01-18-2024 09:46 AM - edited 01-24-2024 01:13 PM
Cisco Vulnerability Management’s new InsightVM connector provides many benefits over the Nexpose XML and API connectors, but if you are currently using one of the Nexpose connectors then you’ll need to complete a migration of connectors to ensure the historical context of your assets and vulnerabilities carry over to your new InsightVM connector. Here is a list of data points which are of concern should you look to move to a new connector:
If the fields above are not of importance for you then you can simply delete your Nexpose connectors and configure a new InsightVM connector to complete your migration.
If you would like to retain the fields above, then you’ll need to complete the steps below to merge assets and vulnerabilities from both the Nexpose and InsightVM connectors.
We recommend performing a full export of your assets and vulnerabilities (including inactive assets and closed vulnerabilities) so that you have an offline copy of your data before making any changes to your environment.
Additionally, we will be releasing a new feature which will assist in ensuring an asset match between Nexpose and InsightVM assets. We’ve applied new logic which ensures DNS short hostnames are mapped to the hostname field in CVM, while FQDNs are exclusively mapped to the fqdn field. We highly recommend enabling this feature before migrating from your Nexpose connector to an InsightVM connector. This feature will be enabled for all customers on February 1st 2024, however Customer Success or Technical Support can enable the feature for you today at your request.
Lastly, we suggest reviewing your risk meter queries to identify any risk meters which may no longer return accurate results following the connector migration. Look for any risk meters with queries for connector names or connector types which will need to be updated to reflect the new InsightVM connector.
Our goal in this migration is to merge assets and vulnerabilities from Nexpose and InsightVM in order to retain the historical data on the existing records. The assets will merge on the asset locators, while the vulnerabilities will merge on the CVE IDs. Once these mergers are confirmed, then we can proceed with deleting the Nexpose connector as the data from InsightVM as the historical data will be retained for the assets and vulnerabilities from InsightVM
Your migration is now complete. Historical data is now safely stored on your InsightVM assets and vulnerabilities. Please reach out to your customer success team or technical support if you have any questions or concerns.
Q: I have hundreds of risk meters, how can I quickly identify which may have Nexpose connector identification in the query?
A: Our GitHub contains a script which provides an output of all risk meters and their queries. You can execute this script then search for “Nexpose” or other connector names to identify risk meters which may need to be updated.
Q: I am seeing an increase in asset count after running the InsightVM connector. Why might that be?
A: Your InsightVM console may contain assets which were not previously brought in to Cisco Vulnerability Management through a Nexpose connector.
Q: Some of my assets from Nexpose were not merged with an asset from InsightVM
A: There are a few possibilities here.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: