About the connector
Symantec Control Compliance Suite Vulnerability Manager (CCSVM) is the vulnerability management software solution designed from the ground up to provide organizations with context-aware vulnerability assessment and risk analysis.
This document provides information about the Symantec CCSVM connector, which facilitates automated interactions, with a Symantec CCSVM server using FortiSOAR™ playbooks. Add the Symantec CCSVM connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving information about assets and vulnerabilities from the Symantec CCSVM server, deleting an asset on the Symantec CCSVM server, or executing a command on a PowerShell.
Version information
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
Symantec CCSVM Version Tested on: 1.0
Authored By: Fortinet
Certified: Yes
Installing the connector
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-symantec-ccsvm
For the detailed procedure to install a connector, click here.
Prerequisites to configuring the connector
- You must have the address of the Symantec CCSVM server to which you will connect and perform the automated operations and credentials to access that server.
- You must have API access permissions to perform operations.
- To run PowerShell commands such as Run Scan and Get Scan Result, you must know the PowerShell Protocol, PowerShell Port, and the CCS-VM Scanner installation path.
- To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
Configuring the connector
For the procedure to configure a connector, click here.
Configuration parameters
In FortiSOAR™, on the Connectors page, click the Symantec CCSVM connector row, and in the Configuration tab enter the required configuration details.
| Parameter |
Description |
| Address |
Address of the Symantec CCSVM server to which you will connect and perform the automated operations. |
| Username |
Username that is used to access the Symantec CCSVM server to which you will connect and perform the automated operations. |
| Password |
Password that is used to access the Symantec CCSVM server to which you will connect and perform the automated operations. |
| API Key |
API Key of the Symantec CCSVM server to which you will connect and perform the automated operations. |
| PowerShell Protocol |
PowerShell protocol that will be used when you run PowerShell commands such as Run Scan and Get Scan Result. |
| PowerShell Port |
Port number used for connecting to the Symantec CCSVM server. |
| CCS-VM Scanner installation path |
Path for Symantec CCS-VM scanner installation directory that will be used for PowerShell scripts. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function |
Description |
Annotation and Category |
| Get Vulnerabilities by Asset ID |
Retrieves information about vulnerabilities from the Symantec CCSVM server, based on the asset ID you have specified. |
get_vulnerabilities
Investigation |
| Get Vulnerabilities by Vulnerability IDs |
Retrieves information about vulnerabilities from the Symantec CCSVM server, based on the vulnerabilities IDs you have specified. |
get_vulnerabilities
Investigation |
| Get Asset By ID |
Retrieves information about the asset from the Symantec CCSVM server, based on the asset ID you have specified. |
get_asset
Investigation |
| Get Assets By Workgroup |
Retrieves information about assets from the Symantec CCSVM server, based on the workgroup ID or name you have specified. |
get_asset
Investigation |
| Search Assets |
Searches for assets and retrieves information about all assets or specific assets from the Symantec CCSVM server, based on the input parameters you have specified. |
get_asset
Investigation |
| Delete Asset |
Deletes an asset from the Symantec CCSVM server, based on the asset ID you have specified. |
delete_asset
Investigation |
| Run Scan |
Runs an existing scan using PowerShell, based on the scan name and database file name you have specified. |
run_scan
Investigation |
| Configure and Run Scan |
Configure a new scan and runs a new scan using PowerShell. |
run_scan
Investigation |
| Create Group |
Creates a new group on the Symantec CCSVM server. |
create_group
Investigation |
| Remove Group |
Removes an existing group from the Symantec CCSVM server. |
remove_group
Remediation |
| Get Scan Status |
Retrieves the status of either all scans or of the last scan, or of a specific scan, using PowerShell, based on the scan name you have specified.
By default, the status of the last scan is retrieved. |
get_scan_status
Investigation |
| Get Scan Result |
Retrieves the result of either all scans or of the last scan, or of a specific scan, using PowerShell, based on the scan name you have specified.
By default, the result of the last scan is retrieved. |
get_scan_result
Investigation |
| Execute Command on PowerShell |
Executes a command that you have specified on the PowerShell. |
get_scan_status
Investigation |
operation: Get Vulnerabilities by Asset ID
Input parameters
| Parameter |
Description |
| Asset ID |
ID of the asset whose associated vulnerabilities details you want to retrieve from the Symantec CCSVM server. |
Output
The JSON output contains information about all vulnerabilities that are associated with the asset ID that you have specified, retrieved from the Symantec CCSVM server.
Following image displays a sample output:
operation: Get Vulnerabilities by Vulnerability IDs
Input parameters
| Parameter |
Description |
| Vulnerability IDs |
IDs of the vulnerabilities whose details you want to retrieve from the Symantec CCSVM server.
You can enter multiple vulnerability IDs using a list or CSV format. |
Output
The JSON output contains information about all vulnerabilities that are associated with the vulnerabilities ID that you have specified, retrieved from the Symantec CCSVM server.
Following image displays a sample output:
operation: Get Asset By ID
Input parameters
| Parameter |
Description |
| Asset ID |
ID of the asset whose details you want to retrieve from the Symantec CCSVM server. |
Output
The JSON output contains information about the that is associated with the asset ID that you have specified, retrieved from the Symantec CCSVM server.
Following image displays a sample output:
operation: Get Assets By Workgroup
Input parameters
| Parameter |
Description |
| Workgroup ID/Name |
ID or the name of the workgroup whose associated asset details you want to retrieve from the Symantec CCSVM server. |
Output
The JSON output contains information about all assets that are associated with the workgroup ID or name that you have specified, retrieved from the Symantec CCSVM server.
Following image displays a sample output:
operation: Search Assets
Input parameters
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
| Parameter |
Description |
| Asset ID |
ID of the asset whose details you want to search for on the Symantec CCSVM server. |
| DNS Name |
DNS name based on which you want to search for an asset on the Symantec CCSVM server. |
| Domain Name |
Domain name based on which you want to search for an asset on the Symantec CCSVM server. |
| IP Address |
IP address based on which you want to search for an asset on the Symantec CCSVM server.
Note: You can enter a single IP address, a comma-separated list of IP addresses, for example 10.0.0.1, 10.0.0.2, 10.0.0.3, a range of IP addresses, for example,10.0.0.1-10.0.0.25 or a CIDR Notation, for example 10.0.0.1/24. |
| Mac Address |
Mac address based on which you want to search for an asset on the Symantec CCSVM server. |
| Asset Type |
Type of asset based on which you want to search for an asset on the Symantec CCSVM server. |
| Limit |
Maximum number of records you want this operation to return.
By default, this is set as 100000. |
| Offset |
Index of the first item to return from the search result, i.e., number of records to skip before returning the number of records you have specified in the Limit parameter. You can use this parameter only if you have specified the Limit parameter.
By default, this is set as 0. |
Output
The JSON output contains information about all assets or specific assets based on the input parameters that you have specified, retrieved from the Symantec CCSVM server.
Following image displays a sample output:
operation: Delete Asset
Input parameters
| Parameter |
Description |
| Asset ID |
ID of the asset that you want to delete from the Symantec CCSVM server. |
Output
The JSON output contains a message stating whether or not the specified asset is deleted successfully from the Symantec CCSVM server.
Following image displays a sample output:
operation: Run Scan
Input parameters
Note: All the input parameters are optional. If you do not specify any parameter, then the scan is run on the local machine with default Audit Groups.
| Parameter |
Description |
| Scan Name |
Name of an existing or triggered scan that you want to run on the Symantec CCSVM server. |
| Database File Name |
Name of an existing or triggered database file name on which you want to run a scan on the Symantec CCSVM server. |
Output
The JSON output contains the status of the scan that was started using PowerShell.
Following image displays a sample output:
operation: Configure and Run Scan
Input parameters
| Parameter |
Description |
| Scan Name |
Name of an existing or triggered scan that you want to configure and run on the Symantec CCSVM server. |
| Database File Name |
Name of an existing or triggered database file name on which you want to configure and run a scan on the Symantec CCSVM server. |
| Ports |
Ports that you want to add to the newly configured scan that you want to run for checking vulnerabilities on the Symantec CCSVM server.
Note: You can add multiple ports in the CSV or list format. |
| Port Groups |
Port Groups that you want to add to the newly configured scan that you want to run for checking vulnerabilities on the Symantec CCSVM server.
Note: You can add multiple port groups in the CSV or list format. |
| Audit Groups |
Audit Groups that you want to add to the newly configured scan that you want to run on the Symantec CCSVM server.
Note: You can add multiple audit groups in the CSV or list format. |
| Address Groups |
Address Groups that you want to add to the newly configured scan that you want to run on the Symantec CCSVM server. Address group contains IP addresses or range of IP address of assets
Note: You can add multiple address groups in the CSV or list format. |
| Host Names |
Host Names that you want to add to the newly configured scan that you want to run on the Symantec CCSVM server.
Note: You can add multiple audit groups in the CSV or list format. |
Output
The JSON output contains the details of the scan that you have newly configured on the Symantec CCSVM server.
Following image displays a sample output:
operation: Create Group
Input parameters
| Parameter |
Description |
| Select Group |
Type of group that you want to create on the Symantec CCSVM server.
You must select one of the following: Address Group, Port Group, or Audit Group.
Note: Based on the type of group you select, you require to configure the following parameters.
If you have selected Address Group, then specify the following parameters:
- Group Name: Name of the new address group that you want to create on the Symantec CCSVM server.
- Type: Type of the new address group that you want to create on the Symantec CCSVM server. You must select one of the following: Single IP, IP Range, CIDR Notation, or Named Host.
Based on the type of address group selected, you must specify the values:
- Single IP Value: Value of a single IP address that you want to add to the new address group that you want to create on the Symantec CCSVM server. For example,
XXX.XXX.X.1
- IP Range Value: Range of IP addresses that you want to add to the new address group that you want to create on the Symantec CCSVM server. For example,
XXX.XXX.X.1-XXX.XXX.X.10
- CIDR Notation Value: CIDR Notation that you want to add to the new address group that you want to create on the Symantec CCSVM server. For example,
XXX.XXX.X.1/10
- Named Host Value: Hostname that you want to add to the new address group that you want to create on the Symantec CCSVM server. For example,
MyHostName
- Omit this entry: Select this option, i.e., set it to
True to omit the entry, such as IP addresses, from the group that you want to create on the Symantec CCSVM server.
If you have selected Port Group, then specify the following parameters:
- Group Name: Name of the new port group that you want to create on the Symantec CCSVM server.
- Type: Type of the new port group that you want to create on the Symantec CCSVM server. You must select one of the following: Single Port or Port Range.
Based on the type of address group selected, you must specify the values:
- Single Port Value: Value of a single port that you want to add to the new port group that you want to create on the Symantec CCSVM server. For example,
443
- Port Range: Range of ports that you want to add to the new port group that you want to create on the Symantec CCSVM server. For example,
1-1000
If you have selected Audit Group, then specify the following parameters:
- Group Name: Name of the new audit group that you want to create on the Symantec CCSVM server.
- Type: Type of the new audit group that you want to create on the Symantec CCSVM server. You must select one of the following: Single Audit ID or Audit ID Range.
Based on the type of address group selected, you must specify the values:
- Single Audit ID: Value of a single audit ID that you want to add to the new port group that you want to create on the Symantec CCSVM server.
- Audit ID Range: Range of audit IDs that you want to add to the new port group that you want to create on the Symantec CCSVM server.
|
Output
The JSON output contains the details of the group that you have newly configured on the Symantec CCSVM server.
Following image displays a sample output:
operation: Remove Group
Input parameters
| Parameter |
Description |
| Select Group |
Type of group that you want to remove from the Symantec CCSVM server. |
| Group Name |
Name of the new group that you want to remove from the Symantec CCSVM server. |
Output
The JSON output contains the status of the scan that was started using PowerShell.
Following image displays a sample output:
operation: Get Scan Status
Input parameters
| Parameter |
Description |
| Scan Name |
Name of the scan whose status you want to retrieve from the Symantec CCSVM server.
Note: By default, the status of all the scans are retrieved Symantec CCSVM server. |
Output
The JSON output contains the status of all scans, or the status of only the last scan, or the status of a specific scan retrieved from the Symantec CCSVM server, based on the scan name you have specified.
Following image displays a sample output:
operation: Get Scan Result
Input parameters
| Parameter |
Description |
| Scan Name |
Name of the scan whose results you want to retrieve from the Symantec CCSVM server.
Note: If you do not specify the scan name, then the result of the last scan is retrieved. |
| Output As Attachment |
Select this check box, i.e., set it to True, if you want to save the output of this operation as a file and save that file in FortiSOAR™ as an attachment. If you select this option, then you must specify the file format of the output in the Output File Format field. |
| Output File Format |
Format of the output file that you want to save in FortiSOAR™ as an attachment. You can choose between XML or JSON file formats.
Note: Only if you have selected the Output As Attachment check box is this value effective. |
Output
The JSON output contains the result of all scans, or the result of only the last scan, or the result of a specific scan retrieved from the Symantec CCSVM server, based on the scan name you have specified.
Following image displays a sample output:
operation: Execute Command on PowerShell
Input parameters
| Parameter |
Description |
| Command |
Command that you want to execute on the PowerShell.
You can enter multiple commands, for example, ['ls', 'dir'] |
Output
The JSON output depends on the query that you have run on PowerShell.
Following image displays a sample output:
Included playbooks
The Sample - Symantec-CCSVM - 1.0.0 playbook collection comes bundled with the Symantec CCSVM connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Symantec CCSVM connector.
- Configure and Run Scan
- Create Group
- Delete Asset
- Execute Command on PowerShell
- Get Asset By ID
- Get Assets By Workgroup
- Get Scan Result
- Get Scan Status
- Get Vulnerabilities By Asset ID
- Get Vulnerabilities By Vulnerabilities ID
- Remove Group
- Run Scan
- Search Assets
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
