Topic
3 replies Latest Post - ‏2013-11-15T00:00:11Z by gkraft
SystemAdmin
SystemAdmin
144 Posts
ACCEPTED ANSWER

Pinned topic McAfee Vulnerability Manager - XML Results Import

‏2013-01-02T18:09:56Z |
I'd like to configure the new VIS module for McAfee Vulnerability Manager to import scan results from our environment.

We are using MVM on a hardened Windows appliance that we ordered from McAfee. Does QRadar support importing from MVM running on Windows?

I can locate the scan result XML files but they are contained in ZIP files that MVM creates. Can QRadar process these? Since it is a Windows box, how do I specify the path? The files are in the directory D:\Foundstone\Reports.

/Kevin-------Posted BY Kevin Mazzone
Updated on 2013-01-02T21:09:59Z at 2013-01-02T21:09:59Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    144 Posts
    ACCEPTED ANSWER

    Re: Hi Kevin, The VIS Module for

    ‏2013-01-02T19:54:51Z  in response to SystemAdmin
    Hi Kevin,

    The VIS Module for McAfee Vulnerability Manager queries the McAfee Foundstone Enterprise engine using the FoundScan OpenAPI, to import the scan results.

    This query is performed using the SOAP protocol over a web URL and SOAP port. Therefore as long as the VIS module can access this API, it doesn't matter what OS MVM is running on.

    QRadar doesn't access / pull files from disk on the MVM host. Instead it makes an API call and gets results returned by MVM. Therefore it does not need to handle the ZIP files on disk.

    Vinay
    Posted By Vinay Sukumar
  • SystemAdmin
    SystemAdmin
    144 Posts
    ACCEPTED ANSWER

    Re: What about the new VIS module

    ‏2013-01-02T21:09:59Z  in response to SystemAdmin
    What about the new VIS module released the other day? I thought that was supposed to allow "customers the option of importing vulnerability data using an XML vulnerability import or using the Open API."

    Here is the thread: https://qmmunity.q1labs.com/node/1426.

    /Kevin
    Posted By Kevin Mazzone
  • gkraft
    gkraft
    1 Post
    ACCEPTED ANSWER

    Re: McAfee Vulnerability Manager - XML Results Import

    ‏2013-11-15T00:00:11Z  in response to SystemAdmin

    Any additional response on this?  We are trying to do the same thing but the integration is not working correctly.  When we provide the appropriate credentials and try the initiate a pull it fails to initialize the factory.  Has anyone gotten this to work correctly?