Vulnerability Management

For Secureworks® Taegis™ XDR tenants that also subscribe to Secureworks® Taegis™ VDR, XDR displays vulnerability data mapped from VDR to your XDR assets on the Vulnerability Management page and within the Alert Details' Vulnerabilities tab. Vulnerability data coming from Secureworks® Taegis™ VDR can include data from the Taegis Vulnerability Scanner or from other supported vulnerability management tools, like Qualys or Tenable.

See Further Vulnerability Information for other places in XDR you can find vulnerability data. Additional features using this integration are planned for the near future and will be announced in the Release Notes.

Connect Vulnerability Data Sources in VDR

Vulnerability data is ingested into XDR through Secureworks® Taegis™ VDR. For the XDR Vulnerabilities page, vulnerability data can be imported through VDR along with any supported vulnerability management tool. For example, if you have Qualys or Tenable, you can leverage VDR to ingest vulnerability data which will then be integrated into XDR.

• Use the integration guides linked below for details on how to set up the Vulnerabilities ingest:
  • Qualys Data Connector Installation
  • Tenable Data Connector Installation
  • Microsoft Defender Data Connector Installation
• For full licensing details, see the VDR licensing documentation. Contact your Account Manager or CSM for details about acquiring the integration license.

Asset Mapping Logic

The process for mapping assets from VDR to XDR begins with a successful scan of server assets by VDR or a refresh of third-party server asset scan data. The mapping engine then queries the associated XDR tenant and applies the following logic during the mapping process:

• IP Address — The primary criterion for mapping an asset is its IP address. Assets with matching IP addresses in both VDR and XDR are considered with high probability to be the same entity. Due to dynamically attributed IP addresses, multiple results must be filtered.
• Archived Status — Any XDR asset with an archived status is considered irrelevant and removed from matching.
• Last Seen Date — Any XDR asset that was last seen by XDR over eight days prior to the approximate scan completion are removed from matching.
• Hostname:
  • If the VDR server asset does not have an associated hostname, the mapping process ends here, typically with a single match, but possibly with multiple.
  • If the VDR server asset does have an associated hostname, the hostname is used as a secondary criterion for mapping to the filtered XDR assets.

Matches made by the mapping process are considered valid and are persisted in VDR's data store. New scan data will update the data store records for the VDR server asset. If the asset disappears from VDR, from the network, or if scans do not complete successfully, its data will expire after 35 days of not being refreshed and new successful scan data is needed for the mapping to be restored.

Asset Mapping Logic Summary

Another way to understand the Asset Mapping Logic is by asking, "Which of my assets in XDR will start showing data in Vulnerabilities once XDR is connected to VDR?"

The Vulnerability data will show up for the endpoints which:

• Exist in XDR
• Have at least one EDR agent installed on it
• Vulnerability Information exists for those endpoints in VDR
• VDR's Asset Mapping logic determines the mapping.

Access Vulnerability Management

For XDR tenants that also subscribe to VDR, select Vulnerabilities from the Taegis Menu to access vulnerability data. Vulnerability Management displays the sections covered below.

Note

This option only displays for tenants that also subscribe to VDR.

Vulnerabilities on Most Alerted Endpoints

Vulnerability Management

The Most Alerted Endpoints section contains a table of the vulnerabilities found on endpoints with the highest alert volume in XDR from the last seven days and sorted by highest severity.

Select the Severity or Type column header to adjust the table sorting.

Detected Vulnerabilities

Detected Vulnerabilities

The Detected Vulnerabilities section contains a bar graph and table of the new vulnerabilities discovered in XDR, sorted by severity. The results shown will depend on the time selected in the date picker with 7, 14, 30, and 90 days available.

Take the following actions within this section:

• Hover over a segment of the chart to view the total number by severity.
• Select one or more severities from the legend above the table to filter the chart and table to your selection.
• Select the Priority or Severity column header to adjust the table sorting.

View Vulnerability Details

To view more details about the listed vulnerabilities, navigate to the Vulnerabilities view of VDR. For more information, see Finding, Filtering, and Sorting Vulnerabilities in the VDR Documentation.

Further Vulnerability Information

Find vulnerability data and more information on Secureworks® Taegis™ VDR with the following resources:

• Alert Details Vulnerabilities Tab
• Endpoint Agents Summary Table
• Endpoint Agents Detailed View
• VDR Documentation