BlueApp for DDI Frontline VM Orchestration

The BlueApp for DDI Frontline VM provides a set of orchestration actions that you can use to identify vulnerabilities and manage assets in your USM Anywhere environment. The following table lists the available actions from the BlueApp.

Actions for the BlueApp for DDI Frontline VM
Action Description
Run Scan

Use DDI Frontline VM to scan asset for vulnerabilities.

Scanner, scan policies, business groups and asset groups can all be specified here.

Scans can also be scheduled for a specific date and time.

Run Scan by Label

Use DDI Frontline VM to scan asset for vulnerabilities based on a specific DDI label.

Scanner, scan policies, business groups, and asset groups can all be specified here.

Add Asset to Static Asset Group

Add asset to a static DDI Frontline VM asset group.

Add Label to Asset Add a DDI label and, optionally, label color to an IP range.

To view information about these actions in USM Anywhere

  1. In USM Anywhere, go to Data Sources > BlueApps.
  2. Click the Available Apps tab.
  3. Search for the BlueApp, and then click the tile.
  4. Click the Actions tab to display information for the supported actions.
  5. Click the History tab to display information about the executed orchestration actions.

Launch Actions from USM Anywhere

Digital Defense Incorporated (DDI) Frontline Vulnerability Manager (VM) scans can be performed from the app's Action page (AlienApps DDI Frontline VM > Actions) by clicking Run next to the action. Alternately, you can run DDI Frontline VM actions from the Vulnerabilities or Assets pages.

To launch a DDI Frontline VM action from a vulnerability

  1. Go to Environment > Vulnerabilities.
  2. Click the alarm or event to open the details.
  3. Click Select Action.

  4. In the Select Action dialog box, select the DDI Frontline VM tile.

  5. For the App Action, select the action you want to run.

    Additional fields will be populated based on the action you've selected. Fill out the necessary fields for the app action.

  6. Fill out the details for the scan action you selected.
  7. Click Run.

    After USM Anywhere initiates the action for an alarm or event, it displays a confirmation dialog box.

To launch a DDI Frontline VM scan for an asset

  1. Go to Environment > Assets.
  2. Do one of the following:

    • Next to the asset name that you want to scan, click the icon and select Full Details, and then select Actions > Scan with BlueApp.

    • Next to the asset name that you want to scan, click the icon that you want to scan and select Scan with BlueApp.
  3. For the App Action, select the action you want to run.

    Additional fields will be populated based on the action you've selected. Fill out the necessary fields for the app action.

  4. Fill out the details for the scan action you selected.
  5. Click Run.

    After USM Anywhere initiates the action for an alarm or event, it displays a confirmation dialog box.