QRadar® accesses
vulnerability data from the Digital Defense, Inc. Frontline Vulnerability Manager by using the
Frontline Connect API that is installed with the Frontline Vulnerability Manager.
Procedure
-
Click the Admin tab.
-
Click the VA Scanners icon.
-
Click Add.
-
From the Type list, select Digital Defense Inc
AVS.
-
In the Scanner Name field, type a name to identify your Digital Defense
Inc AVS scanner.
-
In the Description field, type a description for your Digital Defense
Inc AVS scanner.
-
Configure the parameters.
The following table describes the parameters that require specific values for the Digital Defense
Inc AVS scanner:
Table 1. Digital Defense Inc AVS scanner parameters
Parameter |
Description |
Remote Host |
The host name of the remote server for the Digital Defense, Inc. AVS scanner.
The host name must be vm.frontline.cloud.
|
Remote Port |
The port number of the remote server for the Digital Defense, Inc. AVS scanner.
The Remote Port value must be 443.
|
Remote URL |
The URL of the remote server for the Digital Defense, Inc. AVS scanner.
The Remote URL value must be /nsas/blGateway.php.
|
Client ID |
A client ID is no longer used for this value. You might want to type the email
address of the user who requested the API key. |
Username |
The email address of the user who requested the API key. |
Password |
The API key that you created when you completed the Creating an API Key in Frontline Vulnerability Manager procedure. |
Host Scope |
Collects host data from internal or external hosts for the Frontline VM. Select
one of the following options:
|
Retrieve Data for Account |
From the list, select Default. |
Correlation Method |
Specifies the method by which vulnerabilities are correlated. Select one the
following options:
- All Available
- Queries the Frontline VM vulnerability catalog and correlates vulnerabilities that are based on
all of the references that are returned for that specific vulnerability. References might include
CVE, Bugtraq, Microsoft Security Bulletin, and OSVDB.
Multiple references sometimes correlate to the same vulnerability. More results are returned, but
processing takes longer than the CVE option.
- CVE
- Queries the Frontline VM vulnerability and correlates vulnerabilities that are based only on the
CVE-ID.
|
-
Configure the CIDR ranges that you want this scanner to retrieve by typing the CIDR range, or
click Browse to select the CIDR range from the network list.
-
Click .
Tip: Repeat steps 4 - 9 to create more import parameters.
What to do next
Schedule a vulnerability scan. At intervals that are determined by a scan schedule, QRadar imports the most recent XML
results that contain Frontline VM vulnerabilities that are defined by the selected configured
scanner.