rules-compliance/product/qualys/qualys_host_without_firewall.yml

title: Host Without Firewall
id: 6b2066c8-3dc7-4db7-9db0-6cc1d7b0dde9
status: experimental
description: Host Without Firewall. Alert means not complied. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management.
references:
    - https://www.cisecurity.org/controls/cis-controls-list/
    - https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
    - https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
author: Alexandr Yampolskyi, SOC Prime
date: 2019-03-19
modified: 2025-11-01
# tags:
    # - CSC9
    # - CSC9.4
    # - NIST CSF 1.1 PR.AC-5
    # - NIST CSF 1.1 PR.AC-6
    # - NIST CSF 1.1 PR.AC-7
    # - NIST CSF 1.1 DE.AE-1
    # - ISO 27002-2013 A.9.1.2
    # - ISO 27002-2013 A.13.2.1
    # - ISO 27002-2013 A.13.2.2
    # - ISO 27002-2013 A.14.1.2
    # - PCI DSS 3.2 1.4
logsource:
    product: qualys
detection:
    selection:
        event.category: 'Security Policy'
        host.scan.vuln_name|contains: 'Firewall Product Not Detected'
    condition: selection
level: low
compliance rules by SOC prime 2019-08-05 19:42:19 +03:00			`title: Host Without Firewall`
Added UUIDs to rules 2019-11-12 23:12:27 +01:00			`id: 6b2066c8-3dc7-4db7-9db0-6cc1d7b0dde9`
Merge PR #5738 from @nasbench - rename folders and update readme 2025-11-03 11:35:44 +02:00			`status: experimental`
Added level 2019-08-05 19:51:22 +02:00			`description: Host Without Firewall. Alert means not complied. Sigma for Qualys vulnerability scanner. Scan type - Vulnerability Management.`
compliance rules by SOC prime 2019-08-05 19:42:19 +03:00			`references:`
Added UUIDs to rules 2019-11-12 23:12:27 +01:00			`- https://www.cisecurity.org/controls/cis-controls-list/`
			`- https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf`
			`- https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf`
$frack113$ Order yaml field 2022-10-25 08:53:44 +02:00			`author: Alexandr Yampolskyi, SOC Prime`
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes 2024-08-12 12:02:50 +02:00			`date: 2019-03-19`
Merge PR #5738 from @nasbench - rename folders and update readme 2025-11-03 11:35:44 +02:00			`modified: 2025-11-01`
$frack113$ Fix invalid tags 2021-08-25 09:15:57 +02:00			`# tags:`
			`# - CSC9`
			`# - CSC9.4`
			`# - NIST CSF 1.1 PR.AC-5`
			`# - NIST CSF 1.1 PR.AC-6`
			`# - NIST CSF 1.1 PR.AC-7`
			`# - NIST CSF 1.1 DE.AE-1`
			`# - ISO 27002-2013 A.9.1.2`
			`# - ISO 27002-2013 A.13.2.1`
			`# - ISO 27002-2013 A.13.2.2`
			`# - ISO 27002-2013 A.14.1.2`
			`# - PCI DSS 3.2 1.4`
$frack113$ Order yaml field 2022-10-25 08:53:44 +02:00			`logsource:`
			`product: qualys`
			`detection:`
			`selection:`
			`event.category: 'Security Policy'`
			`host.scan.vuln_name\|contains: 'Firewall Product Not Detected'`
			`condition: selection`
			`level: low`