Pinned topic McAfee Vulnerability Manager - XML Results Import
We are using MVM on a hardened Windows appliance that we ordered from McAfee. Does QRadar support importing from MVM running on Windows?
I can locate the scan result XML files but they are contained in ZIP files that MVM creates. Can QRadar process these? Since it is a Windows box, how do I specify the path? The files are in the directory D:\Foundstone\Reports.
/Kevin-------Posted BY Kevin Mazzone
Re: Hi Kevin, The VIS Module for2013-01-02T19:54:51Z in response to SystemAdminHi Kevin,
The VIS Module for McAfee Vulnerability Manager queries the McAfee Foundstone Enterprise engine using the FoundScan OpenAPI, to import the scan results.
This query is performed using the SOAP protocol over a web URL and SOAP port. Therefore as long as the VIS module can access this API, it doesn't matter what OS MVM is running on.
QRadar doesn't access / pull files from disk on the MVM host. Instead it makes an API call and gets results returned by MVM. Therefore it does not need to handle the ZIP files on disk.
Posted By Vinay Sukumar
Re: What about the new VIS module2013-01-02T21:09:59Z in response to SystemAdminWhat about the new VIS module released the other day? I thought that was supposed to allow "customers the option of importing vulnerability data using an XML vulnerability import or using the Open API."
Here is the thread: https://qmmunity.q1labs.com/node/1426.
Posted By Kevin Mazzone
gkraft 270006T8MJ1 PostACCEPTED ANSWER
Re: McAfee Vulnerability Manager - XML Results Import2013-11-15T00:00:11Z in response to SystemAdmin
Any additional response on this? We are trying to do the same thing but the integration is not working correctly. When we provide the appropriate credentials and try the initiate a pull it fails to initialize the factory. Has anyone gotten this to work correctly?