What is the Data Source Vendor and Type you have configured for your Vulnerability Scanner ?
Sorry, do you mean the properties in SIEM for MVM??
And thanks for the reply.
1 of 1 people found this helpful
I honestly think this is an expected behavior. The MVM (Source Host) is scanning your Infrastructure (Destionation IPs) and generates some events. So ofc the Source IP is the MVMs IP... because he is the scanner.
I haven't personally integrated ESM with MVM, but did it with Nessus.
If you would like to see details of the vulnerability found I suggest that you integrate ESM with MVM at "Vulnerability Assesment" found in Receiver Properties. This will make the ERC connect to MVM, fetch the scan results and import them into ESM. You can then view those results in the following dashboards:
- Dashboard Views | Asset Vulnerability Dashboard
- Compliance Views | PCI | Test Security Systems and Processes | 11.2 Network Vulnerability Scans
- Executive Views | Critical Vuln on Regulated Assets
yes, i understand your logic for the source and destination IPs. Thanks, I can explain it to my colleagues in that way.
Also, good point about integrating it that way. It seems a better way to get those logs into SIEM.