Vulnerability scan metadata that are generated by out of the box supported vulnerability scanning tools (Retina, Nessus, Qualys) and/or the SWORDFISH Vulnerability Management console, are automatically modeled and analyzed by the SIEM, assigned to the asset model as a “Vulnerability” factor, reducing false-positives and, finally, increasing the alert-criticality level depending on whether an attack vector meets certain conditions that can prove it being successful.
This analytics operation results in risk-based prioritization of attacks. For instance, attacks occurring against systems that are vulnerable to the attack reported by the IDS/IDP are given a higher priority than an attack where the target system is not vulnerable.
The vulnerability information that is now contained in the assets is automatically correlated with attack information provided by other third party systems, such as intrusion detection or prevention systems (IDS/IDP) or other correlation rules.
Out of the box supported integrations are:
- Swordfish VMC
- eEye REM Security Management Console
- eEye Retina Network Security Scanner
- Harris STAT Scanner
- ISS Internet Scanner
- McAfee Vulnerability Manager
- nCircle IP360 Device Profiler
- nCircle IP360 Threat Monitor
- Qualys Guard
- Rapid 7 NeXpose
- Symantec NetRecon
- Tenable Nessus
- Visionael Security Audit
- Saint Vulnerability Scanner