0
(0)

F-Secure Elements Vulnerability Management has a built-in mechanism to bind and track assets coming from different sources to network vulnerability scans inside a specific scan group.

This means that if the new asset is discovered in a given asset source, it will be created or deleted as a network vulnerability scan (web scan or system scan) inside a scan group. Currently, the supported built-in asset sources are discovery scans and internet discovery, which are both supported via API and the user interface. Uploading a custom asset endpoint is also supported, but only via API.

    1. List the currently configured custom asset sources:

curl -X POST https://api.radar.f-secure.com/api/integration/assetMonitoring/withStartIndex/0/andPageSize/250
-H ‘Content-Type: application/json’
-H ‘ApiAccessKey: {ApiAccessKey}’
-H ‘ApiSecretKey: {ApiSecretKey}’
-d ‘{“AssetSourceType”: “Custom”}’

    1. Create a new custom asset source.

Replace the parameters marked with {} with your own values.

curl -X POST https://api.radar.f-secure.com/api/integration/assetmonitoring/custom
-H ‘Content-Type: application/json’
-H ‘ApiAccessKey: {ApiAccessKey}’
-H ‘ApiSecretKey: {ApiSecretKey}’
-d ‘{
“ScanGroupId”: “{ScanGroupId}”,
“TrackSystemScans”: true,
“TrackWebScans”: true,
“AlwaysAddNewSystemScans”: false,
“AlwaysAddNewWebScans”: false,
“RemoveSystemScanWhenUndiscovered”: true,
“RemoveWebScanWhenUndiscovered”: true,
“AssetSourceType”: “Custom”,
“TrackedHttpPortRangeForWebScan”: “80”,
“TrackedHttpsPortRangeForWebScan”: “443”,
“RunSystemScanImmediatelyAfterAdd”: false,
“RunWebScanImmediatelyAfterAdd”: false,
“ScheduleId”: null,
“RunSystemScanImmediatelyIfNewServicesDiscovered”: false
}’

The response will give you the unique identifier for the asset update source configuration.

    1. Retrieve a list of machines from Active Directory, for example using the ldapsearch command on Linux, and convert it to JSON format.
    2. Upload the list of machines that should use the custom asset source update configuration and verify that the scans have been created inside the defined scan group:

curl -X POST https://api.radar.f-secure.com/api/integration/assetmonitoring/custom/{AssetSourceId}/assets
-H ‘Content-Type: application/json’
-H ‘ApiAccessKey: {ApiAccessKey}’
-H ‘ApiSecretKey: {ApiSecretKey}’
-d ‘[
{
“IPAddress”: “192.168.1.1”
},
{
“IPAddress”: “192.168.1.2”,
“HostName”: “domain2.com”
},
{
“IPAddress”: “192.168.1.3”,
“HostName”: “domain3.com”,
“DiscoveredAssetPorts”: [
{
“Port”: “80”,
“Protocol”: “TCP”,
“Service”: “https”
}
]
}
]’

The upload triggers the addition of a new scan definition only if it was not uploaded before. Therefore, uploading the same list again does not change the list of network vulnerability scans within the defined scan group.

    1. Create a Windows Scheduled Task to run the F-Secure Elements Vulnerability Management asset monitoring script.

Typically, you should set the task to be triggered at an interval of several hours. For more information on scheduling a task, see: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc748993(v=ws.11).

Note: Make sure that the task runs the script with sufficient access rights so that it can write to log files and access F-Secure Elements Vulnerability Management API.

Source : Official F-Secure Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 14 times, 1 visits today)