Flexera
Using Flexera’s integration with CTIX, you can import Flexera’s vulnerability intelligence information into the CTIX platform. This integration can help security teams to create effective software vulnerability management and security patch management processes that reduce security risk by enabling prioritization and optimization of processes for managing software vulnerabilities and mitigating risks.
About Flexera
Flexera is a Saas-based IT security management solution for organizations that have a highly complex hybrid infrastructure.
Configure Flexera App in CTIX
Flexera is available as an out-of-the-box integration in the CTIX application.
Before you Start
Your user group must have permissions to create, view, and update feed sources.
You must have the Base URL and the API key of your Flexera account.
Steps
Use the following steps to configure the app in CTIX:
Sign in to the CTIX application.
From Administration, open Integration Management and select APIs under FEED SOURCES.
Click Add API Source.
Use the search bar to locate Flexera and click on the app.
Click Add Instance.
Enter the instance name, base URL, and the API key of the Flexera account.
To secure the connection between CTIX and Flexera server, select Verify SSL.
Click Save.
Configure Feed Channels for the Flexera Integration
Use feed channels in CTIX to configure the vulnerability feeds that you receive through this integration. The data received from this feed channel is stored in a collection. Vulnerability information is fetched from this integration through the Retrieve Vulnerability Feeds data channel.
Use the following procedure to configure the feed channels:
From Administration, open Integration Management and select APIs under FEED SOURCES.
Use the search bar to locate Flexera and click on the app.
Click the ellipsis on the top right corner and select Manage.
On the Manage Instance page, click Manage Feed Channel(s).
Select a feed channel.
Enable the feed channel and enter the last polled date.
Enter the name of the collection to collect the feeds data. The system creates this collection and put all the feeds into this collection.
Select the Polling Cron Schedule to specify the poll type of your Flexera account.
Select Manual to manually poll for the feeds.
Select Auto to automatically pool for the feeds. Enter a frequency in minutes for automatic polling.
Select a default TLP to assign for the feeds.
Set a default confidence score for the feeds.
Select any tags that you may want to associate with the feeds.
Enable Broken Connection Retry Policy to allow the CTIX application to re-attempt any failed connection attempts to your Flexera account.
You can enter the retry interval units in minutes, days, or weeks and also specify the retry interval and the retry count.
Enable Exponential Backoff Entry to progressively extend the wait time between retries for consecutive error responses. For example, for a 10-minute exponential retry interval, the system will re-attempt to connect in 10, 100, 1000, 10000, and so on until the retry count is met. Use this option to give your system resources some breathing time and resolve any service overload issues.
Click Save.
You can configure multiple instances of this integration by clicking Manage and Add More.
Poll for Feeds Manually
If you enable Auto Polling while configuring feed channels, the polling will be done automatically. However, if you want to poll for information manually, use the following process:
From Administration, open Integration Management and select APIs under FEED SOURCES.
Select Flexera and select the feed channel.
Click the feed channel ellipsis and choose Poll Now.
View Flexera Feeds on CTIX
After configuring the Flexera integration on the CTIX application, you can view the intel package received on the CTIX application.
From Administration, open Integration Management, and select APIs under FEED SOURCES.
Select Flexera, and select the feed channel
Click the feed channel ellipsis, and select View Intel. You can view the IOCs received in the feeds from this source in Threat Data. Some IOCs received in the feeds can not be mapped to the STIX domain objects and are mapped to the STIX custom objects.