The AlienApp for Digital Defense, Inc. (DDI) Frontline Vulnerability Manager (VM) features powerful vulnerability assessment capabilities that can be paired with USM Anywhere for extended security management. When you configure the app in USM Anywhere, you can allow DDI Frontline VM to create assets that are discovered in scans, and merge the asset information provided from the DDI Frontline VM scan with the existing asset information in USM Anywhere.
Asset Creation from BlueApp for DDI Frontline VM
When DDI Frontline VM runs a scan, it identifies all assets and assigns them an individual DDI Frontline VM identifier (ID). These assets can be added to USM anywhere by selecting the Allow Asset Creation checkbox in the app's configuration menu. Assets created from a DDI Frontline VM scan will include the DDI network profile ID, DDIv NetBios smartname, and the DDI Domain Name System (DNS) smartname in the asset details.
The BlueApp for DDI Frontline VM Asset Source filter only displays assets that were created by the app's asset scan. Assets that were originally created by other means (for example, existed in USM Anywhere before the asset scan or were ingested by another app) will not be shown by this filter. To view all assets, including those not ingested by this app, use one of the app's custom filters or the DDI host name filter. The BlueApp for DDI Frontline VM cannot scan any asset that was not ingested through the app.
Duplicate Asset Merge
Assets discovered in DDI Frontline VM scans may duplicate the assets already discovered in USM Anywhere. When you select the Merge Duplicate Assets checkbox in the DDI Frontline VM configuration menu, USM Anywhere merges the information from the DDI Frontline VM scan with the existing asset. Assets are matched by comparing the unique DDI ID, MAC address, IP address, and host name from the DDI Frontline VM scan with the same asset details in USM Anywhere.
Manual Asset Merge
If the Merge Duplicate Assets checkbox in the DDI Frontline VM configuration menu isn't checked, USM Anywhere will keep a record of the assets that match one another. These assets are contained in the Merge Asset tab in the BlueApp for DDI Frontline VM page.
To review these duplicate assets, click the Merge Asset tab and click Review next to the asset in the list. From here, you can respond to the asset discrepancy with one of the following actions:
- Reject: Cancel the match without creating a new asset or merging it with an existing asset, effectively ignoring the new asset discovered in the DDI Frontline VM scan.
- Create New Asset: Create an asset in USM Anywhere based on the information from the DDI Frontline VM scan.
- Merge: Merge the information from the DDI Frontline VM scan with the matching asset details in USM Anywhere.
- Manually Match: Choose the matching asset manually.
Once you have selected a response to the asset review, the status of your choice is reflected in the table of assets in the Merge Asset tab.
Asset Split
A USM Anywhere asset that has been merged with a DDI Frontline VM asset profile can be split back into two separate assets after they have been merged.
To split a merged asset
- Go to Environment > Assets.
-
Locate the asset you want to split and click the button next to the asset, and then click Full Details.
-
In the full asset view window, click Split Asset in the Asset Discovery section.
A window opens showing the existing asset and the new asset that will be created once the two are split.
- Click Split Asset to undo the asset merge and create a separate, new asset.