RSA Admin

Correlating between Qualys data with other sources of log data ?

Discussion created by RSA Admin Employee on Oct 15, 2007
Latest reply on Jun 24, 2009 by RSA Admin
Back in the earlier part of this year, we were told we'd have the ability to correlate events from IDS (specifically, ISS), AV (ePO) and FW's together with vulnerability data from Qualys.  I see we can now import Qualys data in real-time, but it doesn't yet appear we're able to correlate the data together from all of these devices (or any, really).  Am I missing something?  Has anyone heard of upcoming support for Qualys data to be incorporated?  I'm not sure I'm finding enVision 3.5.1 is able to do anything w/the data from Qualys once it gets it - and I'm confused by this.
We're looking for a SIEM tool, and were hoping enVision might one day be one (today?) such tool we could consider... it'd certainly be a lot cheaper than bringing in someone else (since we already own an instance of enVision).