Beyond Security Automated Vulnerability Detection System, also known as Beyond AVDS or BeSECURE AVDS, is a Vulnerability Assessment and Management solution that delivers solid security improvements based on testing accuracy, flexibility and low maintenance. It facilitates the scanning of broad IP ranges to ensure you are finding and addressing the most serious vulnerabilities first.
The solution, BeSECURE (AVDS), is trusted by thousands of companies and governments.
To import your data from Beyond AVDS to Cisco Vulnerability Management, you will need to set up the Beyond AVDS Connector under the Vulnerability Management section of the Cisco Vulnerability Management UI.
This Connector does not support incremental imports so every run will be a full run.
Prerequisites
-
Given that BeSECURE AVDS can be deployed in the Cloud, on-premises, or in a hybrid-cloud/on-premises environment there are different Cisco Vulnerability Management requirements depending on the type of deployment your organization has.
-
In the Cloud: No additional Agent or Virtual Tunnel set up is required.
-
On-Premises: The Virtual Tunnel is required to import your data to Cisco Vulnerability Management.
-
Hybrid deployment: If the scan engine that Cisco Vulnerability Management is reaching out to is on-premises, the Virtual Tunnel is required. If your scan engine that Cisco Vulnerability Management reaches out to is Cloud based, no additional Agent or Virtual Tunnel set up is required.
-
-
You must have access to the Beyond AVDS API to run the connector.
-
You must be a Cisco Vulnerability Management administrator.
Configuring your Connector in Cisco Vulnerability Management
1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. In the Vulnerability Management section, click Beyond Security AVDS.
4. On the AVDS page, enter the following information
-
Name: Enter a name for the connector, or leave it as “AVDS”.
-
Enter the Host information and API Key for the service/user account you that you want to use.
-
If your host is static, you must enter an IP address and the port number.
-
If your host is dynamic, enter the DNS and port number
-
-
Schedule: Select the frequency at which you’d like your Connector to run. (Cisco recommends mirroring the cadence of your Beyond AVDS scans).
- Asset Inactivity Limit: Enter a time in days for the connector level asset inactivity limit. Cisco recommends 2-3 times the scan cadence of your connector scans).
-
If your AVDS Deployment is on-premises you must use the Virtual Tunnel. If you are one of those customers, select the Use Virtual Tunnel checkbox which will display below the Asset Inactivity Limit for customers with a Virtual Tunnel already set up for their instance.
5. Click Save and Verify.
What Beyond AVDS Items does Cisco Vulnerability Management Import?
|
Beyond AVDS Field |
Cisco Vulnerability Management Field |
Notes |
|---|---|---|
|
"#{test_id} #{name}" |
Scanner Vulnerability ID (external ID) |
|
|
VulnerabilityName |
Name |
|
|
Impact |
Description (Synopsis) |
|
|
RiskFactorName |
scanner_score |
"Informational" → 0 |
|
|
Vulnerability Status |
Only maps Open & Closed vulnerabilities. Cisco Vulnerability Management does not receive a closed status for closed vulnerabilities, so the absence of a vuln that was previously reported is treated as a closure (ie: Remediated vuln no longer shows up on a scan report) |
|
Output |
Details |
|
|
cve ids |
CVE |
|
|
-N/A- |
Last Seen |
Not passed explicitly. Cisco Vulnerability Management will use the last scan date in which the vuln was reported. |
|
ScanDate |
Found On |
|
|
-N/A- |
Created |
This is a Cisco Vulnerability Management Defined date: When the asset or vulnerability was first created (loaded) to Cisco Vulnerability Management. |
|
AffectedHost |
hostname |
|
|
ip_address |
IP Address |
|
|
OrganizationName |
Tags |
|
Items Cisco Vulnerability Management does not import:
-
OS Information (no explicit OS info available)
-
Custom Fields
-
Any Tags outside of the OrganizationName
Optional Settings
The following settings can be enabled on the backend for Beyond AVDS Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.
Exclude Informationals
When this option is enabled, Cisco Vulnerability Management will import only vulnerabilities that include a CVE, CWE, or WASC ID.
Skip Tags
This setting enables you to not create any Tags in Cisco Vulnerability Management based on the scanner metadata.
Ignore Scanner Last Seen Time
Select this setting if you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.
Tag Reset
This setting assists you with keeping your scanner metadata synchronized with Cisco Vulnerability Management. Each time the connector is run, all tags in Cisco Vulnerability Management will be removed and the scanner tag metadata re-created.
If you have created any manual tags or any tags were created from metadata from other connectors, that tag information will be removed and will be refreshed once those other connectors are rerun.
Custom Ordered Locators
Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information, see the help article here.
Common Reasons for Connector Run Failures
-
Bad Credentials. If you enter the incorrect connector credentials during the connector setup, Cisco Vulnerability Management will not have access to the environment to make the API calls.
-
If no reports are found, Cisco Vulnerability Management will abort the Connector run, rather than fail it outright.
-
If an API call fails (no data available, or other reasons).
-
If Cisco Vulnerability Management receives data that is not in the expected format and cannot process it, the connector will fail.
-
If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector run.
Additional Assistance:
Contact Cisco Support if you require any additional assistance with the Beyond AVDS Connector.
Comments
Please sign in to leave a comment.