VulnIQ Security Scanner Documentation

Please see bundled documentation for a more detailed version, this is just a summary.

VulnIQ Security Scanner, Terzi, is a client application that can be used to collect system information and run security scans on endpoints. It is an integral part of the VulnIQ solution and uses VulnIQ Information Engine and Vulnerability Manager APIs.

System Requirements

Terzi is a java application and has been tested with Java 11, on OpenJDK and Amazon Corretto.
A self-contained installation package which includes Java Runtime Environment is also provided for a limited number of platforms. For other platforms, Java must be installed to run Terzi.

Functionality

System Information:
Terzi can collect system information such as operating system, installed packages, network interfaces.

Scanning:
Terzi can run a security scan and report discovered issues.

OVAL:
Terzi includes an OVAL interpreter that can be used to run OVAL definitions.

Folder Layout

Default folder layout is as follows. Folder layout may be different for self-contained packages that also include the Java Runtime Environment.
  • bin/: Contains program binaries and scripts
  • conf/: Contains configuration files
    • terzi.properties: Terzi configuration file, access token and VulnIQ base urls must be configured before running the program for the first time.
    • log4j2.xml: Logging configuration.
    • terziInstanceGuid.dat: Unique instance id. This can be configured to filter collected data using instance guids on VulnIQ Vulnerability Manager. If not configured an auto generated value (a UUID) will be used.
  • lib/: Libraries used by the application.
  • logs/: By default application logs will be stored in this folder. Log configuration can be modified by changing conf/log4j2.xml.
    • gc.log: Java garbage collection logs
    • terzi.log: Current application log file. Log files will be automatically rotated and old log files will be saved with files names terzi-[timestamp].log.gz.

Running Terzi

Terzi can be run using the .sh and .bat files under the bin folder. By default the following commands are available:

  • info.sh / info.bat: Collect system information
  • scan.sh / scan.bat: Run a security scan
  • oval.sh / oval.bat: Execute OVAL defition(s) or test(s)

Running the commands without any parameters will print out command help texts which contain detailed information about parameters and usage.

Output

JSON:
Collected data will be printed to system out in JSON format.

Plain Text:
Collected data will be printed to system out as formatted plain text.

Pushing Results To VulnIQ Server

When -p command line parameter is provided and an access token is configured in conf/terzi.properties, collected scan results or system information will be pushed to the VulnIQ server using Vulnerability Manager APIs.
No additional configuration or user interaction is needed. This allows scripting and automation of tasks, e.g weekly scans using a cron job.