- 11 Aug 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Recorded Future - Enrich CVE Data
- Updated on 11 Aug 2024
- 2 Minutes to read
- Print
- DarkLight
- PDF
Recorded Future - Enrich CVE Data enriches vulnerabilities on your system with information from RecordedFuture, a threat intelligence tool that helps identify the vulnerabilities that pose an actual risk to an organization, adding context and data to CVE scoring.
Once the Discovery Cycle is complete, you can view the data in the Vulnerability Management Module, under the Enrichment field, and also in the Vulnerabilities Repository. To learn more about the Enrichment field, see Vulnerability Fields.
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
- Add description - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Set to Devices > All Devices. (recommended). While a query is a mandatory field for triggering any Enforcement Action, in this particular Enforcement Set, the query parameters are not relevant as the enrichment runs on all vulnerabilities found, and does not actually run on query results. However, to ensure the enrichment action is triggered by a query, we recommend defining the query as Devices > All Devices.
- Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
- Use stored credentials from Recorded Future adapter - Select this option to use (the first) Recorded Future connected adapter credentials.
- When you select this option, the Select Adapter Connection drop-down is available, and you can choose which adapter connection to use for this Enforcement Action.
Required Fields
These fields must be configured to run the Enforcement Set.
Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.
Additional Fields
These fields are optional.
Connection Parameters
If Use stored credentials from the Recorded Future adapter is disabled, these fields are required:
- Host Name or IP Address (default: https://api.recordedfuture.com) - The host name or IP address of a Recorded Future server.
- API key - Specify the API key you have defined.
- List of CIDR - Specify a comma-separated list of CIDR blocks (for example: 192.168.20.0/24,192.168.30.0/24) to connect to.
- Verify SSL (optional) - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
- HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.
- HTTPS Proxy User Name (optional) - The user name to use when connecting to the server using the HTTPS Proxy.
- HTTPS Proxy Password (optional) - The password to use when connecting to the server using the HTTPS Proxy.
- Gateway Name - Select the gateway through which to connect to perform the action.