Vulnerability at VM Instance or Guest Level
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yesterday
We have a situation where we are looking to integrate with Qualys but the CMDB will only contain Cloud Resource data, i.e. VM Instance (cmdb_ci_vm_instance) and not necessarily the associated Guest CI (i.e. cmdb_ci_server).
Are the vulnerabilities from Qualys ever solely relevant to the Guest CI, or is mapping the Vulnerability to the VM Instance sufficient?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
an hour ago
Hello Alec,
That depends on your aim and specific CMDB structure, if the VM instance contains the context you need to drive sufficient assignment, prioritization or reporting, there is no technical need to match to the server class per se.
So I think a question needs to be asked back: sufficient for which specific goal?
It will be sufficient as a reference in the configuration item field and it will represent a matched Discovered Item, but whether the CI contains the details you need for successful triaging and reporting or at least a better triaging/reporting compared to just working with the scanner information, that is something that needs to be analyzed and aligned with the configuration management team and the business.
Also consider that for cloud resources, to allow for accurate matching its sometimes required to configure specific CI lookup rules to handle the VM metadata, e.g a rule that extracts information from the resource id inside the vmmetadata and runs a search on the cmdb.
