Getting Started with VDR
This article describes the first steps to get started with Secureworks® Taegis™ VDR. The VDR Onboarding Overview also provides guidance for new VDR users during the onboarding process.
Adding Internet-facing Perimeter Assets ⫘
- Navigate to the Auto Discovery view.
- Select the + icon at the upper right corner to add a new public Internet-facing IP range.
- Specify the IP range in CIDR notation in the modal that appears, leaving the Edge Service selection to None (Internet).
- Leave other settings at their default values.
- Select Add and Discover Now.
- Don’t forget to safelist our public IP range 216.9.204.0/22 if you have protections in place (IPS, WAF, DDoS, etc.).
Adding Internal Assets ⫘
Request a New Edge Service ⫘
- Download a Generic VM image that fits your environment (extract using 7-zip).
- Log in to your VDR account, and navigate to the settings by selecting the account circle in the upper right and choosing Settings.
- Select Edge Services from System settings in the left menu.
- Select the Request Edge Service button at the upper right corner to request the creation of a new Edge Service.
- In the window that appears:
- Select the Configuration Only option.
- Give your Edge Service a Name and a Description.
- Select Submit.
- Wait a couple of minutes for a cogwheel icon to appear at the right of your Edge Service row in VDR, and then select the icon to copy your Configuration URL.
Install This New Edge Service Internally ⫘
- Follow the Edge Service Setup Instructions.
- Create a new virtual machine with enough RAM, CPU, and using the previously downloaded generic disk image.
- Make sure this new virtual machine has an initial DHCP network address (as specified in the Setup Instructions).
- Boot this Edge Service VM.
- Connect to the temporary configuration interface of the Edge Service VM and use your Configuration URL to finish the setup.
- Once set up, reboot the VM and wait five minutes to make sure it connects to VDR. The console status display and the icon indicator in VDR should be green.
Add Your Internal (RFC1918) IP Ranges ⫘
- Navigate to the Auto Discovery view.
- Select the + icon at the upper right corner to add your internal (RFC1918) IP range.
- Specify the IP range in CIDR notation in the modal that appears, and select the newly created Edge Service in the Edge Service section. The connectivity icon should be green.
- Leave other settings at their default values.
- Select Add and Discover Now.
Managing Vulnerabilities ⫘
By Using the Vulnerabilities View ⫘
- Navigate to the Vulnerabilities view.
- Ensure that the vulnerabilities are sorted by "Priority" with the priority label "1" at top of the list.
- Start by consulting vulnerabilities in that prioritized order, with the following simple workflow:
-
Verify that the vulnerability is not a false positive (confirm the installed software and/or the vulnerable URL).
- If it's a false positive, mark it as such and go to treat the next vulnerability.
- If the vulnerability severity level is not the right one according to your judgement, you can update it and go to treat the next vulnerability.
-
Update the vulnerable software and/or the vulnerable piece of Web application code.
- You might need to extract the vulnerability information to communicate it to a sysadmin or Web developer, which you can do by selecting the vulnerability and using the export function at the top, in PDF or CSV format.
-
Wait for the scans to update this vulnerability (if it is remediated, it will disappear from this view), or request an immediate re-scan of the asset.
- If the vulnerability cannot be remediated, you can choose to snooze it for a specific period of time.
- If the vulnerability is remediated (software was updated and/or Web application code isn't exploitable anymore) but still appears in VDR after a successful scan of the same asset, you can mark it as a false positive.