000034784 - How to validate scan confidence level in RSA Vulnerability Risk Management

Document created by RSA Customer Support Employee on Mar 2, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000034784
Applies ToRSA Product Set: Security Management
RSA Product/Service Type: Vulnerability Risk Manager
RSA Version/Condition: 1.1 SP1 and 1.2
Platform: Linux
 
IssueThe Scan Confidence is used to determine whether a new scan result from the scanner is valid to update the existing Issues and Device states.  There is no indication in the RAW data of what the Scan Confidence level is.  It is something that is actually calculated programmatically in Vulnerability Analytics.  You can query HBase and validate what the Scan Confidence level is (Low, Medium or High).
TasksValidation of Scan Confidence
  1. Log into one of the RAW/SAW nodes
  2. Run "Hbase Shell"
  3. Run "scan 'issue'" (no double quotes, but single quotes required).  Note - this will scan entire issue table.  You may wish to append arguments to reduce the data set.  You will need to get the Scan ID/CVE ID as reference for your next query.
  4. Example of completed query:
    get 'issue','27d2b9d6-5328-4a2a-be7b-9b1dbda18747CVE-2015-2493', {COLUMN => 'i:lsbs', VERSIONS => 10}

NotesIf you need to modify the scan 'issue' query with additional arguments, you will need to reference the MapR HBase Shell tutorial for additional assistance:
https://www.mapr.com/products/mapr-sandbox-hadoop/tutorials/tutorial-getting-started-with-hbase-shell

Attachments

    Outcomes