Setting up a scanner connection

Setting up a scanner connection allows you to import vulnerability scans automatically, without any need for exporting the scans from vendor tools or manually importing the scans into BladeLogic Portal. You can schedule how often scans are imported. You can search for particular scans to import, and you can also establish filters that limit the scan data that is actually imported from the overall set of scans you have selected to import.

Note

  • Currently, scanner connections are only possible with the Tenable Security Center. Tenable is the creator of the Nessus Vulnerability Scanner.
  • When importing scans from Tenable Security Center, only "active scans" are supported. Scans imported from Nessus Agents through Nessus Manager are not supported.


This topic contains the following sections:


The following video demonstrates how to use Threat Director (BladeLogic Portal 2.2.01 or later) to set up a scanner connection so you can automatically import scan results.

https://www.youtube.com/embed/Rb0ZAbj4sUo

Before you begin

To import scan data automatically, the capability to import scan data must be enabled. Typically, that capability is enabled during installation, but if you decide to set up automatic imports sometime after installation you must manually enable scan imports by modifying a configuration file. When that procedure is complete, perform the configuration procedure described below.

To set up a scanner connection

  1. As a portal administrator with the Threat Director permission, click the drop-down menu by your user name (at top right). Then, select Administration
  2. Click the Scanner Connections tab. 
  3. Click Add a new Scanner Connection  to create a new connection, or click Edit the current Scanner Connection on the row representing a connection you want to modify.
    A window opens where you can define the connection the scanner connection.
  4. Under Connection Details, take the following steps:
    1. Provide the following values:

      OptionDescription
      Connection URLThe URL needed to contact a scanner.
      UsernameA user account with access to scans and permission to export scans.
      PasswordThe user's password.
    2. Click Test Connection to confirm that the scanner connection is defined correctly.
      A message confirms whether the connection is valid. If it is valid, a list of existing scans populates the Scans to Import section.
  5. For Import Configuration, define the schedule for importing scans. Provide a time to import data, a time zone, and the frequency (in days). The frequency can range from 1 to 30 days.
  6. Under Scans to Import, define criteria to filter the scans that are imported. If you define no criteria, all scans that you specify in the next step are imported. Enter the following values to define filters:

    OptionDescription
    Target OSSelect operating system data for the scans to import.

    If you are importing scans for networking devices, be sure to select Other. Networking devices are not always associated with an operating system.

    If you are importing scans for SuSE servers, be sure to select both Linux and Other.

    SeveritySelect the severity level of vulnerabilities to import.
    Qualys, Nessus, and Rapid7 use different scoring for severity levels. Qualys uses scores of 1-5. Nessus uses scores of 0-4. Rapid7 uses scores of 1-10. To maintain consistency, BMC increases the Nessus severity levels by one (so they become 1-5) and maps the ten Rapid7 severity levels to five levels.
    IP RangeOptionally, enter an IP address range of devices to import. Use the IPv4 format when entering addresses. For example, you could enter a range like 172.22.238.127/32. You can also enter a comma-separated list of multiple IP address ranges. To allow all addresses, enter 0.0.0.0/0.
  7. Select the scans to import by taking one of the following actions:
    • To import results from all scans, check Select all and include new scans automatically.
      The latest results are imported from all scans, including any new scans that may be defined in the future.
    • To select specific existing scans, select those scans in the list.
      The latest results from the selected scans are imported.

  8. Click Create Scanner Connections for a new connection or Update Scanner Connections if you are modifying an existing connection. 
    Scan results will be imported according to the schedule you have defined, and scan data will be filtered according to the criteria you specified in step 6.

To delete a scanner connection

  1. As a portal administrator with the Threat Director permission, click the drop-down menu by your user name (at top right). Then, select Administration
  2. Click the Scanner Connections tab. 
  3. Select an existing connection and click Delete the current Scanner Connection .
    A confirmation message prompts you to confirm the deletion. 

Where to go from here

To see a topic that demonstrates how to set up a scanner connection, see Walkthrough for Threat Director: Automatically importing vulnerability scan data.

Was this page helpful? Yes No Submitting... Thank you

Comments