rapid7-nexpose-arcsight-esm-solution-brief.pdf
TRANSCRIPT
-
8/12/2019 Rapid7-Nexpose-ArcSight-ESM-Solution-Brief.pdf
1/2
Nexpose + HP ArcSightSolution Brief
Rapid7 Corporate Headquarters 800 Boylston Street, Prudential Tower, 29th Floor, Boston, MA 02199-8095 617.247.1717 www.rapid7.co
Leverage Rapid7 Vulnerability Intelligence to add deep security
context to ArcSight's Enterprise Security Manager
Solution Overview
For todays IT and Security Operations teams the need for a centralized logging
and correlation tool has become a major cornerstone for most organizations. Byleveraging Rapid7s rich vulnerability and exploit data, an organization canleverage this information in conjunction with other log data sources to providegreater context and insight into the events happening within environment.ArcSight provides real-time actionable intelligence, meanwhile delivering anefficient and effective incident management workflow. Furthermore, vulnerabilityand asset data within ArcSight streamlines the process of conducting post incidentforensic analysis.
How it works
A Nexpose scan is conducted to assess the risk posture of the systems within an
organization. The vulnerability data is then taken and used to calculate the
RealRiskscore associated with each system detected. An XML report is thengenerated to export the results. From there, Arcsights SmartConnector can be
used either in Interactive Mode or Automatic mode to process the report. Once the
report has been processed and the data fields have been normalized within ESM,
the Nexpose vulnerability data is now readily available to be used to create
correlation rules, forensic analysis, and aiding with investigations.
Overview of Integration Process
Step 1: Nexpose performs security assessment
Step 2: XML report generated with vulnerability findings
Step 3: Task is created in ArcSight ESM to process report
Step 4: Vulnerabilities get stored and normalized
Step 5: Custom Views can be created to highlight vulnerabilities
Integration Benefits
Security Context Awarenessinto th
vulnerability state of assets
Single Pane View into your security
events, reporting, forensics, and incid
investigation
Better Correlation Ruleswith more
security centric data to leverage in rulcreation for more accurate alerting
In Depth Investigations with addition
security information about each asset
(ports, services, applications, etc.)
Automated Vulnerability data impor
a scheduled basis to correspond with
latest scans
Solution Components
What you need:
Rapid7 Nexpose 5.x
ArcSight ESM 5.2+
ArcSight ESM Smart Connector for
Nexpose XML file
-
8/12/2019 Rapid7-Nexpose-ArcSight-ESM-Solution-Brief.pdf
2/2
Nexpose + HP ArcSightSolution Brief
Rapid7 Corporate Headquarters 800 Boylston Street, Prudential Tower, 29th Floor, Boston, MA 02199-8095 617.247.1717 www.rapid7.co
Figure1: HP ArcSight Console Dashboard
About HP ArcSight
HP ArcSight ESM is the premiere security event manager that analyzes and correlates every event in order to help your IT SOC team with security events
monitoring, from compliance and risk management to security intelligence and operations. ESM sifts through millions of log records, and correlates them to
find the critical events that matter in real time via dashboards, notifications, and reports, so you can accurately prioritize security risks and compliance
violations.
About Rapid7
Rapid7s security solutions deliver visibility and insight that help you make informed decisions, create credible action plans, and monitor progress. They
simplify risk management by uniquely combining contextual threat analysis with fast, comprehensive data collection across your users, assets, services and
networks, whether on premise, mobile or cloud-based. Rapid7s simple and innovative solutions are used by more than 2,500 enterprises and government
agencies in more than 65 countries, while the Companys free products are downloaded more than one million times per year and enhanced by more than
200,000 members of its open source security community. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine
and as a Top Place to Work by the Boston Globe. Its products are top rated by Gartner and SC Magazine. For more information about Rapid7, please v
http://www.rapid7.com.
Contact us today to learn more
1-866-772-74371-866-7-RAPID7
http://www.rapid7.com/http://www.rapid7.com/http://www.rapid7.com/