Configuring VMA

To take full advantage of Vulnerability Mitigation App's (VMA) vulnerability correlation and mitigation capabilities, you need to perform these configuration tasks from the Settings () menu.

If you are already logged into SecureTrack, you will be logged into VMA automatically.

After making any change in this menu, click Save.

Connect to an External VMS

The vulnerability management systems (VMSs) that scan your network assets at fixed intervals provide VMA with regular updates on the vulnerability status of your assets.

In the Vulnerability Scanners section:

  1. Click a logo to select your VMS.

  2. Enter the access credentials for the VMS.

    VMS

    Access Credentials
    • Tenable.sc
    • Rapid7 Nexpose
    • Rapid7 InsightVM
    • Nessus Professional
    • Address (FQDN or IP)
    • Port (select HTTPS port)
    • User name
    • Password
    • Optional: Enable Certificate Verification
    • QualysGuard
    • Qualys VMDR
    • Address (API)
    • User name
    • Password
    • Optional: Enable proxy
    • Tenable.io
    • Address (FQDN or IP)
    • Access key
    • Secret key
    • Optional: Enable proxy

Identify Assets from Internet/Untrusted Networks

VMA can identify whether access from the internet or untrusted networks is exploitable, and which assets are affected. This is optional. If selected, VMA will mark the vulnerable assets as Exposed.

In the Internet/Untrusted Address(es) section:

  1. Select Determine if exploitable access is allowed. Note that this check box is disabled by default until topology information is available for your environment. After there is topology data, you should select this check box.
  2. Enter the addresses for the internet (for example, 8.8.8.8) and the untrusted networks, separated by commas.
    From version 2.4, for multiple addresses, VMA checks each address individually for every asset in your system.

Select Critical Zones

Selecting the network zones allows you to prioritize the relevant areas in your network for vulnerability analysis, and increases the efficiency of VMA. Instead of correlating the entire network, VMA only analyzes the areas that you define. You are required to select at least one network zone.

In the Critical zones section:

  1. Select a network domain.

  2. Select at least one network zone, defined in SecureTrack, to correlate vulnerability information to access.

    3. You can use the Search field to filter the network zones by name.

Connect to SecureChange

Users can open server decommission and group change tickets in SecureChange from VMA, and track the tickets progress as they are being handled from within VMA. This is optional. However, only SecureChange users can use the mitigation workflows.

In the SecureChange (optional) section:

  1. Enter the workflow information:

    • Modify Group: Enter the name of the group change workflow and the name of the global group object from which assets will need to be blocked or removed.

    • Server Access Decommission: The name of the SecureChange workflow that VMA will use to open server decommission requests for assets.

    • Rule Modification: The name of the SecureChange workflow that VMA will use to open modification requests for rules.

  2. Enter the SecureChange credentials:

    • Login username

    • Login password

The user name and password need to be for a SecureChange user with the permission: Create and handle tickets on behalf of another user (via API only). If this is a new user, log in to SecureChange with that user to validate it.

Set up Email Notifications

Define who will receive a summarizing vulnerability report by email and from where it will be sent.

In the Email notification section:

  1. Enter the following information for the outgoing emails:
    • Outgoing SMTP server
    • Port
    • Sender email address
    • Login user name
    • Login password
  2. If you want the email notifications to be secured, select Enable TLS.
  3. In the Email Recipients field, enter the email addresses (separated by a semi-colon) to which VMA should send email notifications.

Define Log Levels

Log levels are used for debugging and determine which information is collected in the log files.

In the Log section, select the appropriate log level.

Log Level

Description

ERROR

Messages with error and critical levels are logged.

WARNING

Messages with error, critical, and warning levels are logged.

INFO

Messages with error, critical, warning, and info levels are logged.

DEBUG

All message levels.

If you change the log level, the change takes effect immediately and the web server restarts.

To view the log, run the command kubectl logs -f -l app=vma.