Cisco Cisco Identity Services Engine Software Manual Técnica
NAC.VendorName","Qualys","TC-NAC.AdapterInstanceName","QUALYS_VA"]}]
Typical Issues
Issue 1. ISE gets Vulnerability Report with CVSS_Base_Score of 0.0 and
CVSS_Temporal_Score of 0.0, while Qualys Cloud report contains Vulnerabilities detected.
CVSS_Temporal_Score of 0.0, while Qualys Cloud report contains Vulnerabilities detected.
Problem:
While checking the Report from Qualys Cloud you can see detected Vulnerabilities, however on
ISE you do not see them.
ISE you do not see them.
Debugs seen in vaservice.log:
2016-06-02 08:30:10,323 INFO [SimpleAsyncTaskExecutor-2][]
cpm.va.service.processor.AdapterMessageListener -:::::- Endpoint Details sent to IRF is
{"C0:4A:00:15:75:C8":[{"vulnerability":{"CVSS_Base_Score":0.0,"CVSS_Temporal_Score":0.0},"time-
stamp":1464855905000,"title":"Vulnerability","vendor":"Qualys"}]}
Solution:
The reason for cvss score being zero is either that it has no vulnerabilities or the cvss scoring was
not enabled in Qualys Cloud before you configure the adapter through UI. Knowledgebase
containing cvss scoring feature enabled is downloaded after the adapter is configured first time.
You have to ensure that CVSS Scoring was enabled before, adapter instance was created on ISE.
It can be done under Vulnerability Management > Reports > Setup > CVSS > Enable CVSS
Scoring
not enabled in Qualys Cloud before you configure the adapter through UI. Knowledgebase
containing cvss scoring feature enabled is downloaded after the adapter is configured first time.
You have to ensure that CVSS Scoring was enabled before, adapter instance was created on ISE.
It can be done under Vulnerability Management > Reports > Setup > CVSS > Enable CVSS
Scoring
Issue 2. ISE does not get results back from the Qualys Cloud, even though correct
Authorization Policy was hit.
Authorization Policy was hit.
Problem:
Corrected Authorization Policy was matched, which should trigger VA Scan. Despite that fact no
scan is done.
scan is done.
Debugs seen in vaservice.log:
2016-06-28 16:19:15,401 DEBUG [SimpleAsyncTaskExecutor-2][]
cpm.va.service.processor.AdapterMessageListener -:::::- Message from adapter :
(Body:'[B@6da5e620(byte[311])'MessageProperties [headers={}, timestamp=null, messageId=null,
userId=null, appId=null, clusterId=null, type=null, correlationId=null, replyTo=null,
contentType=application/octet-stream, contentEncoding=null, contentLength=0,
deliveryMode=PERSISTENT, expiration=null, priority=0, redelivered=false,
receivedExchange=irf.topic.va-reports, receivedRoutingKey=, deliveryTag=9830, messageCount=0])
2016-06-28 16:19:15,401 DEBUG [SimpleAsyncTaskExecutor-2][]
cpm.va.service.processor.AdapterMessageListener -:::::- Message from adapter :
{"requestedMacAddress":"24:77:03:3D:CF:20","scanStatus":"SCAN_ERROR","scanStatusMessage":"Error
triggering scan: Error while trigering on-demand scan code and error as follows 1904: none of
the specified IPs are eligible for Vulnerability Management
scanning
.","lastScanTimeLong":0,"ipAddress":"10.201.228.102"}
2016-06-28 16:19:15,771 DEBUG [SimpleAsyncTaskExecutor-2][]
cpm.va.service.processor.AdapterMessageListener -:::::- Adapter scan result failed for
Macaddress:24:77:03:3D:CF:20, IP Address(DB): 10.201.228.102, setting status to failed
2016-06-28 16:19:16,336 DEBUG [endpointPollerScheduler-2][] cpm.va.service.util.VaServiceUtil -
:::::- VA SendSyslog systemMsg :
[{"systemMsg":"91008","isAutoInsertSelfAcsInstance":true,"attributes":["TC-