Skip to main content

ActiveEye Vulnerability Scanner (AEVS)

Overview

AEVS is part of the ActiveEye vulnerability management solution, and is deployed into an ActiveEye Remote Security Sensor (AERSS) that will reside inside a customer network and conduct internal vulnerability scans.

The vulnerability vendor of choice is currently Tenable.io.

Prerequisites

Creating an AEVS service connector requires the following:

  1. An AERSS service connector must already exist in the customer network. This AERSS service connector cannot already be associated with any AEVS service connector. Instructions for creating an AERSS service connector can be found here.
  2. An existing Tenable.io “instance” (an instance is a fully isolated entity in Tenable.io terms, equivalent to an AWS or Azure account).

The Tenable.io “instance” requires the following:

  1. A Linking Key (the semi-secret key a scanner will require to attach itself to the correct Tenable.io instance, which also serves as an alternative license key for the scanner). To obtain a Linking Key, log in to https://cloud.tenable.com, and then proceed to add a scanner. The Linking Key can be found there, or there will be an option to generate a new Linking Key. Please note that generating a new Linking Key will invalidate any existing Linking Keys.
  2. An API key pair (the access key and secret key) allows ActiveEye to control the scanner via Tenable.io API. To obtain the API key pair, log in to cloud.tenable.com, then proceed to the My Account's API Keys page. Existing API Keys will not appear on this page, but it does contain an option to generate a new pair. Please note that generating a new pair will invalidate any existing pairs.

Creating the Credentials and Service Connector

Creating AEVS Credentials

AEVS credentials must be created before creating the service connector.

  1. In ActiveEye, in the left pane, click Admin, and then click Service Connectors.
    The Service Connectors page appears.
    The Service Connectors page
  2. In the upper-right corner of the page, click Manage connectors credentials.
    The Connector Credentials page appears.
    The Connector Credentials page
  3. In the upper-left corner of the page, click Add Credential.
    The Add Connector Credentials page appears.
  4. In the Connector Type list, select AEVS.
    The AEVS Credentials section appears.
  5. In the Display Name box, enter a unique name.
  6. In the Linking Key box, enter the linking key described in the Prerequisites section of this topic.
  7. Click Add.
    The AEVS credentials are created.

Creating AEVS API Credentials

AEVS API credentials must also be created before creating the service connector.

  1. In ActiveEye, in the left pane, click Admin, and then click Service Connectors.
    The Service Connectors page appears.
  2. In the upper-right corner of the page, click Manage connectors credentials.
    The Connector Credentials page appears.
  3. In the upper-left corner of the page, click Add Credential.
    The Add Connector Credentials page appears.
  4. In the Connector Type list, select AEVS API.
    The AEVS API Credentials section appears.
  5. In the Display Name box, enter a unique name.
  6. In the Access Key box, enter the access key described in the Prerequisites section of this topic.
  7. In the Secret Key box, enter the secret key described in the Prerequisites section of this topic.
  8. Click Add.
    The AEVS API credentials are created.

Creating the Service Connector

With AEVS and AEVS API credentials created, the AEVS service connector can be created.

  1. In ActiveEye, in the left pane, click Admin, and then click Service Connectors.
    The Service Connectors page appears.
  2. In the upper-left corner of the page, click Add Connector.
    A list of service connectors appears.
    The list of service connectors
  3. Scroll down to the SECURITY MANAGEMENT section, and then, in the ActiveEye Vulnerability Scanner subsection, click the Add Connection button.
    The Add Connector Account page appears.
  4. In the Display Name box, enter a unique name.
  5. In the AERSS Connector list, select the appropriate AERSS service connector that is not already associated with an AEVS service connector.
  6. In the AEVS Credential Set list, select the name of the previously created AEVS credentials.
  7. In the AEVS API Credential Set list, select the name of the previously created AEVS API credentials.
  8. Optionally, modify the priority level in the Priority box. Raising or lowering the priority will increase or decrease the visibility of alerts related to this service connector.
  9. If you do not want data ingestion to begin immediately once cloud accounts have been configured, clear the Enable Account check box. Otherwise, leave the check box selected.
  10. Click Add.
    The AEVS service connector is created.