The first step in setting up the Vulnerability Management Extra will be to tell it which of the supported platforms you will be importing results from. Currently available options include highly regarded platforms such as Qualys, which is known for its comprehensive cloud-based security and compliance solutions; Rapid7 InsightVM Cloud, a robust platform that provides real-time visibility and actionable insights into vulnerabilities; Rapid7 InsightVM On-Premise, which offers similar capabilities but is tailored for organizations that prefer to manage their data on-site; Rapid7 Nexpose, a tool designed for continuous vulnerability management; and Tenable.io, which specializes in cloud-based vulnerability management. Each of these options has its unique strengths, so you can choose the one that aligns best with your organizational needs and workflows. It's also worth noting that integrations with Tenable.sc are on the SimpleRisk roadmap, which means that future enhancements will expand your integration capabilities even further. This flexibility is designed to ensure that you can leverage your existing tools to enhance your overall vulnerability management strategy.
After selecting your preferred vulnerability management platform(s), the next step is to input the necessary credentials to establish a connection. Below, you'll find an example of the configuration settings for Tenable.io; however, each platform will provide its own specific configuration requirements. Since SimpleRisk only accesses data in a read-only capacity, using an account with read-only permissions will be sufficient.
If your login credentials are correct, you will receive a confirmation message indicating that you have successfully connected to the server. Once authenticated, you will be presented with a list of available sites. Please keep in mind that the visibility of these sites is determined by the permissions assigned to the user account you used for authentication.
Once you've chosen the sites you wish to import, don't forget to click on "Select." The final step is to set up the import options. You will find three different options available for you to choose from:
If the "Import Assets" option is selected, SimpleRisk will gather and import the list of all assets associated with the chosen site(s). You can find these assets under the "Asset Management" menu in SimpleRisk. We will also strive to include any additional data we have for each asset and categorize them accordingly.
The "Automatically import vulnerabilities with a score greater than or equal to" checkbox allows you to set a minimum threshold for the vulnerabilities you wish to import. We recommend starting with a higher value, such as 9 or 10, and then gradually lowering it to refine your data set. Please note that once vulnerabilities are imported, it can be challenging to remove them. If you set this value to "0," all vulnerabilities that have an associated CVSS score will be imported.
The "Automatically triage vulnerabilities with a score greater than or equal to" checkbox defines the minimum severity level for vulnerabilities that will be automatically triaged and converted into risks. We suggest keeping this option unchecked initially, so you can review the complete list of vulnerabilities before deciding whether to triage them manually or let the system handle it automatically. The SimpleRisk system will also automatically eliminate duplicate vulnerabilities to ensure that a single risk is created and linked to all relevant assets.
Schedule
The next step in configuring the Vulnerability Management Extra is to establish a schedule for its operation. You can choose from several options: Hourly, Daily, Weekly, or Monthly. Please be aware that all updates will be executed at midnight based on the system's time zone. Additionally, this feature relies on the SimpleRisk global cron for proper functionality, so it is essential to ensure that this has been configured correctly.
If you choose not to check the "Automatically update from VM platforms" option, the system will not automatically update the vulnerability information. However, you can always manually initiate the update process by selecting "Save and Run Now," regardless of your automatic update settings. This process will run in the background, so you don't need to remain on this page. For updates on the progress, you can refer to the "Log" menu, which is detailed below.
Log
The "Log" menu in the Vulnerability Extra provides a detailed overview of the log entries from your most recent run. It tracks the timing of various steps and their durations. Since all actions are processed sequentially, the time taken can vary significantly based on factors such as the vulnerability management platform in use, the number of sites, the number of vulnerabilities, and the total number of assets being assessed. Pay special attention to entries highlighted in red, as they indicate issues that may require your attention.
Summary
The "Configure" menu in the Vulnerability Management Extra is where an administrative user will go in order to configure the various options available to them to import asset and vulnerability data from their VM platform into SimpleRisk.