Juniper Secure Analytics Managing Vulnerability Assessment PDF Free Download

1y ago

15 Views

1 Downloads

1,005.32 KB

113 Pages

Report/dmca

Download PDF

Transcription

Juniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, California 94089USA408-745-2000www.juniper.netCopyright 2014, Juniper Networks, Inc. All rights reserved.Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the UnitedStates and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All othertrademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.Juniper Secure Analytics Managing Vulnerability AssessmentCopyright 2014, Juniper Networks, Inc.All rights reserved.The information in this document is current as of the date on the title page.YEAR 2000 NOTICEJuniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through theyear 2038. However, the NTP application is known to have some difficulty in the year 2036.END USER LICENSE AGREEMENTThe Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networkssoftware. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted athttp://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to the terms and conditions ofthat EULA.iiCopyright 2014, Juniper Networks, Inc.

Table of ContentsAbout the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ixDocumentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ixDocumentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ixDocumentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiRequesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiSelf-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiOpening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiPart 1Juniper Secure Analytics Vulnerability AssessmentChapter 1Vulnerability Assessment Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Vulnerability Assessment Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Chapter 2Managing Beyond Security Automatic Vulnerability Detection SystemScanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Beyond Security Automatic Vulnerability Detection System ScannerOverview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Adding a Beyond Security AVDS Vulnerability Scanner . . . . . . . . . . . . . . . . . . . . . . 5Chapter 3Managing eEye Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9eEye Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Adding an eEye REM SNMP Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Adding an eEye REM JDBC Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Installing the Unrestricted Java Cryptography Extension . . . . . . . . . . . . . . . . . . . . 13Chapter 4Managing IBM Security AppScan Enterprise Scanners . . . . . . . . . . . . . . . . . 15IBM Security SiteProtector Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Creating a Customer User Type for IBM AppScan . . . . . . . . . . . . . . . . . . . . . . . . . . 16Enabling Integration with IBM Security AppScan Enterprise . . . . . . . . . . . . . . . . . 16Creating an Application Deployment Map in IBM Security AppScanEnterprise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Publishing the Completed Reports in IBM AppScan . . . . . . . . . . . . . . . . . . . . . . . . 18Adding an IBM AppScan Vulnerability Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Chapter 5Managing an IBM Security Guardium Scanner . . . . . . . . . . . . . . . . . . . . . . . . . 21IBM Security Guardium Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Adding an IBM Security Guardium Vulnerability Scanner . . . . . . . . . . . . . . . . . . . . 22Chapter 6Managing IBM Security SiteProtector Scanner . . . . . . . . . . . . . . . . . . . . . . . . 25IBM Security SiteProtector Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25Adding an IBM SiteProtector Vulnerability Scanner . . . . . . . . . . . . . . . . . . . . . . . . 25Copyright 2014, Juniper Networks, Inc.iii

Juniper Secure Analytics Managing Vulnerability AssessmentChapter 7Managing IBM Security Tivoli Endpoint Manager Scanner . . . . . . . . . . . . . . 29IBM Security Tivoli Endpoint Manager Scanner Overview . . . . . . . . . . . . . . . . . . . 29Adding an IBM Security Tivoli Endpoint Manager Vulnerability Scanner . . . . . . . . 29Chapter 8Managing Foundstone FoundScan Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . 33Foundstone FoundScan Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33Adding a Foundstone FoundScan Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Importing Certificates for Foundstone FoundScan . . . . . . . . . . . . . . . . . . . . . . . . . 35Chapter 9Managing nCircle IP360 Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37nCircle IP360 Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Exporting nCircle IP360 Scan Results To an SSH Server . . . . . . . . . . . . . . . . . . . . 38Adding a nCircle IP360 Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Chapter 10Managing Nessus Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Nessus Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Adding a Nessus Scheduled Live Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42Adding an Nessus Live Scan with the XMLRPC API . . . . . . . . . . . . . . . . . . . . . . . . 44Adding a Nessus Scheduled Result Import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Adding a Nessus Completed Report Import with the XMLRPC API . . . . . . . . . . . . 47Chapter 11Managing NMap Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49NMap Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Adding a NMap Remote Result Import . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Adding a NMap Remote Live Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Chapter 12Managing Qualys Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Qualys Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Adding a Qualys Detection Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55Adding a Qualys Scheduled Live Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57Adding a Qualys Scheduled Import Asset Report . . . . . . . . . . . . . . . . . . . . . . . . . 59Adding a Qualys Scheduled Import Scan Report . . . . . . . . . . . . . . . . . . . . . . . . . . 60Chapter 13Managing Juniper Profiler NSM Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Juniper Profiler NSM Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Adding a Juniper NSM Profiler Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Chapter 14Managing Rapid7 NeXpose Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Rapid7 NeXpose Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Adding a Rapid7 NeXpose Scanner API Site Import . . . . . . . . . . . . . . . . . . . . . . . . 67Adding a Rapid7 NeXpose Scanner Local File Import . . . . . . . . . . . . . . . . . . . . . . 69Chapter 15Managing netVigilance SecureScout Scanner . . . . . . . . . . . . . . . . . . . . . . . . . 71netVigilance SecureScout Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71Adding a netVigilance SecureScout Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72Chapter 16Managing McAfee Vulnerability Manager Scanner . . . . . . . . . . . . . . . . . . . . . 75McAfee Vulnerability Manager Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . 75Adding a Remote XML Import Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76Adding a McAfee Vulnerability Manager SOAP API Scan . . . . . . . . . . . . . . . . . . . . 77Creating Certificates for McAfee Vulnerability Manager . . . . . . . . . . . . . . . . . . . . . 79Processing Certificates for McAfee Vulnerability Manager . . . . . . . . . . . . . . . . . . 80ivCopyright 2014, Juniper Networks, Inc.

Table of ContentsImporting Certificates For McAfee Vulnerability Manager . . . . . . . . . . . . . . . . . . . . 81Chapter 17Managing SAINT Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83SAINT Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Configuring a SAINTwriter Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Adding a SAINT Vulnerability Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84Chapter 18Managing Tenable SecurityCenter Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Tenable SecurityCenter Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Adding a Tenable SecurityCenter Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87Chapter 19Managing Axis Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Axis Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Adding an AXIS Vulnerability Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Chapter 20Scheduling a Vulnerability Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Viewing the Status Of a Vulnerability Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Chapter 21Managing the Supported Vulnerability Scanner . . . . . . . . . . . . . . . . . . . . . . . 97Supported Vulnerability Scanner Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Part 2IndexIndex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Copyright 2014, Juniper Networks, Inc.v

List of TablesAbout the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ixTable 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xTable 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xPart 1Juniper Secure Analytics Vulnerability AssessmentChapter 2Managing Beyond Security Automatic Vulnerability Detection SystemScanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Table 3: Beyond Security AVDS Vulnerability Scanner AuthenticationOptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Chapter 5Managing an IBM Security Guardium Scanner . . . . . . . . . . . . . . . . . . . . . . . . . 21Table 4: IBM AppScan Enterprise Scanner Authentication Options . . . . . . . . . . . 22Chapter 10Managing Nessus Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Table 5: Nessus Scheduled Result Authentication Options . . . . . . . . . . . . . . . . . . 46Chapter 11Managing NMap Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Table 6: NMap Remote Result Import Authentication Options . . . . . . . . . . . . . . . 50Table 7: NMap Remote Live Scan Authentication Options . . . . . . . . . . . . . . . . . . . 52Chapter 16Managing McAfee Vulnerability Manager Scanner . . . . . . . . . . . . . . . . . . . . . 75Table 8: Remote XML Import Authentication Options . . . . . . . . . . . . . . . . . . . . . . 76Chapter 17Managing SAINT Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Table 9: SAINT Vulnerability Authentication Options . . . . . . . . . . . . . . . . . . . . . . 85Chapter 19Managing Axis Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Table 10: AXIS Vulnerability Scan Authentication Options . . . . . . . . . . . . . . . . . . 90Chapter 20Scheduling a Vulnerability Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Table 11: VA Scanner CIDR Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93Table 12: VA Scanner Priority Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Table 13: Scan Schedule Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94Chapter 21Managing the Supported Vulnerability Scanner . . . . . . . . . . . . . . . . . . . . . . . 97Table 14: Supported Vulnerability Scanners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Copyright 2014, Juniper Networks, Inc.vii

About the Documentation Documentation and Release Notes on page ix Documentation Conventions on page ix Documentation Feedback on page xi Requesting Technical Support on page xiiDocumentation and Release Notes To obtain the most current version of all Juniper Networks technical documentation,see the product documentation page on the Juniper Networks website athttp://www.juniper.net/techpubs/.If the information in the latest release notes differs from the information in thedocumentation, follow the product Release Notes.Juniper Networks Books publishes books by Juniper Networks engineers and subjectmatter experts. These books go beyond the technical documentation to explore thenuances of network architecture, deployment, and administration. The current list canbe viewed at http://www.juniper.net/books.Documentation ConventionsTable 1 on page x defines notice icons used in this guide.Copyright 2014, Juniper Networks, Inc.ix

Juniper Secure Analytics Managing Vulnerability AssessmentTable 1: Notice IconsIconMeaningDescriptionInformational noteIndicates important features or instructions.CautionIndicates a situation that might result in loss of data or hardware damage.WarningAlerts you to the risk of personal injury or death.Laser warningAlerts you to the risk of personal injury from a laser.Table 2 on page x defines the text and syntax conventions used in this guide.Table 2: Text and Syntax ConventionsConventionDescriptionExamplesBold text like thisRepresents text that you type.To enter configuration mode, type theconfigure command:user@host configureFixed-width text like thisItalic text like thisItalic text like thisText like this (angle brackets)xRepresents output that appears on theterminal screen.user@host show chassis alarms Introduces or emphasizes importantnew terms. Identifies guide names.A policy term is a named structurethat defines match conditions andactions. Identifies RFC and Internet draft titles. Junos OS CLI User Guide RFC 1997, BGP Communities AttributeNo alarms currently activeRepresents variables (options for whichyou substitute a value) in commands orconfiguration statements.Configure the machine’s domain name:Represents names of configurationstatements, commands, files, anddirectories; configuration hierarchy levels;or labels on routing platformcomponents. To configure a stub area, include thestub statement at the [edit protocolsospf area area-id] hierarchy level. The console port is labeled CONSOLE.Encloses optional keywords or variables.stub default-metric metric ;[edit]root@# set system domain-namedomain-nameCopyright 2014, Juniper Networks, Inc.

About the DocumentationTable 2: Text and Syntax Conventions (continued)ConventionDescriptionExamples (pipe symbol)Indicates a choice between the mutuallyexclusive keywords or variables on eitherside of the symbol. The set of choices isoften enclosed in parentheses for clarity.broadcast multicast# (pound sign)Indicates a comment specified on thesame line as the configuration statementto which it applies.rsvp { # Required for dynamic MPLS only[ ] (square brackets)Encloses a variable for which you cansubstitute one or more values.community name members [community-ids ]Indention and braces ( { } )Identifies a level in the configurationhierarchy.; (semicolon)Identifies a leaf statement at aconfiguration hierarchy level.(string1 string2 string3)[edit]routing-options {static {route default {nexthop address;retain;}}}GUI ConventionsBold text like thisRepresents graphical user interface (GUI)items you click or select. (bold right angle bracket)Separates levels in a hierarchy of menuselections. In the Logical Interfaces box, selectAll Interfaces. To cancel the configuration, clickCancel.In the configuration editor hierarchy,select Protocols Ospf.Documentation FeedbackWe encourage you to provide feedback, comments, and suggestions so that we canimprove the documentation. You can provide feedback by using either of the followingmethods: Online feedback rating system—On any page at the Juniper Networks TechnicalDocumentation site at http://www.juniper.net/techpubs/index.html, simply click thestars to rate the content, and use the pop-up form to provide us with information aboutyour experience. Alternately, you can use the online feedback form athttps://www.juniper.net/cgi-bin/docbugreport/. E-mail—Send your comments to techpubs-comments@juniper.net. Include the documentor topic name, URL or page number, and software version (if applicable).Copyright 2014, Juniper Networks, Inc.xi

Juniper Secure Analytics Managing Vulnerability AssessmentRequesting Technical SupportTechnical product support is available through the Juniper Networks Technical AssistanceCenter (JTAC). If you are a customer with an active J-Care or JNASC support contract,or are covered under warranty, and need post-sales technical support, you can accessour tools and resources online or open a case with JTAC. JTAC policies—For a complete understanding of our JTAC procedures and policies,review the JTAC User Guide located guides/7100059-en.pdf. Product warranties—For product warranty information, visithttp://www.juniper.net/support/warranty/. JTAC hours of operation—The JTAC centers have resources available 24 hours a day,7 days a week, 365 days a year.Self-Help Online Tools and ResourcesFor quick and easy problem resolution, Juniper Networks has designed an onlineself-service portal called the Customer Support Center (CSC) that provides you with thefollowing features: Find CSC offerings: http://www.juniper.net/customers/support/ Search for known bugs: http://www2.juniper.net/kb/ Find product documentation: http://www.juniper.net/techpubs/ Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/ Download the latest versions of software and review release e/ Search technical bulletins for relevant hardware and software notifications:https://www.juniper.net/alerts/ Join and participate in the Juniper Networks Community Forum:http://www.juniper.net/company/communities/ Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/To verify service entitlement by product serial number, use our Serial Number Entitlement(SNE) Tool: earch/Opening a Case with JTACYou can open a case with JTAC on the Web or by telephone. Use the Case Management tool in the CSC at http://www.juniper.net/cm/. Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).For international or direct-dial options in countries without toll-free numbers, rt.html.xiiCopyright 2014, Juniper Networks, Inc.

PART 1Juniper Secure Analytics VulnerabilityAssessment Vulnerability Assessment Scanner on page 3 Managing Beyond Security Automatic Vulnerability Detection SystemScanner on page 5 Managing eEye Scanner on page 9 Managing IBM Security AppScan Enterprise Scanners on page 15 Managing an IBM Security Guardium Scanner on page 21 Managing IBM Security SiteProtector Scanner on page 25 Managing IBM Security Tivoli Endpoint Manager Scanner on page 29 Managing Foundstone FoundScan Scanner on page 33 Managing nCircle IP360 Scanner on page 37 Managing Nessus Scanner on page 41 Managing NMap Scanner on page 49 Managing Qualys Scanner on page 55 Managing Juniper Profiler NSM Scanner on page 63 Managing Rapid7 NeXpose Scanner on page 67 Managing netVigilance SecureScout Scanner on page 71 Managing McAfee Vulnerability Manager Scanner on page 75 Managing SAINT Scanner on page 83 Managing Tenable SecurityCenter Scanner on page 87 Managing Axis Scanner on page 89 Scheduling a Vulnerability Scan on page 93 Managing the Supported Vulnerability Scanner on page 97Copyright 2014, Juniper Networks, Inc.1

CHAPTER 1Vulnerability Assessment ScannerThis chapter describes about the following sections: Vulnerability Assessment Scanner Overview on page 3Vulnerability Assessment Scanner OverviewIntegration with vulnerability assessment scanners provide administrators and securityprofessionals information build vulnerability assessment profiles for network assets.References to Juniper Secure Analytics (JSA) apply to all products capable of collectingvulnerability assessment information. Products that support scanners include JSA.Assets and asset profiles created for servers and hosts in your network provide importantinformation to assist you when resolving security issues. Networks, servers, and individualhosts within the network can be extremely complicated. The ability to collect data andview information about an asset is the purpose of the Assets tab. The goal is to connectoffenses triggered in your system to physical or virtual assets to provide a starting pointin a security investigation. Asset data is helpful to identify threats, to identify vulnerabilities,services, ports, and monitor asset usage in your network.The Assets tab in JSA is intended to provide a unified view of the information knownabout your assets. As more information is provided to the system through vulnerabilityassessment, the system updates the asset profile and incrementally builds a completepicture about your asset. Vulnerability assessment profiles use correlated event data,network activity, and behavioral changes to determine the threat level and vulnerabilitiespresent on critical business assets in your network. Integration with vulnerabilityassessment products provides administrators the ability to schedule scans and ensurethat vulnerability information is relevant for assets in the network.To collect vulnerability assessment information for JSA, administrators can select ascanner from the following support scanner list: For the list of support scanner products, see“Managing the Supported Vulnerability Scanner” on page 97. For the configuration options to add a vulnerability scanner to JSA, see “Managing Beyond Security Automatic Vulnerability Detection System Scanner” on page 5. “Managing eEye Scanner” on page 9.Copyright 2014, Juniper Networks, Inc.3

Juniper Secure Analytics Managing Vulnerability Assessment4 “Managing an IBM Security Guardium Scanner” on page 21. “Managing IBM Security AppScan Enterprise Scanners” on page 15. “Managing IBM Security Tivoli Endpoint Manager Scanner” on page 29. “Managing nCircle IP360 Scanner” on page 37. “Managing Nessus Scanner” on page 41. “Managing NMap Scanner” on page 49. “Managing Qualys Scanner” on page 55. “Managing Foundstone FoundScan Scanner” on page 33. “Managing Juniper Profiler NSM Scanner” on page 63. “Managing Rapid7 NeXpose Scanner” on page 67. “Managing netVigilance SecureScout Scanner” on page 71. “Managing McAfee Vulnerability Manager Scanner” on page 75. “Managing SAINT Scanner” on page 83. “Managing Axis Scanner” on page 89. “Managing Tenable SecurityCenter Scanner” on page 87. To add a scan schedule to import the vulnerability data, see“Scheduling a Vulnerability Scan” on page 93. To view the status of the scan to verify the successful data import, see “Viewing theStatus Of a Vulnerability Scan” on page 94.Copyright 2014, Juniper Networks, Inc.

CHAPTER 2Managing Beyond Security AutomaticVulnerability Detection System ScannerThis chapter describes about the following sections: Beyond Security Automatic Vulnerability Detection System ScannerOverview on page 5 Adding a Beyond Security AVDS Vulnerability Scanner on page 5Beyond Security Automatic Vulnerability Detection System Scanner OverviewVulnerability assessment is the evaluation of assets in the network to identify and prioritizepotential security issues. Juniper Secure Analytics (JSA) products that supportVulnerability Assessment can import vulnerability data from external scanner productsto identify vulnerabilities profiles for assets.Vulnerability assessment profiles use correlated event data, network activity, andbehavioral changes to determine the threat level and vulnerabilities present on criticalbusiness assets in your network. As external scanners generate scan data, JSA can retrievethe vulnerability data with a scan schedule.To configure a Beyond Security AVDS scanner, see “Adding a Beyond Security AVDSVulnerability Scanner” on page 5.RelatedDocumentation Vulnerability Assessment Scanner Overview on page 3. Adding a Beyond Security AVDS Vulnerability Scanner on page 5. Viewing the Status Of a Vulnerability Scan on page 94Adding a Beyond Security AVDS Vulnerability ScannerBeyond Security Automated Vulnerability Detection System (AVDS) appliances createvulnerability data in Asset Export Information Source (AXIS) format. AXIS formattedfiles can be imported by XML files that can be imported.To successfully integrate a Beyond Security AVDS vulnerabilities with Juniper SecureAnalytics (JSA), you must configure your Beyond Security AVDS appliance to publishvulnerability data to an AXIS formatted XML results file. The XML vulnerability data mustCopyright 2014, Juniper Networks, Inc.5

Juniper Secure Analytics Managing Vulnerability Assessmentbe published to a remote server that is accessible by using Secure File Transfer Protocol(SFTP). The term remote server refers to any appliance, 3rd party host, or network storagelocation that can host the published XML scan result files.The most recent XML results containing Beyond Security AVDS vulnerabilities are importedto when a scan schedule starts. Scan schedules determine the frequency with whichvulnerability data created by Beyond Security AVDS is imported. After you add yourBeyond Security AVDS appliance to JSA, you can then create a scan schedule to importthe scan result files. Vulnerabilities from the scan schedule updates the Assets tab afterthe scan schedule completes.To add a Beyond Security AVDS Vulnerability Scanner to JSA:Click the Admin tab.1.2. Click the VA Scanners icon.3. Click Add.4. In the Scanner Name field, type a name to identify your Beyond Security AVDS scanner.5. From the Managed Host list, select the managed host from your JSA deployment thatmanages the scanner import.6. From the Type list, select Beyond Security AVDS.7. In the Remote Hostname field, type the IP address or host name of the system thatcontains the published scan results from your Beyond Security AVDS scanner.8. Choose one of the following authentication options as described in Table 3 on page 6.Table 3: Beyond Security AVDS Vulnerability Scanner Authentication OptionsOptionDescriptionLogin UsernameTo authenticate with a username and password:1.In the Login Username field, type a username that has access to retrieve the scan results fromthe remote host.2. In the Login Password field, type the password associated with the username.Enable Key AuthorizationTo authenticate with a key-based authentication file:1.Select the Enable Key Authentication check box.2. In the Private Key File field, type the directory path to the key file.The

Title: Juniper Secure Analytics Managing Vulnerability Assessment Author: Juniper Networks Created Date: 20140317085719Z