Vulnerability Management Extra - Configure
Introduction
The "Configure" menu of the Vulnerability Management Extra is where you set up how SimpleRisk integrates with your vulnerability management platform of choice. This menu is broken down into three separate pages. The "Settings" page is where you will define how to communicate with your vulnerability management platform, the sites that you want to import data from and the options you want to use for importing. The "Schedule" page is where you will define whether or not to automatically update data from your vulnerability management platform, and if so, how often. The "Log" menu is where you can see the results of the most recent run of the Vulnerability Management Extra.
Settings
The first step in setting up the Vulnerability Management Extra will be to tell it which of the supported platforms you will be importing results from. Currently available options are Rapid7 InsightVM, Rapid7 Nexpose and Tenable.io. Currently, integrations with Tenable.sc and Qualys are on the SimpleRisk roadmap.
Once you've selected the desired vulnerability management platform(s), the next step is to enter the credentials to connect to it. Below is an example of the settings for Tenable.io, but each of the different platforms will display the configurations required for it. SimpleRisk will not modify any data on the vulnerability management platform so read-only account permissions should be fine.
If the credentials you entered work properly, you should see a message like the one above, indicating that you have successfully authenticated with the server. Once the connection works, then you will be shown a list of the sites that are available. Note that the permissions of the user used for authentication will impact which sites they can see.
Make sure that you click on "Select" once you've selected the sites you'd like to import.
The last step is to configure the options used for the import. Here you will see three options available to select:
If the "Import Assets" box is checked, then SimpleRisk will import the list of all assets that are a part of the selected site(s). These assets can be found under the "Asset Management" menu in SimpleRisk and we will attempt to bring in whatever additional data we have for each asset and tag them as appropriate.
The "Automatically import vulnerabilities with a score greater than or equal to" checkbox tells SimpleRisk the minimum level of vulnerability that you would like to import. We'd recommend starting with a high value, such as a 9 or 10, and then lowering it to get the data set that you'd like. It is quite difficult to remove vulnerabilities once they have been added. If this value is set to "0", then all vulnerabilities that have a CVSS score associated with them will be imported.
The "Automatically triage vulnerabilities with a score greater than or equal to" checkbox tells SimpleRisk the minimum level of vulnerabilities to automatically triage and create a risk for. We recommend starting with this value unchecked so that you can see the list of all of the vulnerabilities to triage first, then you can decide whether to manually triage them or have them automatically triaged. The SimpleRisk system will automatically de-duplicate vulnerabilities to create a single risk and associate it with all of the relevant assets.
Schedule
The next step in setting up the Vulnerability Management Extra will be to define the schedule that it will run on. Available options are Hourly, Daily, Weekly or Monthly. All updates will run at midnight according to the system time. Note that this functionality uses the SimpleRisk global cron to run and will not work unless that has been configured.
If you leave the "Automatically update from VM platforms" option unchecked, then the system will not automatically perform updates of the vulnerability information. Regardless of whether or not the system is configured to automatically update, you always have the option to select "Save and Run Now", which will kick off the update process immediately. This update runs in the background and there is no need to stay on this page. You can take a look at the "Log" menu, described below, to see progress updates.
Log
The "Log" menu in the Vulnerability Extra will display the log entries from the most recent run. It will show you when different steps are being taken and how long they take. All actions are handled in serial and the duration is completely variable depending on the vulnerability management platform, number of sites, number of vulnerabilities and number of assets. Entries that you should be concerned about will be highlighted in red.
Summary
The "Configure" menu in the Vulnerability Management Extra is where an administrative user will go in order to configure the various options available to them to import asset and vulnerability data from their VM platform into SimpleRisk.