Nexpose + HP ArcSight Solution Brief. Rapid7 Corporate Headquarters 800
Boylston Street, Prudential Tower, 29th Floor, Boston, MA 02199-8095 ...
INTEGRATION BENEFITS • Security context awareness into the vulnerability state of assets • Single pane view into your security events, reporting, forensics, and incident investigation • Better correlation rules with more security centric data to leverage in rule creation for more accurate alerting • In depth investigations with additional security information about each asset (ports, services, applications, etc.) • Automated vulnerability data import on a scheduled basis to correspond with latest scans
Solution Overview For most of today’s IT and Security Operations teams the need for a centralized logging and correlation tool has become a major cornerstone. By leveraging Rapid7’s rich vulnerability and exploit data, you can leverage this information in conjunction with other log data sources to provide greater context and insight into the events happening within your environment. ArcSight provides real-time actionable intelligence, meanwhile delivering an efficient and effective incident management workflow. Furthermore, vulnerability and asset data within ArcSight streamlines the process of conducting post incident forensic analysis.
How It Works A Nexpose scan is conducted to assess the risk posture of the systems within an organization. The vulnerability data is then taken and used to calculate the RealRisk™ score associated with each system detected. An XML report is then generated to export the results. From there, Arcsight’s SmartConnector can be used either in Interactive Mode or Automatic mode to process the report. Once the report has been processed and the data fields have been normalized within ESM, the Nexpose vulnerability data is now readily available to be used to create correlation rules, forensic analysis, and aiding with investigations.
Desktop
Data Base
File Server
Web Server
Assessing Security Posture of Devices
Single alert with multiple events from different sources + Vulnerability data
110115
| Rapid7.com
Single Console View with all logs in a single place
Integration Brief
Add Deep Security Context with Rapid7 Nexpose and ArcSight Enterprise Security Manager
Overview of Integration Process Step 1: Nexpose performs security assessment
Step 4: Vulnerabilities get stored and normalized
Step 2: XML report generated with vulnerability findings
Step 5: Custom Views can be created to highlight vulnerabilities
Step 3: Task is created in ArcSight ESM to process report
WHAT YOU NEED: •
Rapid7 Nexpose
•
ArcSight ESM 5.2+
•
ArcSight ESM Smart Connector for Nexpose XML file
Figure1: HP ArcSight Console Dashboard
About HP ArcSight
About Rapid7
HP ArcSight ESM is the premiere security event manager that analyzes and correlates every event in order to help your IT SOC team with security events monitoring, from compliance and risk management to security intelligence and operations. ESM sifts through millions of log records, and correlates them to find the critical events that matter in real time via dashboards, notifications, and reports, so you can accurately prioritize security risks and compliance violations.
Rapid7 is a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security. We combine our extensive experience in security data and analytics and deep insight into attacker behaviors and techniques to make sense of the wealth of data available to organizations about their IT environments and users. Our solutions empower organizations to prevent attacks by providing visibility into vulnerabilities and to rapidly detect compromises, respond to breaches, and correct the underlying causes of attacks. Rapid7 is trusted by more than 4,150 organizations across 90 countries, including 34% of the Fortune 1000. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com
| Rapid7.com