Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Release 1.1
Administrator Guide
Copyright Statements
© 2018, Infoblox Inc.— All rights reserved.The contents of this document may not be copied or duplicated
in any form, in whole or in part, without the prior written permission of Infoblox, Inc.
The information in this document is subject to change without notice. Infoblox, Inc. shall not be liable for
any damages resulting from technical errors or omissions which may be present in this document, or from
use of this document.
This document is an unpublished work protected by the United States copyright laws and is proprietary to
Infoblox, Inc. Disclosure, copying, reproduction, merger, translation, modification, enhancement, or use of
this document by anyone other than authorized employees, authorized users, or licensees of Infoblox,
Inc. without the prior written consent of Infoblox, Inc. is prohibited.
Trademark Statements
Infoblox, the Infoblox logo, NetMRI and Advisor are trademarks or registered trademarks of Infoblox Inc.
All other trademarked names used herein are the properties of their respective owners and are used for
identification purposes only.
Company Information
http://www.infoblox.com/contact/
1
https://cve.mitre.org/about/
The NetMRI Advisor client automatically maintains device vendor security advisory rules and
policies, as well as providing continual updates to vendor lifecycle data for supported network
elements under management.
2. The client then queries the Central Advisor Service for CVE Advisories and Lifecycle
Announcements that implicate the device models and software versions on the
network,
3. The client creates or adjusts NetMRI rules and policies to align them with the latest
available information, and if enabled, sends notification of the changes,
4. Older rules and policies that no longer apply to the network2 are automatically
pruned or adjusted, and
5. Lifecycle information is added to the NetMRI system’s database for devices that have
been implicated in a vendor announcement of end of sale or support.
The Advisor service allows the NetMRI system to present a consistent and up-to-date
representation of the vendor security advisory and lifecycle information for supported devices on
the network.
2
For example, if Cisco IOS version X.Y was known vulnerable to a given CVE policy, and the last device
operating this version was updated or retired, the associated rule will be deleted from the NetMRI system
as no longer applicable.
The Advisor service creates CVSS thresholds, which are set up as Custom Fields in the NetMRI
database, and are tunable through the system GUI.
3
CVSS, Version 3, https://nvd.nist.gov/vuln-metrics/cvss
Next, click on the IP Address link for the device to open the Device Viewer for the NetMRI
system, and select Device/Network Explorer, Custom Data from the menu on the right.
To commit the updated setting, click either button Save & Close, or Save.
Select the policies of interest from the list on the left. Optionally, a search hint can be entered
into the left search text box6 to filter the list, for example, “PSIRT”, or “2017”.
4
In effect, deploying a policy in NetMRI is akin to activating or enabling it for specific device groups.
5
For more information, see “How Policies Work” in the NetMRI Online Reference Guide.
6
To filter the policy names, the left menu search box will match either plain text partial strings or regular
expression patterns.
Select the target group from the tree on the left, and choose the policy or policies to be activated
by clicking the associated checkboxes in the right hand side panel.
Optionally, a search hint can be entered into the policy list text box to filter the list of visible
policies.
The policy list also displays a Last Change Date column which shows the last time Advisor
updated each policy. Clicking on the title of this column will sort the list to show the most recent
CVE Advisories for the network.
When the chosen policies have been selected, click the bottom right button labeled Save to
deploy and enable vulnerability assessment.
In the middle bar, click the right side button, Views, to show the menu of defined issue filters,
and click on the item PSIRT Violations;
The issue list will then refresh, with the PSIRT Vulnerability filter operating and the custom view
fields displayed.
The results can be further filtered by entering a partial match string in the top left search box,
and the columns can be sorted in ascending/descending order by clicking on the column titles.
The currently displayed information can be exported to CSV format for use by a spreadsheet or
other application by clicking the top right arrow button .
Clicking on the Title link of any PSIRT issue will open the NetMRI Issue Viewer, which allows
navigation by affected groups, using the left hand menu, and drill down to device details by
clicking the View link in the Details column.
7
For details on setting up new Custom Views, see the section Working with Table Information in the NetMRI
online reference.
Enter the Hostname or IP address, Port, Username, and Password of the MTA NetMRI should
use for outgoing emails8.
Click the button labeled Save at the bottom of the window to commit the MTA settings.
8
For more information, see Defining Global Notification Settings, in the NetMRI online reference.
When the Add Notification window appears, in the Issues section, select “1 New PSIRT Rules
Loaded”, and select the device group “All Devices”, as shown in Figure 16.
To ensure that all Advisor update information is present in the notification, ensure that the
checkbox Summarize is not checked.
Next, select the NetMRI users and fill any other email addresses to be notified of Advisor policy
updates.
Clicking on the Advanced Settings button, enter the desired information for From Address and
Subject.
For the From Name, enter “NetMRI_PSIRT_Advisories”.
For the Mime Type, select Plain Text9.
Click Save to commit the Advanced Email Settings.
Hit Save again in the Add Notification window to complete the configuration.
9
There is no need to change the Message Text, as the client will update this automatically when sending a
notification.
In the import dialog box, select “Choose File” and pick the category to list the report under.
Choose the report XML file to load and click the button labeled Open;
After the page refreshes, the report should show up in the selected Category, and can be run
ad-hoc, or scheduled.
To create the modified report, click the “Import Custom Report” button at the top right, and
select the newly exported XML file, as described above in Section 7.1.
Once the file is selected, do the following;
1. Click the button “Import”, as shown in Figure 23,
3. At the file name entry window, type in a new name and click “OK”.
After the page refreshes, the duplicated report should show up in the selected category, and
can be edited by mouse hovering over the item in the Report Gallery and clicking the link “Edit”
to open the Report Wizard10.
10
For more on designing NetMRI reports, see the section Defining Custom Reports in the NetMRI online
reference.
Using the provided BASE64 utility, convert the new username/password to a BASE64 encoded
string.
Term Definition
CVE Common Vulnerabilities and Exposures. A dictionary of common
names (i.e., CVE Identifiers) for publicly known information security
vulnerabilities.
CVSS Common Vulnerability Scoring System. A standard measurement
system for industries, organizations, and governments that need
accurate and consistent vulnerability impact scores.
Deploying Policies NetMRI policies take effect and the rules are evaluated only once they
have been deployed against specific device groups. Once a policy is
deployed, the targeted devices are assessed against the rules
associated with the policy to derive the compliance result.
UI / GUI User Interface, Graphical User Interface
NetMRI Network management Product/Platform offered by Infoblox
Infoblox Company which owns NetMRI product
NetMRI Advisor Infoblox Security Vulnerability and Lifecycle Management Service for
NetMRI.