McAfee Vulnerability Manager 7.5 Asset Management

     

    Introduction

     

    This guide will walk you through the McAfee Vulnerability Manager (MVM) 7.5 Asset Management features. Once you have completed the steps in the McAfee Vulnerability Manager getting started video your system should be fully installed, updated and licensed. You will want to follow the MVM scan configuration and status demo to populate your system with scan informaiton.  This course is aimed at Asset Management, Asset Identification rules, search and tagging.

     

    Video

     

    This video takes you step by step through MVM 7.5 Asset Management. For reference the same steps and additional information are provided below.

     

     

     

     

    Prerequisites

     

    We advise reviewing the McAfee Vulnerability Manager 7.5 Getting Started Guide or watching the 'How to Install, Update and License McAfee Vulnerability Manager 7.5' video found at https://www.youtube.com/watch?v=WIfYJJYLtxM

     

    Manage Assets

    McAfee Vulnerability Manager allows you to rate and identify systems throughout your organization.  Asset properties and asset groups are shared throughout the organization. All workgroups that share an asset can view the same information. The organization can access all assets.

     

    Whether you can view an asset or not depends on the IP addresses you can access. Root Organization Administrators can see assets belonging to the entire organization since all workgroups contain subset IP addresses of the organization itself.

     

    Note: Asset criticality does not affect the FoundScore value calculation until you start assigning criticality levels to your assets.

     

    After logging into the Enterprise manager go to Manage -> Assets. 

    manage assets.PNG

     

    Here you are able to right click any asset to view the following about each asset:

     

    asset details.PNG

    Asset Details - The Detailed Asset report provides detailed information about the system found at the selected IP address, based on the latest scans.  This report lists any vulnerabilities and services found on that host.

     

    On this page you can:
    •  Learn more about a particular vulnerability, click the vulnerability name. The details show descriptions and recommendations for resolving the vulnerability.
    •  See a list of services found, click any service name. The details also show the banners that were returned by the listening services.

     

    detail.PNG

    Managing Asset Identification Rules

    Asset identification rules control how detected hosts are recognized across scans. They also help you organize rules for identifying systems on your network into Windows-based systems, non-Windows-based systems, and unknown hosts.

     

    Using the Managing Asset Identification Rules pane you can do the following:
    •  Create prioritized rules for identifying unique assets.
    •  Determine the priority for each set of rules.
    •  View current rule configurations.

     

    The following conditions apply when using asset identification rules:
    •  Asset identification rules affect the entire organization.
    •  Asset identification rules affect scans created after the rule was created or edited. Prior scans are not affected.
    •  Asset identification rules are not applied to existing assets, only to assets found in scans after the rules are applied.
    •  For Windows and Unknown assets, the first rule is preset to identify hosts with McAfee ePolicy Orchestrator UIDs and McAfee Vulnerability Manager Asset ID.
    •  For each asset, the product tries each rule until it finds a rule whose conditions match the asset. Once a rule matches an asset, the remaining rules are ignored.
    •  You can set up multiple rules to identify all the assets on your system.
    •  Each rule contains one or more conditions.

     

    asset identification.PNG

     

     

    Search Assets

     

    Administrators can search for assets using asset tags, then assign other properties to those assets (like criticality level or owner).

    Static asset tags must be applied before the tags can be used in an asset search.

     

    Note: Asset tags are not applied to web application assets. Search results based on an asset tag might differ from other search types because the asset tag search results do not include web application assets.
    1.  In the enterprise manager, select Manage | Assets, then click Search.

    search.PNG


    2.  Select Simple Search or Advanced Search.

    asset search.PNG

     

    3.  Select the criteria for this search.
    4.  Click Submit.

    5.  To apply properties (like criticality level or owner), you can select a single asset, select multiple assets (using the Ctrl or Alt key), or click With all search results (bulk assign).

     

    The following options are available in bulk assign:

     

    bulk assign.PNG

     

     

    Asset Tagging

     

    Organization administrators can create and assign a tag to an asset. This allows organization administrators to organize their assets with similar tags, simplifying the performance of some actions.

     

    Organization administrators create static asset tags and apply them manually to assets. Tags can be created based on an operating system (like Windows or Ubuntu), department (like warehouse or finance), or even location (like North America or Europe). Multiple tags can be applied to an asset, or multiple assets, to help narrow the search when looking for specific assets.

     

    For example, using multiple asset tags, administrators can tag all Windows assets that belong to the finance department located in North America.

     

    Right click an asset or group of assets and click Add Tags.  Choose a tag and click Submit.

     

    asset tags.PNG

     

     

    Dynamic Assets

    When creating a dynamic asset tag, organization administrators add asset filters to a query. When the query runs, the name of the dynamic asset tag is applied to any asset that meets the conditions of the asset filters. Dynamic asset tags are applied automatically or manually. 

     

    Dynamic asset tags can be used in scan configurations, custom report templates, referenced in another dynamic asset tag, or searching for assets.

     

    Go to Components -> Asset tags -> Dynamic -> Create New 

    dynamic tag.PNG

     

    Click Save and Apply when you are satisfied with your criteria selections.

     

    There are some instances when a dynamic asset tag could impact performance (complex dynamic asset tag).
    • You have a large number of assets (over 50,000).
    • You store a large amount of data in your database (like storing all vulnerability results).
    • You run large dynamic asset tag queries (applying over 20 asset filters), this includes referencing dynamic asset tags within dynamic asset tags.

     

    There are some conditions to be aware of.
    • If manually applying a dynamic asset tag takes longer than 10 minutes, the query might have timed out. To check if applying the tag succeeded, search for assets you know meet the asset filter conditions. Before searching for assets, make sure the dynamic asset tag is set to manual, otherwise the dynamic asset tag query runs during the asset search.
    • A dynamic asset tag is a database query, so applying a complex dynamic asset tag and running other database procedures (scans, reports, web portal) could impact database performance.
    • When using a dynamic asset tag in a scan configuration, the tag is applied to all assets included in the scan, not just the ones that were live when the scan was run or could be scanned by the assigned scan engine.

     

    Note: Dynamic asset tags are not applied to web application assets.