Symantec Control Compliance Suite Vulnerability Manager (CCSVM) is the vulnerability management software solution designed from the ground up to provide organizations with context-aware vulnerability assessment and risk analysis.
This document provides information about the Symantec CCSVM connector, which facilitates automated interactions, with a Symantec CCSVM server using FortiSOAR™ playbooks. Add the Symantec CCSVM connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving information about assets and vulnerabilities from the Symantec CCSVM server, deleting an asset on the Symantec CCSVM server, or executing a command on a PowerShell.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
Symantec CCSVM Version Tested on: 1.0
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-symantec-ccsvm
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Symantec CCSVM connector row, and in the Configuration tab enter the required configuration details.
Parameter | Description |
---|---|
Address | Address of the Symantec CCSVM server to which you will connect and perform the automated operations. |
Username | Username that is used to access the Symantec CCSVM server to which you will connect and perform the automated operations. |
Password | Password that is used to access the Symantec CCSVM server to which you will connect and perform the automated operations. |
API Key | API Key of the Symantec CCSVM server to which you will connect and perform the automated operations. |
PowerShell Protocol | PowerShell protocol that will be used when you run PowerShell commands such as Run Scan and Get Scan Result. |
PowerShell Port | Port number used for connecting to the Symantec CCSVM server. |
CCS-VM Scanner installation path | Path for Symantec CCS-VM scanner installation directory that will be used for PowerShell scripts. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True . |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Vulnerabilities by Asset ID | Retrieves information about vulnerabilities from the Symantec CCSVM server, based on the asset ID you have specified. | get_vulnerabilities Investigation |
Get Vulnerabilities by Vulnerability IDs | Retrieves information about vulnerabilities from the Symantec CCSVM server, based on the vulnerabilities IDs you have specified. | get_vulnerabilities Investigation |
Get Asset By ID | Retrieves information about the asset from the Symantec CCSVM server, based on the asset ID you have specified. | get_asset Investigation |
Get Assets By Workgroup | Retrieves information about assets from the Symantec CCSVM server, based on the workgroup ID or name you have specified. | get_asset Investigation |
Search Assets | Searches for assets and retrieves information about all assets or specific assets from the Symantec CCSVM server, based on the input parameters you have specified. | get_asset Investigation |
Delete Asset | Deletes an asset from the Symantec CCSVM server, based on the asset ID you have specified. | delete_asset Investigation |
Run Scan | Runs an existing scan using PowerShell, based on the scan name and database file name you have specified. | run_scan Investigation |
Configure and Run Scan | Configure a new scan and runs a new scan using PowerShell. | run_scan Investigation |
Create Group | Creates a new group on the Symantec CCSVM server. | create_group Investigation |
Remove Group | Removes an existing group from the Symantec CCSVM server. | remove_group Remediation |
Get Scan Status | Retrieves the status of either all scans or of the last scan, or of a specific scan, using PowerShell, based on the scan name you have specified. By default, the status of the last scan is retrieved. |
get_scan_status Investigation |
Get Scan Result | Retrieves the result of either all scans or of the last scan, or of a specific scan, using PowerShell, based on the scan name you have specified. By default, the result of the last scan is retrieved. |
get_scan_result Investigation |
Execute Command on PowerShell | Executes a command that you have specified on the PowerShell. | get_scan_status Investigation |
Parameter | Description |
---|---|
Asset ID | ID of the asset whose associated vulnerabilities details you want to retrieve from the Symantec CCSVM server. |
The JSON output contains information about all vulnerabilities that are associated with the asset ID that you have specified, retrieved from the Symantec CCSVM server.
Following image displays a sample output:
Parameter | Description |
---|---|
Vulnerability IDs | IDs of the vulnerabilities whose details you want to retrieve from the Symantec CCSVM server. You can enter multiple vulnerability IDs using a list or CSV format. |
The JSON output contains information about all vulnerabilities that are associated with the vulnerabilities ID that you have specified, retrieved from the Symantec CCSVM server.
Following image displays a sample output:
Parameter | Description |
---|---|
Asset ID | ID of the asset whose details you want to retrieve from the Symantec CCSVM server. |
The JSON output contains information about the that is associated with the asset ID that you have specified, retrieved from the Symantec CCSVM server.
Following image displays a sample output:
Parameter | Description |
---|---|
Workgroup ID/Name | ID or the name of the workgroup whose associated asset details you want to retrieve from the Symantec CCSVM server. |
The JSON output contains information about all assets that are associated with the workgroup ID or name that you have specified, retrieved from the Symantec CCSVM server.
Following image displays a sample output:
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
Asset ID | ID of the asset whose details you want to search for on the Symantec CCSVM server. |
DNS Name | DNS name based on which you want to search for an asset on the Symantec CCSVM server. |
Domain Name | Domain name based on which you want to search for an asset on the Symantec CCSVM server. |
IP Address | IP address based on which you want to search for an asset on the Symantec CCSVM server. Note: You can enter a single IP address, a comma-separated list of IP addresses, for example 10.0.0.1, 10.0.0.2, 10.0.0.3 , a range of IP addresses, for example,10.0.0.1-10.0.0.25 or a CIDR Notation, for example 10.0.0.1/24 . |
Mac Address | Mac address based on which you want to search for an asset on the Symantec CCSVM server. |
Asset Type | Type of asset based on which you want to search for an asset on the Symantec CCSVM server. |
Limit | Maximum number of records you want this operation to return. By default, this is set as 100000. |
Offset | Index of the first item to return from the search result, i.e., number of records to skip before returning the number of records you have specified in the Limit parameter. You can use this parameter only if you have specified the Limit parameter. By default, this is set as 0. |
The JSON output contains information about all assets or specific assets based on the input parameters that you have specified, retrieved from the Symantec CCSVM server.
Following image displays a sample output:
Parameter | Description |
---|---|
Asset ID | ID of the asset that you want to delete from the Symantec CCSVM server. |
The JSON output contains a message stating whether or not the specified asset is deleted successfully from the Symantec CCSVM server.
Following image displays a sample output:
Note: All the input parameters are optional. If you do not specify any parameter, then the scan is run on the local machine with default Audit Groups.
Parameter | Description |
---|---|
Scan Name | Name of an existing or triggered scan that you want to run on the Symantec CCSVM server. |
Database File Name | Name of an existing or triggered database file name on which you want to run a scan on the Symantec CCSVM server. |
The JSON output contains the status of the scan that was started using PowerShell.
Following image displays a sample output:
Parameter | Description |
---|---|
Scan Name | Name of an existing or triggered scan that you want to configure and run on the Symantec CCSVM server. |
Database File Name | Name of an existing or triggered database file name on which you want to configure and run a scan on the Symantec CCSVM server. |
Ports | Ports that you want to add to the newly configured scan that you want to run for checking vulnerabilities on the Symantec CCSVM server. Note: You can add multiple ports in the CSV or list format. |
Port Groups | Port Groups that you want to add to the newly configured scan that you want to run for checking vulnerabilities on the Symantec CCSVM server. Note: You can add multiple port groups in the CSV or list format. |
Audit Groups | Audit Groups that you want to add to the newly configured scan that you want to run on the Symantec CCSVM server. Note: You can add multiple audit groups in the CSV or list format. |
Address Groups | Address Groups that you want to add to the newly configured scan that you want to run on the Symantec CCSVM server. Address group contains IP addresses or range of IP address of assets Note: You can add multiple address groups in the CSV or list format. |
Host Names | Host Names that you want to add to the newly configured scan that you want to run on the Symantec CCSVM server. Note: You can add multiple audit groups in the CSV or list format. |
The JSON output contains the details of the scan that you have newly configured on the Symantec CCSVM server.
Following image displays a sample output:
Parameter | Description |
---|---|
Select Group | Type of group that you want to create on the Symantec CCSVM server. You must select one of the following: Address Group, Port Group, or Audit Group. Note: Based on the type of group you select, you require to configure the following parameters. If you have selected Address Group, then specify the following parameters:
|
The JSON output contains the details of the group that you have newly configured on the Symantec CCSVM server.
Following image displays a sample output:
Parameter | Description |
---|---|
Select Group | Type of group that you want to remove from the Symantec CCSVM server. |
Group Name | Name of the new group that you want to remove from the Symantec CCSVM server. |
The JSON output contains the status of the scan that was started using PowerShell.
Following image displays a sample output:
Parameter | Description |
---|---|
Scan Name | Name of the scan whose status you want to retrieve from the Symantec CCSVM server. Note: By default, the status of all the scans are retrieved Symantec CCSVM server. |
The JSON output contains the status of all scans, or the status of only the last scan, or the status of a specific scan retrieved from the Symantec CCSVM server, based on the scan name you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Scan Name | Name of the scan whose results you want to retrieve from the Symantec CCSVM server. Note: If you do not specify the scan name, then the result of the last scan is retrieved. |
Output As Attachment | Select this check box, i.e., set it to True, if you want to save the output of this operation as a file and save that file in FortiSOAR™ as an attachment. If you select this option, then you must specify the file format of the output in the Output File Format field. |
Output File Format | Format of the output file that you want to save in FortiSOAR™ as an attachment. You can choose between XML or JSON file formats. Note: Only if you have selected the Output As Attachment check box is this value effective. |
The JSON output contains the result of all scans, or the result of only the last scan, or the result of a specific scan retrieved from the Symantec CCSVM server, based on the scan name you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Command | Command that you want to execute on the PowerShell. You can enter multiple commands, for example, ['ls', 'dir'] |
The JSON output depends on the query that you have run on PowerShell.
Following image displays a sample output:
The Sample - Symantec-CCSVM - 1.0.0
playbook collection comes bundled with the Symantec CCSVM connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Symantec CCSVM connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
Symantec Control Compliance Suite Vulnerability Manager (CCSVM) is the vulnerability management software solution designed from the ground up to provide organizations with context-aware vulnerability assessment and risk analysis.
This document provides information about the Symantec CCSVM connector, which facilitates automated interactions, with a Symantec CCSVM server using FortiSOAR™ playbooks. Add the Symantec CCSVM connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving information about assets and vulnerabilities from the Symantec CCSVM server, deleting an asset on the Symantec CCSVM server, or executing a command on a PowerShell.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
Symantec CCSVM Version Tested on: 1.0
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-symantec-ccsvm
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Symantec CCSVM connector row, and in the Configuration tab enter the required configuration details.
Parameter | Description |
---|---|
Address | Address of the Symantec CCSVM server to which you will connect and perform the automated operations. |
Username | Username that is used to access the Symantec CCSVM server to which you will connect and perform the automated operations. |
Password | Password that is used to access the Symantec CCSVM server to which you will connect and perform the automated operations. |
API Key | API Key of the Symantec CCSVM server to which you will connect and perform the automated operations. |
PowerShell Protocol | PowerShell protocol that will be used when you run PowerShell commands such as Run Scan and Get Scan Result. |
PowerShell Port | Port number used for connecting to the Symantec CCSVM server. |
CCS-VM Scanner installation path | Path for Symantec CCS-VM scanner installation directory that will be used for PowerShell scripts. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True . |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Vulnerabilities by Asset ID | Retrieves information about vulnerabilities from the Symantec CCSVM server, based on the asset ID you have specified. | get_vulnerabilities Investigation |
Get Vulnerabilities by Vulnerability IDs | Retrieves information about vulnerabilities from the Symantec CCSVM server, based on the vulnerabilities IDs you have specified. | get_vulnerabilities Investigation |
Get Asset By ID | Retrieves information about the asset from the Symantec CCSVM server, based on the asset ID you have specified. | get_asset Investigation |
Get Assets By Workgroup | Retrieves information about assets from the Symantec CCSVM server, based on the workgroup ID or name you have specified. | get_asset Investigation |
Search Assets | Searches for assets and retrieves information about all assets or specific assets from the Symantec CCSVM server, based on the input parameters you have specified. | get_asset Investigation |
Delete Asset | Deletes an asset from the Symantec CCSVM server, based on the asset ID you have specified. | delete_asset Investigation |
Run Scan | Runs an existing scan using PowerShell, based on the scan name and database file name you have specified. | run_scan Investigation |
Configure and Run Scan | Configure a new scan and runs a new scan using PowerShell. | run_scan Investigation |
Create Group | Creates a new group on the Symantec CCSVM server. | create_group Investigation |
Remove Group | Removes an existing group from the Symantec CCSVM server. | remove_group Remediation |
Get Scan Status | Retrieves the status of either all scans or of the last scan, or of a specific scan, using PowerShell, based on the scan name you have specified. By default, the status of the last scan is retrieved. |
get_scan_status Investigation |
Get Scan Result | Retrieves the result of either all scans or of the last scan, or of a specific scan, using PowerShell, based on the scan name you have specified. By default, the result of the last scan is retrieved. |
get_scan_result Investigation |
Execute Command on PowerShell | Executes a command that you have specified on the PowerShell. | get_scan_status Investigation |
Parameter | Description |
---|---|
Asset ID | ID of the asset whose associated vulnerabilities details you want to retrieve from the Symantec CCSVM server. |
The JSON output contains information about all vulnerabilities that are associated with the asset ID that you have specified, retrieved from the Symantec CCSVM server.
Following image displays a sample output:
Parameter | Description |
---|---|
Vulnerability IDs | IDs of the vulnerabilities whose details you want to retrieve from the Symantec CCSVM server. You can enter multiple vulnerability IDs using a list or CSV format. |
The JSON output contains information about all vulnerabilities that are associated with the vulnerabilities ID that you have specified, retrieved from the Symantec CCSVM server.
Following image displays a sample output:
Parameter | Description |
---|---|
Asset ID | ID of the asset whose details you want to retrieve from the Symantec CCSVM server. |
The JSON output contains information about the that is associated with the asset ID that you have specified, retrieved from the Symantec CCSVM server.
Following image displays a sample output:
Parameter | Description |
---|---|
Workgroup ID/Name | ID or the name of the workgroup whose associated asset details you want to retrieve from the Symantec CCSVM server. |
The JSON output contains information about all assets that are associated with the workgroup ID or name that you have specified, retrieved from the Symantec CCSVM server.
Following image displays a sample output:
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
Asset ID | ID of the asset whose details you want to search for on the Symantec CCSVM server. |
DNS Name | DNS name based on which you want to search for an asset on the Symantec CCSVM server. |
Domain Name | Domain name based on which you want to search for an asset on the Symantec CCSVM server. |
IP Address | IP address based on which you want to search for an asset on the Symantec CCSVM server. Note: You can enter a single IP address, a comma-separated list of IP addresses, for example 10.0.0.1, 10.0.0.2, 10.0.0.3 , a range of IP addresses, for example,10.0.0.1-10.0.0.25 or a CIDR Notation, for example 10.0.0.1/24 . |
Mac Address | Mac address based on which you want to search for an asset on the Symantec CCSVM server. |
Asset Type | Type of asset based on which you want to search for an asset on the Symantec CCSVM server. |
Limit | Maximum number of records you want this operation to return. By default, this is set as 100000. |
Offset | Index of the first item to return from the search result, i.e., number of records to skip before returning the number of records you have specified in the Limit parameter. You can use this parameter only if you have specified the Limit parameter. By default, this is set as 0. |
The JSON output contains information about all assets or specific assets based on the input parameters that you have specified, retrieved from the Symantec CCSVM server.
Following image displays a sample output:
Parameter | Description |
---|---|
Asset ID | ID of the asset that you want to delete from the Symantec CCSVM server. |
The JSON output contains a message stating whether or not the specified asset is deleted successfully from the Symantec CCSVM server.
Following image displays a sample output:
Note: All the input parameters are optional. If you do not specify any parameter, then the scan is run on the local machine with default Audit Groups.
Parameter | Description |
---|---|
Scan Name | Name of an existing or triggered scan that you want to run on the Symantec CCSVM server. |
Database File Name | Name of an existing or triggered database file name on which you want to run a scan on the Symantec CCSVM server. |
The JSON output contains the status of the scan that was started using PowerShell.
Following image displays a sample output:
Parameter | Description |
---|---|
Scan Name | Name of an existing or triggered scan that you want to configure and run on the Symantec CCSVM server. |
Database File Name | Name of an existing or triggered database file name on which you want to configure and run a scan on the Symantec CCSVM server. |
Ports | Ports that you want to add to the newly configured scan that you want to run for checking vulnerabilities on the Symantec CCSVM server. Note: You can add multiple ports in the CSV or list format. |
Port Groups | Port Groups that you want to add to the newly configured scan that you want to run for checking vulnerabilities on the Symantec CCSVM server. Note: You can add multiple port groups in the CSV or list format. |
Audit Groups | Audit Groups that you want to add to the newly configured scan that you want to run on the Symantec CCSVM server. Note: You can add multiple audit groups in the CSV or list format. |
Address Groups | Address Groups that you want to add to the newly configured scan that you want to run on the Symantec CCSVM server. Address group contains IP addresses or range of IP address of assets Note: You can add multiple address groups in the CSV or list format. |
Host Names | Host Names that you want to add to the newly configured scan that you want to run on the Symantec CCSVM server. Note: You can add multiple audit groups in the CSV or list format. |
The JSON output contains the details of the scan that you have newly configured on the Symantec CCSVM server.
Following image displays a sample output:
Parameter | Description |
---|---|
Select Group | Type of group that you want to create on the Symantec CCSVM server. You must select one of the following: Address Group, Port Group, or Audit Group. Note: Based on the type of group you select, you require to configure the following parameters. If you have selected Address Group, then specify the following parameters:
|
The JSON output contains the details of the group that you have newly configured on the Symantec CCSVM server.
Following image displays a sample output:
Parameter | Description |
---|---|
Select Group | Type of group that you want to remove from the Symantec CCSVM server. |
Group Name | Name of the new group that you want to remove from the Symantec CCSVM server. |
The JSON output contains the status of the scan that was started using PowerShell.
Following image displays a sample output:
Parameter | Description |
---|---|
Scan Name | Name of the scan whose status you want to retrieve from the Symantec CCSVM server. Note: By default, the status of all the scans are retrieved Symantec CCSVM server. |
The JSON output contains the status of all scans, or the status of only the last scan, or the status of a specific scan retrieved from the Symantec CCSVM server, based on the scan name you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Scan Name | Name of the scan whose results you want to retrieve from the Symantec CCSVM server. Note: If you do not specify the scan name, then the result of the last scan is retrieved. |
Output As Attachment | Select this check box, i.e., set it to True, if you want to save the output of this operation as a file and save that file in FortiSOAR™ as an attachment. If you select this option, then you must specify the file format of the output in the Output File Format field. |
Output File Format | Format of the output file that you want to save in FortiSOAR™ as an attachment. You can choose between XML or JSON file formats. Note: Only if you have selected the Output As Attachment check box is this value effective. |
The JSON output contains the result of all scans, or the result of only the last scan, or the result of a specific scan retrieved from the Symantec CCSVM server, based on the scan name you have specified.
Following image displays a sample output:
Parameter | Description |
---|---|
Command | Command that you want to execute on the PowerShell. You can enter multiple commands, for example, ['ls', 'dir'] |
The JSON output depends on the query that you have run on PowerShell.
Following image displays a sample output:
The Sample - Symantec-CCSVM - 1.0.0
playbook collection comes bundled with the Symantec CCSVM connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Symantec CCSVM connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.