I was giving the responsibility of a Qualys WAS. There are around 30 sites I need to monthly scan, and check alerts. I need to automate all this process so I’m thinking on this
Create a script or application that could easily schedule and start the scan of the sites
The same app will also pull the reports from Qualys WAS
Now it comes to the issue:
I need to report on the issues found. And have those reports where they could be accessible for compliance reasons.
What do experts do about this?
Is the best option to create an application that pulls the issues found from Qualys and later, presents them in a system or DB, with a web interface easy to be validated and share with people who need to access that info?
Do you think that having 30 sites, scanned monthly, validating issues found, and doing some other administrative stuff to keep this part working as perfect as possible, do you think just one skilled engineer is enough 100% on this? Or do you think I will need to ask for more people?