Scans enable you to discover potential issues on the assets in your environment. You can use various vulnerability management systems such as Qualys, Nessus, and Rapid7 to scan the assets. After scanning, you can export scan results from these systems and then import them into BMC Helix Automation Console and TrueSight Automation Console. An exported scan file collects information about assets (such as servers) and the vulnerabilities associated with those assets.
When a vulnerability scan is imported into Automation Console, assets included in the scan are automatically mapped to endpoints managed by the underlying endpoint manager, TrueSight Server Automation. The automatic asset mapping process matches the Domain Name Server (DNS) and then the IP address of an asset in a vulnerability scan to an endpoint managed in TrueSight Server Automation.
You can remediate these assets against the vulnerabilities using Automation Console.
This topic describes prerequisites for importing scans, validate the scans before importing them, and a few considerations that you need to keep in mind before you import.
Prerequisites for importing scans
Before importing a scan, ensure that the you have exported scan results from the vulnerability management system. The exported file must meet the requirements listed below.
Rapid7 scan file requirement
The scan file exported from Rapid7 must use the XML Export 2.0 format.
Qualys scan file requirements
The scan file exported from Qualys:
- must comply with the following DTD: https://qualysguard.qg2.apps.qualys.com/scan-1.dtd
- cannot be based on report templates.
- must be in XML format and it must end with the .xml extension.
Nessus scan file requirements
- The scan file exported from Nessus can be based on different types of scans (such as OS or network scans) but at a minimum, it must include the following details:
- Server name
- Server IP address
- Server operating system
- Associated plugin IDs (a plugin is a check for a vulnerability)
- The scan file must be in XML format, and the file must end with the .nessus extension.
BMC provides a utility that allows you to check the validity of scans that you want to import. The utility counts the number of servers and vulnerabilities found, checks for any required fields that are missing, and determines whether you can successfully import the scans. The utility is available as a ZIP file, bmcScanFileProfiler-V4.zip, which you can download from BMC Communities (login required).
After downloading the ZIP file, do the following to check the validity of the scan file:
- Set the JAVA_HOME environment variable to the location where Java is installed, as follows:
Search for java.exe. JAVA_HOME should point to the directory that contains the bin directory. For example,
- Extract bmcScanFileProfiler-V4.zip to a temporary directory.
- From the command line, navigate to the directory, where the ZIP file was extracted.
- Run the following command to profile the scan file:
Considerations before you import
Before you begin importing scans, consider the following:
- A record is one asset with one vulnerability. For example, two assets with 10 vulnerabilities each equals 20 records.
- If subsequent scans include assets that are already scanned with vulnerabilities that are already found, those vulnerabilities do not increase the record count.
- To manage record counts, you can reduce the scope of a scan (for example, scanning only for vulnerabilities with severity 4 and 5) or remove unneeded devices from the scan, such as endpoints not managed with TrueSight Server Automation.
Where to go from here
To import or delete scans, see Working with scans.