enVision integration with Vulnerability Management solutions
I am new on this community, and this is my first message here.
I am interested in integrating enVision with vulnerability managements solutions, especially with McAffe Foundstone and QualysGuard.
Can anyone tell me how I can do that? After the integration in what manner can this help security operations?
Can I import from the VM solution the report scans and afterwards can I corelate the vulnerabilities with alerts in enVision?
And finally is there some kind of documentation in order to do that?
Thank you very much!
I don't know form where I can download the VAM updates, please help me get registered for alerts.
I have another question. I have set my Asset Collector Service to an QualysGuard account. Now, how I can correlate with the vulnerabilities found by Qualys? enVision does the correlation automatically, or I have to do something manually?
You can get VAM updates from SCOL, register there if you haven't already, you will get automated alerts after registration.
Once you have integrated Qualys, you can browse for assets and Vulnerabilities and generate reports. You can write your own corr rule for events from supported IDSs and map the vulnerabilities against Qualys to reduce false positives.
I will also advise you to refer online help to get some ideas (if you havent done so already). There is a chapter called "Vulnerability and Asset Management"
I think there is some limitation in my opinion in how the VAM service works. I can't seem to find my emails regarding the issue, but I was dissapointed that I couldn't parse logs as Envision imports the vulnerability data not into the standard DB. There was other issues as well I just can't remember right now.