, ISS RealSecure IDS, Juniper Networks IDP, McAfee Intrushield, TippingPoint UnityOne and SNORT
OK that makes some sense, we only support specific IDS systems for VAM and if one of those isnt selected in the rule then the confidence level option isnt even available.
It appears that this variation on the Cisco IDS is not currently supported for VAM and this will require a product update.
Get this logged with techical support as an enhancment request so it gets into the system and can be tracked and fed back to product managment.