Setting Vulnerability Management Credentials and Locations - PAS ICS Integrity - 7.3 - Help - Intergraph

ICS Integrity Help

Language
English
Product
PAS ICS Integrity
Subproduct
ICS
Search by Category
Help
PAS Version
7.3

The FTPLoadConfigTool.exe configuration utility allows you to define two transfer transactions for Vulnerability Management information and two transfer transactions for Patch Management information. Transfer 1 identifies the credentials and location for downloading the latest asset model from the PAS by Hexagon SFTP site. Transfer 2 identifies the credentials, if needed, and the location for moving the asset model to the ICS Integrity server. These two transfer transactions allow you to download the latest Vulnerability Management asset model to one computer, and then transfer the file to the Integrity server, which may not be able to access the PAS by Hexagon SFTP site due to your network configuration.

  • To use the configuration and download utilities, you need to copy the following files from the InstallPath\DataCollector\Utilities folder to a folder on the computer where you will download the latest vulnerability management asset model file:

    • FTPLoadConfigTool.exe

    • FTPDownload.exe

    • FtpAssetModelManagement.dll

    • FtpAssetModelManagement.xml

    • WinSCP.exe

    • WinSCPnet.dll

  • If needed, you can use the configuration and download utilities to download the vulnerability management asset model file and then transfer it to an internal location, where you can then use these utilities on another computer to get the downloaded files from that internal location and transfer them to the ICS Integrity server. However, more transfers in the chain can lead to issues if connectivity or availability is interrupted.

  • When you download the latest Vulnerability Management asset model from the PAS by Hexagon SFTP site, use the PAS by Hexagon SFTP credentials for vulnerability management. For more information about these credentials (user name and password), contact Technical Support.

  • When the utility downloads the Vulnerability Management asset model IAM file, it also creates and transfers a newFiles.txt file. When the RunDefinition.exe utility runs, it checks the specified asset model folder for the newFiles.txt file, and if it exists, it imports the latest asset models in that folder.

To configure your vulnerability management download settings:

  1. Run the FTPLoadConfigTool.exe configuration utility on the computer where you will download the latest vulnerability management asset model file from the PAS by Hexagon SFTP site. You copied this utility and its supporting files from the ICS Integrity server.

    admin-vm-config-load-tool

  2. In the Configuration Name field, specify a name for this configuration, such as Vulnerability Management. You will use this name when you schedule the download and transfer utility.

  3. In the 1st Transfer fields, specify the connection credentials and the source location from where you want the latest PAS Vulnerability Management.iam file downloaded.

    The Source field allows you to specify SFTP using the following format:

    sftp://servername:port/path

    where servername specifies the SFTP server, such as sftp.pas.com, and :port specifies the port number, such as :22. If you want to use the default port, which is 22 for SFTP or 21 for FTP, you can leave out the colon and the port number.

    To download this file from PAS by Hexagon, set the Source field to sftp://sftp.pas.com/PASVulnerabilityMgt_3_1. In addition, use the PAS by Hexagon SFTP credentials for vulnerability management. For more information about these credentials, contact Technical Support.

  4. If your environment requires using a proxy configuration, select Use Proxy and then specify the proxy host, port, and credentials to use.

  5. If you need to transfer the downloaded file to a remote ICS Integrity server or other location, in the 2nd Transfer fields, specify the transfer type, connection credentials if needed, and the location where you want the latest PAS Vulnerability Management.iam file transferred. The Destination field supports the same SFTP format as the Source field, including the ability to use a proxy configuration if needed.

    Each asset model must be in its own folder. Use a separate folder for the patch management asset model, such as InstallPath\DataCollector\Asset Models\PAS PM.

  6. Click Save.

    The configuration utility attempts to retrieve the SSH host key fingerprint for each SFTP server and port specified. The utility also attempts to connect to each FTP server.

  7. If the retrieved fingerprint for a specified SFTP server and port has not been previously approved, the configuration utility displays the fingerprint value. Review the value, and then click Yes to approve the fingerprint.

    The FTPDownload.exe utility uses the fingerprint when connecting to the specified SFTP server. If the fingerprint is not approved, the connection cannot be established and the files cannot be transferred.

  8. If the configuration utility cannot contact a specified SFTP or FTP server, the utility displays a confirmation message to indicate the server was not available. Review the message, and then click OK.