Setting Up

To take full advantage of Vulnerability Mitigation App's (VMA)vulnerability correlation and mitigation capabilities, you need to perform the following initial set-up tasks:

If you are already logged into SecureTrack, you will be logged into VMA automatically.
  1. Connect to at least one supported external vulnerability management solution: The vulnerability management solutions that scan your network assets at fixed intervals provide VMA with regular updates on the vulnerability status of your assets.
  2. Enable the app to identify assets that are exposed from the internet or untrusted networks: VMA can identify whether access from the internet or untrusted networks is exploitable, and which assets are affected. This is optional. If selected, the app will mark the vulnerable assets as Exposed.
  3. Select the network zones in SecureTrack to be scanned: Selecting the network zones allows you to prioritize the relevant areas in your network for vulnerability analysis, and increases the efficiency of VMA. Instead of correlating the entire network, the app only analyzes the areas that you define. You are required to select at least one network zone.
  4. Connect to SecureTrack: SecureTrack provides VMA with assets in network zones and provides context for the network-based vulnerabilities detected.
  5. Connect to SecureChange: Users can open server decommission and group change tickets in SecureChange from VMA, and track the tickets progress as they are being handled from within the app. This is optional. However, only SecureChange users can use the mitigation workflows.
  6. Set up email notifications: Define who will receive a summarizing vulnerability report by email and from where it will be sent.
  7. Define the log levels: Log levels are used for debugging and determine which information is collected in the log files.

All of these set-up tasks are performed in the Settings menu.

After making any change in this menu, click Save.

Connect to an External Vulnerability Management Solution

In the Vulnerability Scanners section

  1. Click on a logo to select your vulnerability management solution.
  2. Enter the access credentials for the vulnerability management solution.
  3. Vulnerability Management Solution

    Access Credentials

    • Tenable.sc
    • Rapid7 Nexpose
    • Rapid7 InsightVM

    • Nessus Professional
    • Address (FQDN or IP)
    • Port (select HTTPS port)
    • User name
    • Password
    • Optional: Enable Certificate Verification
    • QualysGuard
    • Qualys VMDR
    • Address (FQDN or IP)
    • User name
    • Password
    • Optional: Enable proxy
    • Tenable.io
    • Address (FQDN or IP)
    • Access key
    • Secret key
    • Optional: Enable proxy

Enable Identification of Assets from Internet/Untrusted Networks

In the Internet/Untrusted Address(es) section:

  1. Select Determine if exploitable access is allowed.
  2. Enter the addresses for the internet (for example, 8.8.8.8) and the untrusted networks , separated by commas.

Select Critical Zones

In the Critical Zones section:

  1. Select a network domain.
  2. Select at least one network zone to correlate vulnerability information to access.
  3. You can use the Search field to filter the network zones by name.

Connect to SecureTrack

In the SecureTrack section, enter the following information:

  • Host: The IP address of the SecureTrack server. This address will also be used to link e-mails and reports to SecureTrack.
  • Login username
  • Login password

The username and password need to be for a SecureTrack user with Super Administrator permissions. If this is a new user, log in to SecureTrack with that user to validate it.

Connect to SecureChange

In the SecureChange section:

  1. Enter the workflow information:
    • Modify Group: Enter the name of the group change workflow and the name of the global group object from which assets will need to be blocked or removed.
    • Server Decommission: The name of the SecureChange workflow that VMA will use to open server decommission requests for assets.
    • Rule Modification: The name of the SecureChange workflow that VMA will use to open modification requests for rules.
  2. Enter the SecureChange credentials:
    • Host: The IP address of the SecureChange server.
    • Login username
    • Login password

The user name and password need to be for a SecureChange user with the permission: Create and handle tickets on behalf of another user (via API only). If this is a new user, log in to SecureChange with that user to validate it.

Set up E-mail Notifications

In the E-mail notification section:

  1. Enter the following information for the outgoing e-mails:
    • Outgoing SMTP server
    • Port
    • Sender e-mail address
    • Login user name
    • Login password
  2. If you want the e-mail notifications to be secured, select Enable TLS.
  3. In the E-mail Recipients field, enter the e-mail addresses (separated by a semi-colon) to which VMA should send e-mail notifications.

Define Log Levels

In the Log Level section, select the appropriate log level.

Log Level

Description

ERROR

Messages with error and critical levels are logged.

WARNING

Messages with error, critical, and warning levels are logged.

INFO

Messages with error, critical, warning, and info levels are logged.

DEBUG

All message levels.

This section also displays the path where the log files are saved.