Initial Setup

Before Installation

  • Download an installation file from the Tufin Extensions website (formerly Marketplace).

  • In SecureTrack:
    • Create a user with Security Administrator level permissions. Log into SecureTrack with that user.
    • Configure the relevant network zones.
  • In SecureChange:
    • Create a user with the permission: Create and handle tickets on behalf of another user (via API only). Log into SecureChange with that user.
    • Create a server decommission workflow to be used when asset mitigation is needed.
  • Access credentials that can make API calls to one of the following supported vulnerability management solutions:
    • Rapid7 Nexpose
    • Rapid7 InsightVM
    • QualysGuard
    • Qualys VMDR
    • Nessus Professional
    • Tenable.io
    • Tenable.sc

Install VMA

You may need to install a new version of VMA in these cases:

  • You are installing VMA on a new environment.

  • You uninstalled VMA.

  • You need to upgrade to a TOS Aurora version that requires a new installation.

Follow these steps to install VMA:

  1. Using SSH, log into the TOS Aurora server.

  2. Create a directory called /opt/extensions.

  3. Copy the installer run file (already downloaded) to /opt/extensions.

  4. Go to /opt/extensions.

  5. Go to the folder and run the installer file:

    # sh vma-v<VERSION>.k3s.run

VMA is installed in the TOS Aurora cluster on the data node.

A license is required if you are running TOS Aurora R23-1 or earlier, or you have a legacy (non-tiered) TOS license - see Installing a License.

Log into VMA

Vulnerability Mitigation App (VMA) is located in the SecureTrack server. To log in, you will need to enter your SecureTrack user credentials.

Your user credentials determine your level of access to VMA.

Users with Super Administrator permission levels can perform actions within VMA, such as changing settings, setting up scheduled syncs with IPAM solutions, or exporting subnets as a CSV file. If you do not have this permission level, you will only be able to use VMA to view information.

Access VMA from SecureTrack

From the app launcher icon (), select Vulnerability Mitigation App.

Note that this option only appears after VMA installation.

Log in to VMA Directly

  1. In your browser, enter the following URL:

    https://<SecureTrack_Host>/apps/public/vma

    where <SecureTrack_Host> is your SecureTrack IP address. VMA uses SecureTrack for authentication.

    The Login page appears.

  2. Enter your SecureTrack user credentials and click Log In.