Vulnerability Data from VDR
Overview ⫘
For Secureworks® Taegis™ XDR tenants that also subscribe to Secureworks® Taegis™ VDR, XDR now displays vulnerability data mapped from VDR to your XDR assets within Alert Details. For more information, see Vulnerabilities Tab.
Additional features using this integration are planned for the near future. See the Release Notes for announcements.
Asset Mapping Logic ⫘
The process for mapping assets from VDR to XDR begins with a successful scan of server assets by VDR or a refresh of third-party server asset scan data. The mapping engine then queries the associated XDR tenant and applies the following logic during the mapping process:
- IP Address — The primary criterion for mapping an asset is its IP address. Assets with matching IP addresses in both VDR and XDR are considered with high probability to be the same entity. Due to dynamically attributed IP addresses, multiple results must be filtered.
- Archived Status — Any XDR asset with an archived status is considered irrelevant and removed from matching.
- Last Seen Date — Any XDR asset that was last seen by XDR over eight days prior to the approximate scan completion are removed from matching.
- Hostname:
- If the VDR server asset does not have an associated hostname, the mapping process ends here, typically with a single match, but possibly with multiple.
- If the VDR server asset does have an associated hostname, the hostname is used as a secondary criterion for mapping to the filtered XDR assets.
Matches made by the mapping process are considered valid and are persisted in VDR's data store. New scan data will update the data store records for the VDR server asset. If the asset disappears from VDR, from the network, or if scans do not complete successfully, its data will expire after 35 days of not being refreshed and new successful scan data is needed for the mapping to be restored.
Further Information ⫘
For more information on Secureworks® Taegis™ VDR, see the following resources.