Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Digital Defense Inc AVS Scanners

 

You can add a Digital Defense Inc AVS scanner to your JSA deployment.

Before you add this scanner, a server certificate is required to support HTTPS connections. JSA supports certificates with the following file extensions: .crt, .cert, or .der. To copy a certificate to the /opt/qradar/conf/trusted_certificates directory, choose one of the following options:

  • Manually copy the certificate to the /opt/qradar/conf/trusted_certificates directory by using SCP or SFTP.

  • SSH into the Console or managed host and retrieve the certificate by using the following command: /opt/qradar/bin/getcert.sh <IP or Hostname> <optional port - 443 default>. A certificate is then downloaded from the specified host name or IP and placed into /opt/qradar/conf/trusted_certificates directory in the appropriate format.

At intervals that are determined by a scan schedule, JSA imports the most recent XML results that contain Digital Defense Inc AVS vulnerabilities. To enable communication with the Digital Defense Inc AVS scanner, JSA uses the credentials that you specify in the scanner configuration.

The following list provides more information about Digital Defense Inc AVS scanner parameters:

  • Remote Hostname--The host name of the remote server that hosts the Digital Defense Inc AVS scanner.

  • Remote Port--The port number of the remote server that hosts the Digital Defense Inc AVS scanner.

  • Remote URL--The URL of the remote server that hosts the Digital Defense Inc AVS scanner.

  • Client ID--The master client ID that uses to connect to the Digital Defense Inc AVS scanner.

  • Host Scope--When set to Internal, retrieves the active view for the internal hosts of the Digital Defense Inc AVS scanner. When set to External, retrieves the external active view of the Digital Defense Inc AVS scanner.

  • Retrieve Data For Account--The Default option indicates that the data is included from only the specified Client ID. If you want to include data from the Client ID and all its sub accounts, select All Sub Accounts. If you want to specify a single, alternate client ID, select Alternate Client ID.

  • Correlation Method--Specifies the method by which vulnerabilities are correlated.

    • The All Available option queries the Digital Defense Inc vulnerability catalog and attempts to correlate vulnerabilities that are based on all the references that are returned for that specific vulnerability. References might include CVE, Bugtraq, Microsoft Security Bulletin, and OSVDB. Multiple references often correlate to the same vulnerability, but returns more results and take longer to process than the CVE option.

    • The CVE option correlates vulnerabilities that are based only on the CVE-ID.

  1. Click the Admin tab.
  2. On the navigation menu, click Data Sources.
  3. Click the VA Scanners icon.
  4. Click Add.
  5. From the Type list box, select Digital Defense Inc AVS.
  6. Configure the parameters.
  7. To configure the CIDR ranges you want this scanner to consider, type the CIDR range, or click Browse to select the CIDR range from the network list.
  8. Click Add.
  9. Click Save.
  10. On the Admin tab, click Deploy Changes.

After you add your Digital Defense Inc AVS scanner, you can add a scan schedule to retrieve your vulnerability information.