Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Adding a Beyond Security AVDS Vulnerability Scanner

Beyond Security Automated Vulnerability Detection System (AVDS) appliances create vulnerability data in Asset Export Information Source (AXIS) format. AXIS formatted files can be imported by XML files that can be imported.

To successfully integrate Beyond Security AVDS vulnerabilities with JSA, you must configure your Beyond Security AVDS appliance to publish vulnerability data to an AXIS formatted XML results file. The XML vulnerability data must be published to a remote server that is accessible by using Secure File Transfer Protocol (SFTP). The term remote server refers to any appliance, third-party host, or network storage location that can host the published XML scan result files.

The most recent XML results that contain Beyond Security AVDS vulnerabilities are imported to when a scan schedule starts. Scan schedules determine the frequency with which vulnerability data created by Beyond Security AVDS is imported. After you add your Beyond Security AVDS appliance to JSA, create a scan schedule to import the scan result files. Vulnerabilities from the scan schedule updates the Assets tab after the scan schedule completes.

  1. Click the Admin tab.
  2. Click the VA Scanners icon.
  3. Click Add.
  4. In the Scanner Name field, type a name to identify your Beyond Security AVDS scanner.
  5. From the Managed Host list, select an option that is based on one of the following platforms:

    • On the JSA Console, select the managed host that is responsible for communicating with the scanner device.

  6. From the Type list, select Beyond Security AVDS.
  7. In the Remote Hostname field, type the IP address or host name of the system that contains the published scan results from your Beyond Security AVDS scanner.
  8. Choose one of the following authentication options:

    Option

    Description

    Login Username

    To authenticate with a user name and password:

    1. In the Login Username field, type a username that has access to retrieve the scan results from the remote host.

    2. In the Login Password field, type the password that is associated with the user name.

    Enable Key Authorization

    To authenticate with a key-based authentication file:

    1. Select the Enable Key Authentication check box.

    2. In the Private Key File field, type the directory path to the key file.

    The default directory for the key file is/opt/qradar/conf/vis.ssh.key.

    If a key file does not exist, you must create the vis.ssh.key file.

    Note:

    The vis.ssh.key file must have vis qradar ownership.

    For example:

    # ls -al /opt/qradar/conf/vis.ssh.key
-rw------- 1 vis qradar 1679 Aug 7
06:24 /opt/qradar/conf/vis.ssh.key
  9. In the Remote Directory field, type the directory location of the scan result files.
  10. In the File Name Pattern field, type a regular expression (regex) to filter the list of files that are specified in the Remote Directory. All matching files are included in the processing.

    The default value is .*\.xml. The .*\.xml pattern imports all xml files in the remote directory.

  11. In the Max Reports Age (Days) field, type the maximum file age for your scan results file. Files that are older than the specified days and timestamp on the report file are excluded when the schedule scan starts. The default value is 7 days.
  12. To configure the Ignore Duplicates option:

    • Select this check box to track files that are already processed by a scan schedule. This option prevents a scan result file from being processed a second time.

    • Clear this check box to import vulnerability scan results each time the scan schedule starts. This option can lead to multiple vulnerabilities associated with one asset.

    If a result file is not scanned within 10 days, the file is removed from the tracking list and is processed the next time the scan schedule starts.

  13. To configure a CIDR range for your scanner:

    1. Type the CIDR range for the scan or click Browse to select a CIDR range from the network list.

    2. Click Add.

  14. Click Save.
  15. On the Admin tab, click Deploy Changes.

You are now ready to create a scan schedule. See Scheduling a Vulnerability Scan.

Related Documentation