lhs-panel Click here to expand

Vulnerability Data Analytics

EventLog Analyzer can process log data from vulnerability scanners such as Nessus, Qualys, OpenVAS, and NMAP. The data ingested from vulnerability scanners can be incorporated into the correlation engine to discover complex attack patterns. The solution generates out-of-the-box reports and predefined alert criteria that help in identifying and prioritizing vulnerabilities in your network. The report groups available are:

EventLog Analyzer also has predefined alert criteria corresponding to the above categories. Setting up an alert profile for vulnerability scanners is similar to a predefined alert profile. The only difference is that you need to choose Vulnerability as the type from the predefined list and then choose the appropriate alert condition.

Exporting data from vulnerability scanners

EventLog Analyzer analyses data from vulnerability scanners and provides insights to help identify vulnerabilities within the network. For this you need to export data from the respective vulnerability scanners and then import it to EventLog Analyzer. You can export the data by following the steps given for each of the vulnerability scanners.

Nexpose

  1. Click the Reports icon.
  2. Under the Create a report tab select Export.
  3. Select XML Export or XML Export 2.0.
  4. Add the site and then click Save and run report.

Nessus

  1. Select a scan under Scans Tab.
  2. In the upper-right corner, click Export
  3. From the drop-down box, select Nessus.

NMAP

  1. Go to the Scan menu and select the scan that you want to save.
  2. Click Save Scan.
  3. In the Save dialog box, choose the format as Nmap XML format.

OpenVas

  1. Under the Scans menu, select Vulnerabilities
  2. If there is no Vulnerabilities tab, choose Results.
  3. Click Export page contents from the bottom right corner.

Qualys

  1. Go to the Scans menu in the dashboard.
  2. Right-click the scan report that you need to export.
  3. Select Download from the Quick Actions menu.
  4. Select Download Format as Extensible Markup Language(XML).

Once you have exported the data from the corresponding scanners, you need to import the log data to the EventLog Analyzer server.

Adding vulnerability scanners to EventLog Analyzer

To monitor vulnerability scanner data in EventLog Analyzer, you need to import the corresponding log data to the EventLog Analyzer server. You can import log data by navigating to Settings > Vulnerability Data Analysis > Import.

  1. Enter the vulnerability scanner's name.
  2. Choose the vulnerability scanner's application type.
  3. Specify the location of the log file which has to be imported.
  4. Click on Import.

Copyright © 2020, ZOHO Corp. All Rights Reserved.

Get download link