Adding scanned data from Nessus or Qualys to BMC Helix Automation Console via BMC Helix iPaaS, powered by Jitterbit

BMC Helix iPaaS, powered by Jitterbit provides a pre-built integration template to add data scanned to BMC Helix Automation Console (previously BMC Helix Vulnerability Management). To use the integration template with the values defined out of the box, you update the project variables with details of your systems and deploy the integration template. The integration template uses the BMC Helix iPaaS HTTP connector for API operations for BMC Helix Automation Console (import scan report operation) and Vulnerability Management System vendors (export scan report operation).

Use the template to import data scanned by using any one of the following applications:

Nessus Scans
Qualys Vulnerability Management

The template provides the following capabilities:

Use case	Nessus scan to BMC Helix Automation Console
Add Nessus scan data files	Imports a single or multiple scan data into BMC Helix Automation Console. Multiple scans can be provided as a comma-separated list in the project variable defined for Nessus scan IDs.
Add Nessus scan data files	Runs the import manually on demand or automatically based on a configured schedule.
Use case	Qualys Vulnerability Management to BMC Helix Automation Console
Add Qualys scan data files	Imports a single or multiple scan data into BMC Helix Automation Console. Multiple scans can be provided as a comma-separated list in the project variable defined for Qualys scan references. Important: Due to the limitation associated with the reference ID generated for Qualys cans, you can use the scan reference ID to download the scan only once. The template uses the unique reference ID generated for a Qualys scan to download the file. This reference ID is a single use ID, and if you run the same scan again, Qualys generates a new reference ID for it, which invalidates the existing reference ID used to download the scan file. Due to this limitation, you cannot define specific scans to be run periodically and synced with BMC Helix Automation Console.
Add Qualys scan data files	Runs the import manually on demand.

After you deploy the integration template, scanned data is automatically sent to BMC Helix Automation Console.

Scanned data to BMC Helix Automation Console data flow

The following image gives an overview of the data flow for adding scanned data to BMC Helix Automation Console:

Before you begin

The following items are required for you to successfully set up and use this integration:

Required versions	Make sure you have access to the following applications: Qualys Vulnerability Management version 10.18.0.1-1 or later Nessus Vulnerability Management version 8.1.00 or later BMC Helix Automation Console version 20.08 or later
Authentication and permissions	A BMC Helix Automation Console user must: have administrator access to BMC Helix Automation Console have Read permission belong to a valid security group set to import scan reports
	A Nessus system user must: have SCAN OPERATOR [24] user permissions and CAN VIEW [16] scan permissions be able to specify Nessus Scan ID(s) for which scan report needs to be downloaded
	A Qualys Vulnerability Management user must: be a valid Qualys user. be able to specify Qualys Scan Reference(s) for which the scan report needs to be downloaded.
Scan file requirements	The scan file exported from Nessus can be based on different types of scans, such as operating system or network scans. Mandatory requirements for the scan include: Server name Server IP address Server operating system Associated plugin IDs (a plugin is a check for a vulnerability) The scan file must be in XML format, and have a .nessus extension.
Scan file requirements	The scan file exported from Qualys can be based on different types of scans, such as operating system or network scans. Mandatory requirements for the scan file include: File must comply with the following DTD: https://qualysguard.qg2.apps.qualys.com/scan-1.dtd File cannot be based on report templates. File must be in XML format, and have an .xml extension.
Jitterbit Harmony subscription	Obtain a valid BMC Helix iPaaS subscription.
Application registration	Generate valid API keys for Nessus. To generate API keys, navigate to Settings> My Account > API keys and click Generate. This generates a new API Access Key and Secret Key and makes any previously generated API keys invalid. For more information, see Generate an API Key (Nessus) . Generate client ID and secret keys for BMC Helix Automation Console.

Task 1: To Download and import the integration template project file

Download the Import Vulnerability Qualys Nessus scanner data in BMC Helix Automation Console 2024-03-01 project file to your system.
This file contains the BMC Helix iPaaS Cloud Studio project Import Vulnerability Qualys Nessus scanner data in BMC Helix Automation Console.
Important

Your ability to access product pages on the EPD website is determined by the license your company purchased.
As a developer, log in to BMC Helix iPaaS and navigate to the Cloud Studio.
On the projects page, click Import.
Click Browse, and then select the Import Vulnerability Qualys Nessus scanner data in BMC Helix Automation Console 2024-03-01 file you downloaded.
The Project Name and Organization fields are automatically populated depending on the values defined.
From the Environment list, select the environment to which you want to import this integration template, and then click Import.
The project opens after the integration template is imported.
(Optional) To open the project file at a later time, select the environment where the integration templates are available, and then select Import Vulnerability Qualys Nessus scanner data in BMC Helix Automation Console, and click View/Edit.

Task 2: Update the project variables for the integration template

Click ... next to the Environment name and select Project Variables.

Update the following project variables:

Details to access Nessus, Qualys, and BMC Helix Automation Console applications

Project variables	Action
Nessus
Nessus_URL	Enter the Nessus system URL; for example, https://HostName:port
Nessus_Access_Key	Enter the Nessus system API access key.
Nessus_Secret_Key	Enter the Nessus system API secret key.
Qualys
Qualys_URL	Enter the URL of the Qualys system.
Qualys_Username	Enter the User ID to access the Qualys system.
Qualys_Password	Enter the password of the user to access the Qualys system.
BMC Helix Automation Console
HAC_Access_Key	Enter the access key for BMC Helix Automation Console that you generated earlier.
HAC_Secret_Key	Enter the secret key for BMC Helix Automation Console that you generated earlier.
HAC_Context	Enter one of the following values: ADE TSSA This variable determines the user interface that you view after logging in to BMC Helix Automation Console. It also determines the pages you can view in the user interface and the operations that you can perform. Important: If you leave this variable blank, the template uses ADE as the default value.
HAC_URL	Enter the URL of the BMC Helix Automation Console instance.
HAC_Vendor	Enter Nessus or Qualys depending upon from which application you are importing scanned data. Important: You can add only one vendor per project.
SecurityGroup	Depending on the context you selected in HAC_Context, enter the role name you created for that context. Learn more about creating roles in Working with security groups in the BMC Helix Automation Console documentation.
TrueSight Server Automation
TSSA_Authentication_Type	Enter SRP. This variable enables a user to log in to BMC Helix Automation Console by using the SRP (Secure Remote Password) authentication method. Important: If you have selected the ADE context, this variable is optional.
TSSA_Cloud_User	Enter one of the following values for this flag to define the type of user for the BMC Helix Automation Console instance: True: For a cloud user False: For a Server Automation user
TSSA_Login_Role	Enter role of the BMC Helix Automation Console Instance user.
TSSA_Role_Name	Enter the role of the user who access BMC Helix Automation Console. Important: If you have selected the ADE context, this variable is optional.
TSSA_Server_URL	Enter the URL of your BMC Helix Automation Console instance in the following format: `[http/https]://[host name and port]`
TSSA_User	Enter the name of the user who accesses BMC Helix Automation Console.
TSSA_Password	Enter the password for the username provided to access BMC Helix Automation Console.
TSSA_TenantID	Enter the tenant ID of the BMC Helix Automation Console Instance. This value is mandatory if the user belongs to multiple tenants.
Scan_References	Enter the Nessus vulnerability scan IDs or the Qualys vulnerability scan reference IDs. Use comma separated values for multiple options.

Filters for scanned data

Project variables

Action

TSSA_CIDR_Filter

Enter the IP address of the asset for which you want to import scanned data.

TSSA_OS_Filter

Enter the name of the operating system for which you want to import the scanned data into BMC Helix Automation Console system.

You can set the following values for this variable:

Windows
Linux
Others

Use comma separated values to add multiple options.

TSSA_Severity_Filter

Enter a vulnerability severity value for which we want to import the scanned data.

You can set the following values for this variable:

5 - for critical
4 - for High
3 - for Medium
2 - for Low
1 - for Info

Use comma separated values to add multiple options.

Email notification configurations

Project variables	Action
Email_SMTP	Enter the SMTP host details for emails configuration.
Email_Recipients	Enter the email address to which you want to send the failure notification emails. Use comma separated values for multiple names.
Email_From_Address	Enter the email address from which the failure notification emails should be sent

Task 3: (Optional) To update the defined schedule for importing scans

As an administrator, log in to BMC Helix iPaaS and navigate to the Cloud Studio.
Open the Import Vulnerability scanner data in BMC Helix Vulnerability Management project, and navigate to the Integration Workflow workflow.
To define a schedule for importing scans, select the Components tab.
Select Schedules > Scan Import Schedule, click .... and select View/Edit.

On the Edit Schedule page, update the following values to define your custom import schedule:

Field name	Action
Schedule Name	Enter a short name for the schedule.
Occurrence	Select the time and recurrence of the import.
Frequency	Select the frequency for the import.
Duration	Select the start and end dates for the schedule.

Click Save.
To enable the defined schedule, assign it to the Enable Integration operation.
1. Select ... next to the Enable Integration operation and select Settings.
2. On the Schedule tab, select the following options:
  - Condition— Select On Schedule.
  - Schedule—Select Scan Import Schedule.
3. Click Assign.

Once assigned, the import of the scan reports is automatically executed based on the schedule defined.

Task 4: Deploy and enable the project

Deployment is a one-time activity that initializes the integration configurations. The UI displays a message for the deployment status.

To deploy the project and then enable the integration:

To deploy the project, next to the project name, click the ellipsis ..., and select Deploy Project.
To enable the integration, next to the Enable Integrations workflow, click the ellipsis ... for the Enable Integration operation, and select Run.

The following image shows the steps to deploy the project and enable it by running the operation:

After you enable the integration, scanned files from the application you selected are sent to BMC Helix Automation Console as per the defined schedule.

To manually execute the integration, click the ellipses ... next to the 1.0 Enable Integration operation in the workflow, and select Run.

Workflows included in the integration template

The integration template includes workflows for the basic configuration and each integration use case. The following tables describe the operations defined in each workflow.

Integration Workflow

The Enable Integration operation integrates the operations across vendor and BMC Helix Automation Console. It defines the dummy schedule that users can modify based on their requirement to automatically run the scan imports at defined times.

HAC Workflow

This workflow imports the defined scans into BMC Helix Automation Console.

Operation name	Actions performed
HAC IMS Login	Generates IMS authorization token
HAC Generate JWT	Generates JWT from auth token
HAC Session Payload	Generates a session ID. This workflow is applicable only when the TSSA context is selected.
HAC Import Scan	Imports scan report for the IDs defined the project variables from the BMC Helix iPaaS temporary storage into BMC Helix Automation Console console.
HAC Wrapper	Integrates all the operations in this flow into a single logical flow.

Nessus Workflow

This workflow retrieves the scan data and verifies it for export. The following operations are included in this workflow:

Operation name	Actions performed
Nessus Get Scan Details	Retrieves the recent scan history UUID for the Nessus scan IDs provided in the project variables.
Nessus Export Scan	Initiates the scans for export.
Nessus Check Scan Export Status	Verifies if the exported scans are ready for import.
Nessus Download Exported Scan	Downloads the scans into the BMC Helix iPaaS temporary storage
Nessus Wrapper	Integrates all the operations in this flow into a single logical flow.

Qualys Workflow