Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Adding a Remote XML Import Scan

 

The McAfee Vulnerability Manager scanner enables JSA to import vulnerabilities from an XML file by way of SFTP, SMB, or query for a results file from the McAfee OpenAPI.

JSA can collect vulnerability data from McAfee Vulnerability Manager appliances. The following software versions are supported

  • v6.8 and v7.0 for the McAfee Vulnerability Manager SOAP API

  • v6.8, v7.0, and v7.5 for remote XML imports

The following import options are available to collect vulnerability information from McAfee Vulnerability Manager:

  • Add a remote XML import for vulnerability data by way of SFTP.

  • Add a remote XML import for vulnerability data by way of SMB.

    Note

    When you export from McAfee Vulnerability Manager, you must click the Scan Reports tab, and then select the XML output option.

  • Retrieve vulnerabilities from the SOAP API.

Configuring Remote Exports for McAfee Vulnerability Manager

To import scan reports into JSA, you can configure McAfee Vulnerability Manager to export scan reports to a remote server.

Configure the McAfee Vulnerability Manager to export scan results to a remote server. You can import scan results into JSA from the remote repository by using a secure file transfer protocol (SFTP) or a server message block (SMB) protocol.

Note

The export is a compressed file that contains HostData and RiskData XML files. Only HostData XML files are supported because they contain the required host and vulnerability information. Ensure that only uncompressed HostData XML files are placed in the remote directory or that the file name pattern that you configure matches only uncompressed HostData reports XML files.

  1. Log in to the configuration management server. Click Start, and then select All Programs > Foundstone > FCM Console.
  2. Select Tools >Preferences , and then click the Report Server tab.
  3. Select Copy Reports to a Network Drive.
  4. Type the path to the network drive. For example, \\CompName\ShareName.
  5. Click Apply.Note

    If the Report Server service does not have the correct permissions to the network drive, configure the settings for the Report Server service.

Adding a Remote XML Import Scan Via SFTP

Use SFTP to import the HostData XML vulnerability data that is created by your McAfee Vulnerability Manager appliance.

Ensure that the McAfee Vulnerability Manager is configured to export scan results to a remote server.

JSA connects to the remote repository via SFTP and imports completed XML scan reports from the remote directory.

You can use the file import collection method to import completed scan reports from McAfee Vulnerability Manager V7.0 and V7.5.

Note
  1. The import might contain HostData and RiskData XML files. Only HostData XML files are supported because they contain the required host and vulnerability information. Ensure that only HostData XML files are placed in the remote directory or that the file name pattern that you configure matches only HostData reports.

  2. The export is a compressed file that contains HostData and RiskData XML files. Only HostData XML files are supported because they contain the required host and vulnerability information. Ensure that only uncompressed HostData XML files are placed in the remote directory or that the file name pattern that you configure matches only uncompressed HostData reports XML files.

  1. Click the Admin tab.
  2. Click the VA Scanners icon.
  3. Click Add.
  4. In the Scanner Name field, type a name to identify McAfee Vulnerability Manager.
  5. From the Managed Host list, select the managed host from your JSA deployment that manages the scanner import.
  6. From the Type list, select McAfee Vulnerability Manager.
  7. From the Import Type list, select Remote XML Import.
  8. In the Remote Hostname field, type the IP address or host name of the remote server that hosts your McAfee Vulnerability Manager XML data.
  9. In the Remote Port field, type the port to retrieve the XML vulnerability data.
  10. Choose one of the following authentication options:

    Option

    Description

    Login Username

    Authenticates with a user name and password. The password must not contain the ! character. This character might cause authentication failures over SFTP.

    Enable Key Authorization

    Authenticate with a key-based authentication file. If a key file does not exist, you must create the vis.ssh.key file and place it in the /opt/qradar/conf/vis.ssh.key directory.

  11. In the Remote Directory field, type the directory path to the XML vulnerability data.
  12. In the File Name Pattern field, type a regular expression (regex) to filter the list of files that are specified in the Remote Directory. All matching files are included in the processing. Ensure that this pattern matches only HostData XML reports.
  13. In the Max Reports Age (days) field, type the maximum file age for your scan results file.
  14. To configure a CIDR range for the scanner:
    1. In the text field, type the CIDR range for the scan or click Browse to select a CIDR range from the network list.

    2. Click Add.

  15. Click Save.
  16. On the Admin tab, click Deploy Changes.

Adding a Remote XML Import Scan Via SMB

Use SMB to connect to a remote server and import the HostData XML vulnerability data that is created by your McAfee Vulnerability Manager appliance.

Ensure that the McAfee Vulnerability Manager is configured to export scan results to a remote server.

JSA connects to the remote repository via SMB, and imports completed XML scan reports from a remote directory.

You can use the file import collection method to import completed scan reports from McAfee Vulnerability Manager V7.0 and V7.5.

Note
  1. The import might contain HostData and RiskData XML files. Only HostData XML files are supported because they contain the required host and vulnerability information. Ensure that only HostData XML files are placed in the remote directory or that the file name pattern that you configure matches only HostData reports.

  2. The export is a compressed file that contains HostData and RiskData XML files. Only HostData XML files are supported because they contain the required host and vulnerability information. Ensure that only uncompressed HostData XML files are placed in the remote directory or that the file name pattern that you configure matches only uncompressed HostData reports XML files.

  1. Click the Admin tab.
  2. Click the VA Scanners icon.
  3. Click Add.
  4. In the Scanner Name field, type a name to identify McAfee Vulnerability Manager.
  5. From the Managed Host list, select the managed host from your JSA deployment that manages the scanner import.
  6. From the Type list, select McAfee Vulnerability Manager.
  7. From the Import Type list, select SMB Share.
  8. In the Hostname field, type the user name of the remote server that hosts your McAfee Vulnerability Manager XML data.
  9. In the Login Username field, type the user name that JSA uses to log in to the SMB Share.
  10. In the Login Password field, type the password that JSA uses to log in to the SMB Share.
  11. In the Domain field, type the domain that is used to connect to the SMB Share.
  12. In the SMB Folder Path field, type the full path to the share from the root of the SMB host. Use forward slashes when you type the path. For example, /share/logs.
  13. In the File Name Pattern field, type a regular expression (regex) to filter the list of files that are specified in the remote directory. All matching files are included in the processing. Ensure that this pattern matches only HostData XML reports.
  14. In the Max Reports Age (days) field, type the maximum file age for your scan results file.
  15. Configure a CIDR range for the scanner.
    1. In the text field, type the CIDR range for the scan, or click Browse to select a CIDR range from the network list.

    2. Click Add.

  16. Click Save.
  17. On the Admin tab, click Deploy Changes.