BeyondSecurity Automated Vulnerability Detection System, aka Beyond AVDS or BeSecure AVDS, is a Vulnerability Assessment and Management solution that delivers solid security improvements based on testing accuracy, flexibility and low maintenance. It facilitates the scanning of broad IP ranges to ensure you are finding and addressing the most serious vulnerabilities first.
The solution, beSECURE (AVDS), is trusted by thousands of companies and governments.
To import your data from BeyondAVDS to Cisco Vulnerability Management, you will need to leverage the BeyondAVDS Connector under the Vulnerability Management tools.
This Connector does not support incremental pulls so every run will be a full run.
User Prerequisites/Connector Setup:
-
Given that beSecure AVDS can be deployed in The Cloud, on-premise, or in a hybrid-cloud/on-prem environment there are different Cisco Vulnerability Management requirements depending on the type of deployment your organization has.
-
In the Cloud - No additional Kenna Agent or Kenna Virtual Tunnel set up is required
-
On-Premise - The Kenna Virtual Tunnel will be required in order to import your data to your Cisco Vulnerability Management instance
-
Hybrid deployment - if the scan engine we are reaching out to is on-premise, please follow the above “On-premise” instructions. If your scan engine we reach out to is Cloud based, follow the above “In the Cloud” instructions.
-
-
Must have access to the BeyondAVDS API to run the connector.
Configuring your Connector in Cisco Vulnerability Management
To set up the Connector, navigate to the Connectors tab in your Cisco Vulnerability Management deployment (you must be a Cisco Vulnerability Management Administrator to do so). On the Connectors page, select Beyond AVDS.
Once you select the beyondSecurity AVDS, the following screen will appear:
-
Enter a name for the connector, or leave it as “AVDS” if you wish.
-
Enter the Host information and API Key for the service/user account you wish to leverage.
-
If your host is static, you must enter an IP address and the port.
-
If your host is dynamic, please enter the DNS and port information
-
-
Schedule the Connector. Select the frequency at which you’d like your Connector to run. (we recommend mirroring the cadence of your BeyondAVDS Scans).
-
If your AVDS Deployment is on-premise you will need to leverage the Virtual Tunnel. If you are one of those customers, please select the
Use Virtual Tunnelcheckbox which will appear below the Asset Inactivity Limit for customers with a Virtual Tunnel already set up for their Instance. -
Click Save and Verify.
Note: If you’d like to set a connector level asset inactivity limit, you can do that at this time, or later. (We recommend 2-3x the scan cadence of your BeyondAVDS Scans).
What beyondAVDS Items does Cisco Vulnerability Management Import?
|
beyond AVDS Field |
Cisco Vulnerability Management Field |
Notes |
|---|---|---|
|
"#{test_id} #{name}" |
Scanner Vulnerability ID (external ID) |
|
|
VulnerabilityName |
Name |
|
|
Impact |
Description (Synopsis) |
|
|
RiskFactorName |
scanner_score |
"Informational" → 0 |
|
|
Vulnerability Status |
Only maps Open & Closed vulnerabilities. Cisco Vulnerability Management does not receive a closed status for closed vulnerabilities, so the absence of a vuln that was previously reported is treated as a closure (ie: Remediated vuln no longer shows up on a scan report) |
|
Output |
Details |
|
|
cve ids |
CVE |
|
|
-N/A- |
Last Seen |
Not passed explicitly. Cisco Vulnerability Management will use the last scan date in which the vuln was reported. |
|
ScanDate |
Found On |
|
|
-N/A- |
Created |
This is a Cisco Vulnerability Management Defined date: When the asset or vulnerability was first created (loaded) to Cisco Vulnerability Management. |
|
AffectedHost |
hostname |
|
|
ip_address |
IP Address |
|
|
OrganizationName |
Tags |
|
Items Cisco Vulnerability Management does not receive:
-
OS Information (no explicit OS info available)
-
Custom Fields
-
Any Tags outside of the OrganizationName
Optional Settings
The following settings can be enabled on the backend for beyondAVDS Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.
-
Exclude Informationals
-
When this option is enabled, Cisco Vulnerability Management will not import vulnerabilities that do not include a CVE, CWE, or WASC ID.
-
-
Skip Tags
-
This setting will allow you to NOT create any Tags within Cisco Vulnerability Management based on the scanner metadata.
-
-
Ignore Scanner Last Seen Time
-
If you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.
-
-
Tag Reset
-
This setting will assist in keeping your scanner metadata in sync with Cisco Vulnerability Management. Each time the connector is run, ALL tags within Cisco Vulnerability Management will be removed and the scanner tag metadata re-created.
-
If you have created any manual tags OR any tags were created off of metadata from other connectors that tag info will be removed and will be refreshed once those other connectors are rerun.
-
-
Custom Ordered Locators
-
Locators (IP, Netbios, FQDN, etc) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information see the help article here.
-
Common Reasons for Connector Run Failures
- Bad Credentials
- If you enter the incorrect connector credentials during the connector setup, we will not have access to the environment to make the API calls.
- If no reports are found we will abort the Connector run, rather than fail it outright
- If an API call fails (no data available, or other reasons)
-
Unexpected data returned
-
If Cisco Vulnerability Management receives data that is not in the expected format and we are unable to process it, the connector will fail.
-
-
If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector Run
Additional Assistance:
Please contact Support should you require any additional assistance with the beyondAVDS Connector.
Comments
Please sign in to leave a comment.