Tenable SecurityCenter Data Feeds for RSA Archer IT Security Vulnerability Program

Similar documents
Digital Defense Frontline VM 6.0

<Partner Name> <Partner Product> RSA ARCHER GRC Platform Implementation Guide. Swimlane 2.x

<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1

How-to Guide: Tenable for McAfee epolicy Orchestrator. Last Updated: April 03, 2018

<Partner Name> <Partner Product> RSA ARCHER GRC Platform Implementation Guide. WhiteHat Security Sentinel

Tenable for McAfee epolicy Orchestrator

<Partner Name> RSA ARCHER GRC Platform Implementation Guide. RiskLens <Partner Product>

Tenable for McAfee epolicy Orchestrator

<Partner Name> RSA NETWITNESS Security Operations Implementation Guide. Swimlane 2.x. <Partner Product>

<Partner Name> RSA ARCHER GRC Platform Implementation Guide. Global-Regulation International Law Search V. 1. <Partner Product>

<Partner Name> RSA ARCHER GRC Platform Implementation Guide. Gurucul Risk Analytics. <Partner Product>

Tenable for Palo Alto Networks

How-to Guide: Tenable Applications for Splunk. Last Revised: August 21, 2018

Tenable for ServiceNow. Last Updated: March 19, 2018

Tenable.io for Thycotic

ForeScout Extended Module for Tenable Vulnerability Management

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Tenable.io User Guide. Last Revised: November 03, 2017

Chapter 5: Vulnerability Analysis

Tenable.sc-Tenable.io Upgrade Assistant Guide, Version 2.0. Last Revised: January 16, 2019

How-to Guide: Tenable.io for Lieberman. Last Revised: August 14, 2018

Scheduling WebEx Meetings with Microsoft Outlook

McAfee Endpoint Encryption

SSH Product Overview

Integration with Tenable Security Center

Task Scheduling. Introduction to Task Scheduling. Configuring a Recurring Task

Detector Service Delivery System (SDS) Version 3.0

Reporter User Guide RapidFire Tools, Inc. All rights reserved Ver 4T

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Check Point SmartEndpoint Security

RSA SecurID Implementation

USM Anywhere AlienApps Guide

How-to Guide: JIRA Plug-in for Tenable.io. Last Revised: January 29, 2019

How-to Guide: Tenable Nessus for BeyondTrust. Last Revised: November 13, 2018

SSH Communications Tectia SSH

VMware Identity Manager vidm 2.7

Qualys SAML & Microsoft Active Directory Federation Services Integration

Barracuda Networks NG Firewall 7.0.0

Configuring Vulnerability Assessment Devices

Cisco Threat Intelligence Director (TID)

SECARDEO. certbox. Help-Manual. Secardeo GmbH Release:

Ipswitch MOVEit File Transfer (DMZ)

<Partner Name> RSA ARCHER GRC Platform Implementation Guide. Wolters Kluwer Regulatory Data Feeds. <Partner Product>

Integrate HEAT Software with Bomgar Remote Support

Configuring SSL. SSL Overview CHAPTER

Qualys Cloud Platform (VM, PC) v8.x Release Notes

Venafi Server Agent Agent Overview

HEAT Software Integration with Remote Support

Forescout. eyeextend for Palo Alto Networks Wildfire. Configuration Guide. Version 2.2

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

Scheduling WebEx Meetings with Microsoft Outlook

How to Transition from Nessus to SecurityCenter Reports

RSA NetWitness Logs. Tenable Nessus. Event Source Log Configuration Guide. Last Modified: Wednesday, August 09, 2017

0. Introduction On-demand. Manual Backups Full Backup Custom Backup Store Your Data Only Exclude Folders.

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

Barracuda Networks SSL VPN

AirWatch Mobile Device Management

Using the VMware vcenter Orchestrator Client. vrealize Orchestrator 5.5.1

<Partner Name> <Partner Product> RSA SECURID ACCESS Authenticator Implementation Guide. Intel Security Drive Encryption 7.1.3

Key Technologies for Security Operations. Copyright 2014 EMC Corporation. All rights reserved.

Reporting Guide V7.0. iprism Web Security

Scanning-Less Scanning. Installation Guide

Configuring SSL CHAPTER

Tenable SCAP Standards Declarations. June 4, 2015 (Revision 11)

ForeScout Extended Module for Qualys VM

Palo Alto Networks PAN-OS

ClearPass and Tenable.sc Integration Guide. Tenable.sc. Integration Guide. ClearPass. ClearPass and Tenable.sc - Integration Guide 1

Using the VMware vrealize Orchestrator Client

Data Insight Feature Briefing Box Cloud Storage Support

vcenter Support Assistant User's Guide

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. Ralf Kaltenbach, Regional Director RSA Germany

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

Outlook 2007 Web Access User Guide

Acronis Data Cloud plugin for ConnectWise Automate

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Cisco Adaptive Security Appliance 9.5(2)

ZENworks 2017 Audit Management Reference. December 2016

Intel Security/McAfee Endpoint Encryption

vcenter Support Assistant User's Guide

Configuring SSL. SSL Overview CHAPTER

RSA Ready Implementation Guide for. GlobalSCAPE EFT Server 7.3

Cisco Threat Intelligence Director (TID)

The Scheduler & Hotkeys plugin PRINTED MANUAL

12/05/2017. Geneva ServiceNow Security Management

Scheduling WebEx Meetings with Microsoft Outlook

ForeScout Extended Module for HPE ArcSight

Scheduling WebEx Meetings with Microsoft Outlook

RSA Ready Implementation Guide for

NETWRIX GROUP POLICY CHANGE REPORTER

<Partner Name> <Partner Product> RSA NETWITNESS Security Operations Implementation Guide. Gurucul Risk Analytics

ADFS integration with Ibistic Commerce Platform A walkthrough of the feature and basic configuration

<Partner Name> <Partner Product> RSA SECURID ACCESS. Pulse Secure Connect Secure 8.3. Standard Agent Client Implementation Guide

Xceedium Xsuite. Secured by RSA Implementation Guide for 3rd Party PKI Applications. Partner Information. Last Modified: February 10 th, 2014

Publishing and Subscribing to Cloud Applications with Data Integration Hub

Revised: 22 November Integration Guide

Barracuda Threat Scanner for Exchange

Integrate Saint Security Suite. EventTracker v8.x and above

RSA SecurID Ready Implementation Guide

SecurityCenter 5.1 Administration Guide. November 12, 2015 (Revision 2)

KYOCERA Net Admin User Guide

IBM Security AppScan Enterprise v9.0.1 Importing Issues from Third Party Scanners

Transcription:

<Partner Name> <Partner Product> RSA ARCHER GRC Platform Implementation Guide Tenable SecurityCenter Data Feeds for RSA Archer IT Security Vulnerability Program Wesley Loeffler, RSA Engineering Last Modified: August, 2018

Solution Summary As the creator of Nessus, Tenable extended its expertise in vulnerabilities to deliver Tenable.io, the world s first platform to see and secure any digital asset on any computing platform. Tenable SecurityCenter consolidates and evaluates vulnerability data across your organization, prioritizing security risks and providing a clear view of your security posture. The integration of Tenable SecurityCenter with the RSA Archer IT & Security Vulnerabilities Program use case enables customers to leverage the discovered devices and catalog those network devices with the vulnerability library. With RSA Archer, customers can then identify which assets require remediation based on the business priority of that asset. Integration Features The Tenable SecurityCenter integration with RSA Archer enables organizations to: Catalog network devices on a corporate network Discover network device vulnerabilities using scanning technology Supplement the Vulnerability Library with Tenable s knowledge base Partner Integration Overview RSA Archer Solution RSA Archer Use Case RSA Archer Applications Uses Custom Application Requires On-Demand License IT Security Vulnerabilities Program IT Security Risk Management Devices, Vulnerability Library, Vulnerability Scan Results No No The following diagram provides an overview of the use cases and application relationships. 2

Installation and Configuration Before You Begin This section provides instructions for configuring the Tenable SecurityCenter Data Feeds for the RSA Archer IT Security Vulnerability Program use case. This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. The RSA Archer IT Security Vulnerability Program use case must be installed and working prior to performing the integration. Perform the necessary tests to confirm that this is true prior to proceeding. Important: The integration described in this guide is being provided as a reference implementation for evaluation and testing purposes. It may or may not meet the needs and use cases for your organization. If additional customizations or enhancements are needed, it is recommended that customers contact RSA Professional Services for assistance. Prerequisites (System Requirements) The Devices, Vulnerability Library, and Vulnerability Scan Results applications are required for installation and operation of the Tenable SecurityCenter Data Feeds for the IT Security Vulnerability Program use case. These applications serve as the targets for the data feeds. Components RSA Archer Pre-Requisite Applications Recommended Software RSA Archer 6.4 SP1 or later Devices, Vulnerability Library, Vulnerability Scan Results - (RSA Archer IT Security Vulnerability Program) 3

Data Feed Configuration The following data feeds are used as part of the Tenable SecurityCenter integration process: SecurityCenter Plugins is a JavaScript transporter data feed that fetches data from https://tenablesc.eastus.cloudapp.azure.com and creates/updates the records in the Vulnerability Library application. SecurityCenter Vulns is a JavaScript transporter data feed that fetches data from https://tenablesc.eastus.cloudapp.azure.com and creates/updates the records in the Vulnerability Scan Results application. SecurityCenter Vulns (Hosts) is a JavaScript transporter data feed that fetches data from https://tenablesc.eastus.cloudapp.azure.com and creates/updates the records in the Devices application. There are multiple data feeds available for the ITSVP use case. Depending on which data feeds you intend to use, they will need to be configured in the order listed below. Import and run the data feeds in the following order: 1. Set Up the NVD Data Feed 2. Set up the Qualys KnowledgeBase Data Feed 3. Set Up the Qualys Hosts Data Feed 4. Set Up the Qualys Hosts Extracted from Detections Data Feed 5. Set Up the Qualys Detections Data Feed 6. Set Up the Security Center Plugins Data Feed 7. Set Up the Security Center Vulnerabilities Data Feed 8. Set Up the Security Center Vulnerabilities (Hosts) Data Feed 9. Set Up the Data Feed for Vulnerability Historical Data After setting up the data feeds, you can schedule them to run when you want to. By default, the SecurityCenter Plugins data feed is scheduled to run on the 1st Sunday of every month and the remainder of the SecurityCenter feeds are reference feeds that will subsequently initiate after the completion of the preceding feed. For more information, see the Scheduling Data Feeds section. Configure the JavaScript Transporter Settings Before you upload a JavaScript file, you must configure JavaScript Transporter settings in the RSA Archer Control Panel. 1. On the General tab, go to the JavaScript Transporter section. a. Open the RSA Archer Control Panel. b. Go to Instance Management and select All Instances. c. Select the instance. 4

d. On the General tab, go to the JavaScript Transporter section. 2. In the Max Memory Limit field, set the value to 2048 MB (2 GB). 3. In the Script Timeout field, set the value to 120 minutes (2 hours). 4. (Optional) If you want to allow only digitally signed JavaScript files in the data feed, enable Require Signature. a. In the JavaScript Transporter Settings section, enable Require Signature. b. A new cell appears in the Signing Certificate Thumbprints section. c. Double-click an empty cell in the Signing Certificate Thumbprints section. d. Enter the digital thumbprint of the trusted certificate used to sign the JavaScript file. e. Note: For information on how to obtain digital thumbprints, see Obtaining Digital Thumbprints. f. Important: If you enable Require Signature and specify no thumbprints, no JavaScript files will be accepted by the system. g. (Optional) If you want to add additional thumbprint sources, repeat steps b-c for each thumbprint. 5. On the toolbar, click Save. Obtaining Digital Thumbprints When running JavaScript data feeds, you can set the system to only allow digitally signed JavaScript files from trusted sources for security considerations. For a certificate to be trusted, all the certificates in the chain including the Root CA Certificate and Intermediate CA certificates must be trusted on both the Web Server and Services Server machines. Obtaining a Certificate Thumbprint 1. On the RSA Archer Control Panel environment, open the Manage Computer Certificates program. a. Click Start. b. Type: certificate c. From the search results, click Manage computer certificates. 2. Ensure that your trusted source certificates are located in the Certificates sub-folder of the Trust Root Certification Authorities folder. 3. Within the Certificates sub-folder, double-click the certificate whose thumbprint you want to obtain. 4. Verify that the certificate is trusted. a. In the Certificate window, click the Certification Path tab. 5

b. Ensure that the Certificate Status windows displays the following message: c. This certificate is OK. Note: If the Certificate Status windows displays something different, follow the onscreen instructions. 5. Obtain the trusted certificate thumbprint. a. In the Certificate window, click the Details tab. b. Scroll to, and select, the Thumbprint field. c. The certificate's digital thumbprint appears in the window. Set Up the Security Center Plugins Data Feed Important: Before you upload a JavaScript file, configure JavaScript Transporter settings in the RSA Archer Control Panel. For more information, see Configure the JavaScript Transporter Settings. Important: Updates to the API files used in the JavaScript Transporter (SecurityCenterAPI.js) can only be achieved in a hosted environment with a Professional Services engagement. For more information, contact your account representative. 1. Go to the Manage Data Feeds page. a. From the menu bar, click. b. Under Integration, click Data Feeds. 2. In the Manage Data Feeds section, click Import. 3. Locate and select the Security_Center_Plugins.dfx5 file for the data feed. 4. Click Open. 5. In the General Information section, in the Status field, select Active. 6. In the Additional Properties section, enable Optimize Calculations. 7. Click the Transport tab. 8. In the Transport Configuration section, complete the following: a. Click Upload. b. From the Upload JavaScript File dialog, click Add New. c. Locate and select the SecurityCenterAPI.js file, and click Open. d. From the Upload JavaScript File dialog, click OK. 9. In the Custom Parameters section, enter key values. The following table describes the value to enter for each key in Custom Parameters. 6

Key Username Password datasource URL Value plugins For example, https://tenablesc.eastus.cloudapp.azure.com ignorelastruntime false verifycerts false Note: The listed values are in place by default. They can be configured to suit your environment. Important: The keys and values are case-sensitive, and cannot include extra spaces at the end of the strings. 10. (Optional) Add startoffset and endoffset as new keys. Note: The startoffset parameter specifies the first record in the range you want to retrieve and the endoffset parameter specifies the last record in the range you want to retrieve. Use these parameters to parse data into consumable sizes. For more information, see the Tenable Security Center API Best Practices Guide. a. Click Add New. b. Enter startoffset as the key. c. Define a valid value for the startoffset key. d. Click Add New. e. Enter endoffset as the key. f. Define a valid value for the endoffset key. 11. For each key type, determine whether you want it to be Protected or Plain Text. Selecting Protected encrypts the key value for the specified key in the log. 12. Click the Source Definition tab. a. Click the Tokens sub-tab. b. Verify token values. c. The following table describes token values to verify. 7

Token Value BatchContentSave 1000 LastRunTime LastFileProcessed PreviousRunContext Note: For more information about tokens, see "Data Feed Tokens" in the RSA Archer Online Documentation. 13. Verify that key field values are not missing from the data feed setup window. 14. Click Save. Set Up the Security Center Vulnerabilities Data Feed Important: Before you upload a JavaScript file, configure JavaScript Transporter settings in the RSA Archer Control Panel. For more information, see Configure the JavaScript Transporter Settings. Important: Updates to the API files used in the JavaScript Transporter (SecurityCenterAPI.js) can only be achieved in a hosted environment with a Professional Services engagement. For more information, contact your account representative. 1. Go to the Manage Data Feeds page. a. From the menu bar, click. b. Under Integration, click Data Feeds. 2. In the Manage Data Feeds section, click Import. 3. Locate and select the Security_Center_Vulns.dfx5 file for the data feed. 4. Click Open. 5. In the General Information section, in the Status field, select Active. 6. In the Additional Properties section, enable Optimize Calculations. 7. Click the Transport tab. 8. In the Transport Configuration section, complete the following: a. Click Upload. b. From the Upload JavaScript File dialog, click Add New. 8

c. Locate and select the SecurityCenterAPI.js file, and click Open. d. From the Upload JavaScript File dialog, click OK. 9. In the Custom Parameters section, enter key values. The following table describes the value to enter for each key in Custom Parameters. Key Username Password datasource URL Value vulns For example, https://tenablesc.eastus.cloudapp.azure.com ignorelastruntime false vulnseverities 4,3,2,1 vulndatefiltertype firstseen vulnloadactive true vulnloadpatched verifycerts true false Note: The listed values are in place by default. They can be configured to suit your environment. Important: The keys and values are case-sensitive, and cannot include extra spaces at the end of the strings. 10. (Optional) Add startoffset and endoffset as new keys. Note: The startoffset parameter specifies the first record in the range you want to retrieve, and the endoffset parameter specifies the last record in the range you want to retrieve. Use these parameters to parse data into consumable sizes. For more information, see the Tenable Security Center API Best Practices Guide. a. Click Add New. b. Enter startoffset as the key. 9

c. Define a valid value for the startoffset key. d. Click Add New. e. Enter endoffset as the key. f. Define a valid value for the endoffstart key. 11. For each key type, determine whether you want it to be Protected or Plain Text. Selecting Protected encrypts the key value for the specified key in the log. 12. Click the Source Definition tab. a. Click the Tokens sub-tab. b. Verify token values. The following table describes token values to verify. Token Value BatchContentSave 1000 LastRunTime LastFileProcessed PreviousRunContext CrossReferencesMode LinkOnly RelatedReferencesMode LinkOnly Note: For performance reasons, the CrossReferencesMode and RelatedReferencesMode tokens are link only to all other applications. Note: For more information about tokens, see "Data Feed Tokens" in the RSA Archer Online Documentation. 13. Verify that key field values are not missing from the data feed setup window. 14. Click Save. 10

Set Up the Security Center Vulnerabilities (Hosts) Data Feed Important: Before you upload a JavaScript file, configure JavaScript Transporter settings in the RSA Archer Control Panel. For more information, see Configure the JavaScript Transporter Settings. Important: Updates to the API files used in the JavaScript Transporter (SecurityCenterAPI.js) can only be achieved in a hosted environment with a Professional Services engagement. For more information, contact your account representative. 1. Go to the Manage Data Feeds page. a. From the menu bar, click. b. Under Integration, click Data Feeds. 2. In the Manage Data Feeds section, click Import. 3. Locate and select the Security_Center_Vulns_(Hosts).dfx5 file for the data feed. 4. Click Open. 5. In the General Information section, in the Status field, select Active. 6. In the Additional Properties section, enable Optimize Calculations. 7. Click the Transport tab. 8. In the Transport Configuration section, complete the following: a. Click Upload. b. From the Upload JavaScript File dialog, click Add New. c. Locate and select the SecurityCenterAPI.js file, and click Open. d. From the Upload JavaScript File dialog, click OK. 9. In the Custom Parameters section, enter key values. The following table describes the value to enter for each key in Custom Parameters. Key Username Password datasource Value hosts 11

Key URL Value For example, https://tenablesc.eastus.cloudapp.azure.c om ignorelastruntime false vulnseverities 4,3,2,1 vulndatefiltertype vulnloadactive firstseen true vulnloadpatched verifycerts true false Note: The listed values are in place by default. They can be configured to suit your environment. Important: The keys and values are case-sensitive, and cannot include extra spaces at the end of the strings. 10. (Optional) Add startoffset as a new key. Note: The startoffset parameter specifies the first record in the range you want to retrieve, and the endoffset parameter specifies the last record in the range you want to retrieve. Use these parameters to parse data into consumable sizes. For more information, see the Tenable Security Center API Best Practices Guide. a. Click Add New. b. Enter startoffset as the key. c. Define a valid value for the startoffset key. d. Click Add New. e. Enter endoffset at the key. f. Define a valid value for the endoffset key. 11. For each key type, determine whether you want it to be Protected or Plain Text. Selecting Protected encrypts the key value for the specified key in the log. 12. Click the Source Definition tab. a. Click the Tokens sub-tab. 12

b. Verify token values. The following table describes token values to verify. Token Value BatchContentSave 1000 LastRunTime LastFileProcessed PreviousRunContext Note: For more information about tokens, see Data Feed Tokens in the RSA Archer Online Documentation. 13. Verify that key field values are not missing from the data feed setup window. 14. Click Save. Scheduling Data Feeds Important: A data feed must be active and valid to successfully run. As you schedule your data feed, the Data Feed Manager validates the information. If any information is invalid, an error message displays. You can save the data feed and correct the errors later; but the data feed does not process until you make corrections. Note: All IT Security Vulnerabilities Program data feeds are set to run daily by default. 1. Go to the Schedule tab of the data feed that you want to modify. a. From the menu bar, click. b. Under Integration, click Data Feeds. c. Select the data feed. d. Click the Schedule tab. 2. Go to the Recurrences section and complete frequency, start and stop times, and time zone. The following table describes the fields in the Recurrences section. 13

Field Frequency Description Specifies the interval in which the data feed runs, for example, Minutely, Hourly, Daily, Weekly, Monthly, or Reference. Minutely. Runs the data feed by the interval set. For example, if you specify 45 in the Every list, the data feed executes every 45 minutes. Hourly. Runs the data feed by the interval set, for example, every hour (1), every other hour (2) and so forth. Daily. Runs the data feed by the interval set, for example, every day (1), every other day (2) and, so forth. Weekly. Runs the data feed based on a specified day of the week, for example, every Monday of the first week (1), every other Monday (2), and so forth. Monthly. Runs the data feed based on a specified week of the month, for example, 1st, 2nd, 3rd, 4th, or Last. Recurrence. Runs a specified data feed as runs before the current one. This option indicates to the Data Feed Service that this data feed starts as soon as the referenced data feed completes successfully. For example, you can select to have a Threats data feed run immediately after your Assets data feed finishes. From the Reference Feed list, select after which existing data feed the current data feed starts. A reference data feed will not run when immediately running a data feed. The Run Data Feed Now option only runs the current data feed. Every Start Time Start Date Time Zone Specifies the interval of the frequency in which the data feed runs. Specifies the time the data feed starts running. Specifies the date on which the data feed schedule begins. Specifies the time zone in of the server that runs the data feed. 3. (Optional) To override the data feed schedule and immediately run your data feed, in the Run Data Feed Now section, click Start. 4. Click Save. 14

Certification Environment for RSA Archer GRC Date Tested: August, 2018 Certification Environment Product Name Version Information Operating System RSA Archer GRC 6.4 SP1 Virtual Appliance Tenable Security Center NA NA 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback