Cisco Vulnerability Management Integration

Cisco Vulnerability Management (formerly Kenna.VM) is a scalable, software-as-a-service (SaaS) solution that delivers the most informed and accurate risk prioritization available, enabling security and IT operations teams to take a risk-based approach to vulnerability management by prioritizing and proactively managing the vulnerabilities that matter most. The solution combines 18+ threat and exploit intelligence feeds, 12.7+ billion managed vulnerabilities, global attack telemetry, and remediation intelligence to accurately track and measure real-world exploit activity across the enterprise’s global attack surface.

There are two options for integrating Cisco Vulnerability Management with Cisco XDR:

  • The Vulnerability Management integration is a paid service provided by Cisco Vulnerability Management that analyzes devices and returns a list of vulnerabilities that are validated to exist on the device. This integration requires the Cisco Vulnerability Management integration module.

  • The Inference integration is a free service provided by Cisco Vulnerability Management that is available to all Cisco XDR customers. A list of vulnerabilities will be displayed for devices, however they're inferred leveraging Cisco Orbital and may not be as accurate as the Vulnerability Management integration. This integration requires the Cisco Orbital integration module and does not support the Automation capabilities.

  1. In the Cisco XDR navigation menu, choose Administration > Integrations.

  2. On the Integrations page, click the Cisco tab and navigate to the Cisco Vulnerability Management integration.

  3. Click Get Started. The Cisco Vulnerability Management integration page is displayed.

  4. Expand the Integration Guide area and follow the instructions on how to add the Cisco Vulnerability Management integration in Cisco XDR.

You can perform the following tasks after you integrate Cisco Vulnerability Management with Cisco XDR:

  • Assets - View devices as reported by Cisco Vulnerability Management. Cisco Vulnerability Management provides vulnerability data for devices, including the Cisco Security Risk Score, CVE ID, and more. For more information, including how to view asset prioritization data from Cisco Vulnerability Management, see Devices.

  • Automation:

    • Atomic Actions - The atomic actions for Cisco Vulnerability Management can be used as building blocks in custom workflows. These can be found as available Actions in the left menu of the Workflow Editor. See Atomic Actions and Workflows.

    • Target - The Vulnerability Management target is automatically created for out-of-box and custom workflows. See Targets Created From Integrations.