Integrating vulnerability assessment data

Vulnerability Assessment (VA) on the DEM and Receiver allows you to integrate data that can be retrieved from many VA vendors.

You can use this data in several ways.

  • Raise an event's severity based on the endpoint's known vulnerability to that event.
  • Set the system to automatically learn assets and their attributes (operating system and services detected).
  • Create and manipulate the membership of user-defined asset groups.
  • Access summary and drill-down information of the network assets.
  • Modify Policy Editor configuration such as turn on MySQL signatures if an asset is discovered running MySQL.

You can access VA data generated by the system on predefined views or on custom views that you create. The predefined views are:

  • Dashboard ViewsAsset Vulnerability Dashboard
  • Compliance ViewsPCITest Security Systems and Processes11.2 Network Vulnerability Scans
  • Executive Views Critical Vuln on Regulated Assets

To create a custom view, refer to Add a custom view.

Note: If you create a view that includes the Total Number of Vulnerabilities Count or Dial component, you might see an inflated count of vulnerabilities. This is because the McAfee Threat Intelligence Services (MTIS) feed is adding threats based on the original vulnerability that the VA source reported (see Asset, threat, and risk assessment).

The McAfee rules team maintains a rules file that maps a McAfee sigID to a VIN to one or more references to a Common Vulnerabilities and Exposure (CVE) ID, BugTraq ID, Open Source Vulnerability Database (OSVDB) ID, and/or Secunia ID. These vendors report CVE and BugTraq IDs in their vulnerabilities; therefore, CVE and BugTraq IDs are included in this release.