Adding a Digital Defense AVS scanner

QRadar® accesses vulnerability data from the Digital Defense, Inc. Frontline Vulnerability Manager by using the Frontline Connect API that is installed with the Frontline Vulnerability Manager.

Procedure

  1. Click the Admin tab.
  2. Click the VA Scanners icon.
  3. Click Add.
  4. From the Type list, select Digital Defense Inc AVS.
  5. In the Scanner Name field, type a name to identify your Digital Defense Inc AVS scanner.
  6. In the Description field, type a description for your Digital Defense Inc AVS scanner.
  7. Configure the parameters.

    The following table describes the parameters that require specific values for the Digital Defense Inc AVS scanner:

    Table 1. Digital Defense Inc AVS scanner parameters
    Parameter Description
    Remote Host

    The host name of the remote server for the Digital Defense, Inc. AVS scanner.

    The host name must be vm.frontline.cloud.

    Remote Port

    The port number of the remote server for the Digital Defense, Inc. AVS scanner.

    The Remote Port value must be 443.

    Remote URL

    The URL of the remote server for the Digital Defense, Inc. AVS scanner.

    The Remote URL value must be /nsas/blGateway.php.

    Client ID A client ID is no longer used for this value. You might want to type the email address of the user who requested the API key.
    Username The email address of the user who requested the API key.
    Password The API key that you created when you completed the Creating an API Key in Frontline Vulnerability Manager procedure.
    Host Scope Collects host data from internal or external hosts for the Frontline VM. Select one of the following options:
    • Internal
    • External
    Retrieve Data for Account From the list, select Default.
    Correlation Method Specifies the method by which vulnerabilities are correlated. Select one the following options:
    All Available
    Queries the Frontline VM vulnerability catalog and correlates vulnerabilities that are based on all of the references that are returned for that specific vulnerability. References might include CVE, Bugtraq, Microsoft Security Bulletin, and OSVDB. Multiple references sometimes correlate to the same vulnerability. More results are returned, but processing takes longer than the CVE option.
    CVE
    Queries the Frontline VM vulnerability and correlates vulnerabilities that are based only on the CVE-ID.
  8. Configure the CIDR ranges that you want this scanner to retrieve by typing the CIDR range, or click Browse to select the CIDR range from the network list.
  9. Click Add > Save.
    Tip: Repeat steps 4 - 9 to create more import parameters.

What to do next

Schedule a vulnerability scan. At intervals that are determined by a scan schedule, QRadar imports the most recent XML results that contain Frontline VM vulnerabilities that are defined by the selected configured scanner.