Asset and data source connections
The data source connections are created and configured to import risk feeds into IBM® Security Risk Manager from various security source products for
analyzing and calculating the risk score of the assets. The entities such as databases,
applications, assets, IP addresses, and hostnames are collectively referred to as
assets in Risk Manager. The risk
feeds from various products are imported into the Risk Manager repository by using the core services such as
Universal Data Insights and Connected Assets and Risk.
The asset-related information such as vulnerability data, user identity data, IP addresses of
infrastructures, applications, and other related data are imported into Risk Manager through the Connected Assets and Risk service. Threats, indicators of compromise
(IOCs), policy violations, and activity monitoring alert violations are imported by using the
Universal Data Insights service at specified
intervals.
VMS integration
Connected Assets and Risk service at regular intervals. Risk Manager uses the following attributes from VMS to assess the risk from the detected vulnerabilities.- Weaponized exploits
- Vulnerabilities with exploits.
- Exploit code
- Vulnerabilities for which the weaponized code is not needed for exploitation. A weaponized code is a program that is used to exploit a vulnerability.
- Attack chain
- Vulnerabilities that have an attack chaining capability. An attack chain is a sequence of events that are involved in a security attack.
- Actions on objectives
- Vulnerabilities with actions on objectives.
- Threat score
- Security threat score for the vulnerabilities.
In the basic version of Risk Manager, the basic version of VMS is enabled by default to enrich only 250 unique vulnerabilities per day. To enable the VMS subscription for availing the continuous enrichment service, you must have the credentials to access VMS. The VMS credentials must be assigned to the application account.