• 3 replies
  • Latest Post - ‏2013-11-15T00:00:11Z by gkraft
144 Posts

Pinned topic McAfee Vulnerability Manager - XML Results Import

‏2013-01-02T18:09:56Z |
I'd like to configure the new VIS module for McAfee Vulnerability Manager to import scan results from our environment.

We are using MVM on a hardened Windows appliance that we ordered from McAfee. Does QRadar support importing from MVM running on Windows?

I can locate the scan result XML files but they are contained in ZIP files that MVM creates. Can QRadar process these? Since it is a Windows box, how do I specify the path? The files are in the directory D:\Foundstone\Reports.

/Kevin-------Posted BY Kevin Mazzone
Updated on 2013-01-02T21:09:59Z at 2013-01-02T21:09:59Z by SystemAdmin
  • SystemAdmin
    144 Posts

    Re: Hi Kevin, The VIS Module for

    Hi Kevin,

    The VIS Module for McAfee Vulnerability Manager queries the McAfee Foundstone Enterprise engine using the FoundScan OpenAPI, to import the scan results.

    This query is performed using the SOAP protocol over a web URL and SOAP port. Therefore as long as the VIS module can access this API, it doesn't matter what OS MVM is running on.

    QRadar doesn't access / pull files from disk on the MVM host. Instead it makes an API call and gets results returned by MVM. Therefore it does not need to handle the ZIP files on disk.

    Posted By Vinay Sukumar
  • SystemAdmin
    144 Posts

    Re: What about the new VIS module

    What about the new VIS module released the other day? I thought that was supposed to allow "customers the option of importing vulnerability data using an XML vulnerability import or using the Open API."

    Here is the thread:

    Posted By Kevin Mazzone
  • gkraft
    1 Post

    Re: McAfee Vulnerability Manager - XML Results Import


    Any additional response on this?  We are trying to do the same thing but the integration is not working correctly.  When we provide the appropriate credentials and try the initiate a pull it fails to initialize the factory.  Has anyone gotten this to work correctly?