Established Member.. swapnil7
Established Member..
115 views

We want to integrate Nessus vulnerability reports in ArcSight and track exploit

We want to integrate Nessus vulnerability reports in ArcSight in such a way that when any exploit is happening on open vulnerability we get an email and a dashboard is populated with the events. When we see above logs in dashboard, our monitoring team will be doing more analyses. The purpose of having this is to see any real-time exploit is happening on the network.

0 Likes
2 Replies
Super Contributor.. simon.simcic@sr Super Contributor..
Super Contributor..

Re: We want to integrate Nessus vulnerability reports in ArcSight and track exploit

Take a look at this, but you need an IPS to generate an exploit event.

https://www.youtube.com/watch?v=OGdGLilBzog

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: We want to integrate Nessus vulnerability reports in ArcSight and track exploit

If you are importing your assets into ArcSight ESM and/or ingest nessus scan reports into ESM to create assets with vulnerabilities attached to them then it is possible to use this as rule conditions.

For example you could have a rule that looks at all your correlated events (all your other rules that trigger) and check if any of the hosts that triggered your other rules also has a vulnerability with the condition called "hasVulnerability".

If the new rule triggers, it could populate an activelist or just create a new correlated event with a specific tag of extra information taken from the vulnerabilities and host information from the base/correlated event.

Then you have a dashboard which either queries these new activelists or queries for your new correlated events that are tagged with the specific vulnerability information you want to display.

Would that be something that could work?

 

-----------------------------------------------------------------------------------------
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.
//Marius
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.