FortiSIEM Configuring Vulnerability Scanners

Leave a reply

Configuring Vulnerability Scanners

AccelOps supports these vulnerability scanners for discovery and monitoring.

McAfee Foundstone Vulnerability Scanner Configuration

Nessus Vulnerability Scanner Configuration

Qualys Vulnerability Scanner Configuration

Rapid7 NeXpose Vulnerability Scanner Configuration

McAfee Foundstone Vulnerability Scanner Configuration
What is Discovered and Monitored
Protocol Metrics collected Used for
JDBC (SQL

Server)

 Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity,

Vulerability CVE Id, Vulnerability Score, Vulnerability Consequence

 Security

Monitoring

Event Types

In CMDB > Event Types, search for “foundstone” in the Description column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined rules for this device.

Configuration

JDBC

AccelOps connects to the faultline database in the McAfee vulnerability scanner to collect metrics. This is a SQL Server database, so you will need to have set up access credentials for the database over JDBC to set up access credentials in AccelOps and initiate discovery. Settings for Access Credentials

 

 

Nessus Vulnerability Scanner Configuration
What is Discovered and Monitored
Protocol Metrics collected Used for
Nessus

API

 Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity,

Vulerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence

 Security

Monitoring

Event Types

In CMDB > Event Types, search for “nessus” in the Description and Device Type column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

In Analytics > Reports, search for “nessus” in the Description column to see the reports associated with this device.

Configuration

Nessus API

Create a user name and password that AccelOps can use as access credentials for the API. Make sure the user has permissions to view the scan report files on the Nessus device. You can check if your user has the right permissions by running a scan report as that user.

You can now configure AccelOps to communicate with your device by following the instructions in Setting Access Credentials for Device Discovery, and then initiate discovery of the device as described in the topics in Discovering Infrastructure.

Settings for Access Credentials
Qualys Vulnerability Scanner Configuration
What is Discovered and Monitored
Protocol Metrics collected Used for
Qualys

API

 Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulerability CVE Id and Bugtraq Id, Vulnerability Consequence Security

Monitoring

Event Types

In CMDB > Event Types, search for “qualys” in the Device Type column to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

In Analytics > Reports, search for “qualys” in the Description column to see the reports associated with this device.

Configuration

Qualys API

Create a user name and password that AccelOps can use as access credentials for the API.

You can now configure AccelOps to communicate with your device by following the instructions in Setting Access Credentials for Device Discovery, and then initiate discovery of the device as described in the topics in Discovering Infrastructure.

Settings for Access Credentials
Rapid7 NeXpose Vulnerability Scanner Configuration
What is Discovered and Monitored
Protocol Metrics collected Used for
Rapid7

Nexpose

API

 Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity,

Vulerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence

 Security

Monitoring

Event Types

In CMDB > Event Types, search for “rapid7” in the Description and Device Type columns to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

Rapid7 NeXpose API

  1. Log into the device manger for your vulnerability scanner with administrative credentials.
  2. Go to Administration > General > User Configuration, and create a user that AccelOps can use to access the device.
  3. Go to Reports > General > Report Configuration.
  4. Create a report with the Report format set to Simple XM

AccelOps can only pull reports in this format.

Settings for Access Credentials
This entry was posted in Administration Guides, FortiSIEM on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.