Documentation update

   

To provide a better user experience, we have now created a separate documentation space for Helix Vulnerability Management.
Users of Helix Vulnerability Management (includes BMC Helix Automation Console) can find the latest documentation at BMC Helix Vulnerability Management Open link .

Scans

Scans enable you to discover potential issues on the assets in your environment. You can use various vulnerability management systems such as Qualys, Nessus, and Rapid7 to scan the assets. After scanning, you can export scan results from these systems and then import them into
TrueSight Automation Console.You can integrate Automation Console with TrueSight Orchestration to automatically import scan files from Nessus system. For details, see Use case: Automatically importing vulnerability scan files

An exported scan file collects information about assets (such as servers) and the vulnerabilities associated with those assets.

When a vulnerability scan is imported into Automation Console, assets included in the scan are automatically mapped to endpoints managed by the underlying endpoint manager, TrueSight Server Automation. The automatic asset mapping process matches the Domain Name Server (DNS) and then the IP address of an asset in a vulnerability scan to an endpoint managed in TrueSight Server Automation.

You can remediate these assets against the vulnerabilities using Automation Console. Currently, you can import a scan file up to 1 GB.

This topic describes prerequisites for importing scans, and a few considerations that you need to keep in mind before you import.

Prerequisites for importing scans

Before importing a scan, ensure that the you have exported scan results from the vulnerability management system. For more information about supported versions of the scanning systems, see
System requirements.The exported file must meet the requirements listed below.

Rapid7 scan file requirement

The scan file exported from Rapid7 must use the XML Export 2.0 format.

Qualys scan file requirements

The scan file exported from Qualys:

Nessus scan file requirements                                 

  • The scan file exported from Nessus can be based on different types of scans (such as OS or network scans) but at a minimum, it must include the following details:
    • Server name
    • Server IP address
    • Server operating system
    • Associated plugin IDs (a plugin is a check for a vulnerability)
  • The scan file must be in XML format, and the file must end with the .nessus extension.

Considerations before you import

Before you begin importing scans, consider the following:

  • A record is one asset with one vulnerability. For example, two assets with 10 vulnerabilities each equals 20 records.
  • If subsequent scans include assets that are already scanned with vulnerabilities that are already found, those vulnerabilities do not increase the record count. 
  • To manage record counts, you can reduce the scope of a scan (for example, scanning only for vulnerabilities with severity 4 and 5) or remove unneeded devices from the scan, such as endpoints not managed with TrueSight Server Automation.

Where to go from here

To import or delete scans, see Working with scans.

Was this page helpful? Yes No Submitting... Thank you

Comments