Adding scanned data to BMC Helix Automation Console by using Jitterbit Harmony

BMC Helix iPaaS, powered by Jitterbit provides a pre-built integration template to add data scanned by using Nessus Scans to BMC Helix Automation Console (previously BMC Helix Vulnerability Management). To use the integration template with the values defined out of the box, you update the project variables with details of your systems and deploy the integration template. The integration template uses the BMC Helix iPaaS HTTP connector for API operations for BMC Helix Vulnerability Management (import scan report operation) and Vulnerability Management System vendors (export scan report operation).

The template enables you to:

  • Import a single or multiple scan data into BMC Helix Automation Console. Multiple scans can be provided as a comma-separated list in the project variable defined for Nessus scan IDs.
  • Run the import manually on demand or automatically based on a configured schedule  

After you deploy the integration template, scanned data is automatically sent to BMC Helix Automation Console.  

Nessus scanned data to BMC Helix Automation Console data flow

Before you begin

The following items are required for you to successfully set up and use this integration:

  • A valid  BMC Helix iPaaS  subscription
  • The Cloud Studio project JSON files - Download the  Import Vulnerability scanner data in BMC Helix Vulnerability Management 2022-03-01  file from the BMC Electronic Product Distribution (EPD) website. Your ability to access product pages on the EPD website is determined by the license your company purchased. This file contains the BMC Helix iPaaS Cloud Studio project Import Vulnerability scanner data in BMC Helix Vulnerability Management
  • Valid API keys for Nessus. 
    To generate API keys, navigate to Settings> My Account > API keys  and click Generate. This generates a new  API Access Key and Secret Key  and makes any previously generated API keys invalid. For more information, see  Generate an API Key (Nessus) .
  • A BMC Helix Automation Console user must:
    • have administrator access to BMC Helix Automation Console
    • have Read permission 
    • belong to a valid security group set to import scan reports
  • A Nessus system user must:
    • have  SCAN OPERATOR [24] user permissions and CAN VIEW [16] scan permissions
    • be able to specify  Nessus Scan ID(s)  for which scan report needs to be downloaded

Prerequisites for the Nessus scan file

The scan file exported from Nessus can be based on different types of scans, such as operating system or network scans. Mandatory requirements for the scan include:

  • Server name
  • Server IP address
  • Server operating system
  • Associated plugin IDs (a plugin is a check for a vulnerability)

The scan file must be in XML format, and have a  .nessus  extension.

Supported product versions

The integration template supports the following product versions:

Product nameSupported version
Nessus8.1.00
BMC Helix Automation Console (previously BMC Helix Vulnerability Management)20.08 and later

Task 1: Import the integration template project file

  1. As an administrator, log in to BMC Helix iPaaS and navigate to the Cloud Studio.
  2. On the projects page, click Import.
  3. Click Browse to navigate to and select the Import Vulnerability scanner data in BMC Helix Vulnerability Management 2022-03-01.json file you downloaded
    The Project Name and Organization fields are automatically populated depending on the values defined. 
  4. From the Environment list, select the environment to which you want to import this integration template, and click Import.
    The project opens after the integration template is imported. 
    To open the project file at a later time, select the environment where the integration templates are available, select the Import Vulnerability scanner data in BMC Helix Vulnerability Management project and click View/Edit.

Task 2: Update the project variables for the integration template

  1. Click ... next to the Environment name and select Project Variables.
  2. Update the following project variables:
    • Details to access Nessus and BMC Helix Automation Console applications

      Project variableValue
      Nessus
      Nessus_URL
      Nessus System URL. https://HostName:port
      Nessus_Access_Key
      Nessus System API access key
      Nessus_Secret_Key
      Nessus System API secret key
      BMC Helix Automation Console
      HVM_URL
      URL of the BMC Helix Automation Console instance
      HVM_UserUser name of the user to access the BMC Helix Automation Console instance
      HVM_PasswordPassword for the user to access the BMC Helix Automation Console instance
      HVM_Login_RoleRole of the BMC Helix Automation Console Instance user
      HVM_TenantIDTenant ID of the BMC Helix Automation Console Instance. This value is mandatory if the user belongs to multiple tenants.
      HVM_VendorName of the BMC Helix Automation Console Vendor. Enter Nessus. You can add only one vendor per project.
      HVM_Cloud_UserFlag for a cloud user for BMC Helix Automation Console instance. Valid values include:
      • True: For a cloud user
      • False: For a Server Automation user
      Scan_ReferencesNessus vulnerability scan IDs. Enter comma separated values for multiple options.
    • Filters for scanned data

      Project variableValue
      HVM_CIDR_FilterIP address of the asset for which we want to import scanned data.
      HVM_OS_FilterOperating system for which we want to import the scanned data into BMC Helix Automation Console system. Use comma separated values to add multiple options. Valid values include:
      • Windows
      • Linux
      • Others
      HVM_Severity_FilterThe vulnerability severity values for which we want to import the scanned data. Use comma separated values to add multiple options. Valid values include:
      • 5 - for critical
      • 4 - for High
      • 3 - for Medium
      • 2 - for Low
      • 1 - for Info
    • Email notification configurations

      Project variableValue
      Email_SMTP
      SMTP host details for emails configuration
      Email_Recipients
      Enter the email address to which you want to send the failure notification emails. Use comma separated values for multiple names.
      Email_From_Address
      Enter the email address from which the failure notification emails should be sent

Task 3: (Optional) To update the defined schedule for importing scans

  1. As an administrator, log in to BMC Helix iPaaS and navigate to the Cloud Studio.
  2. Open the Import Vulnerability scanner data in BMC Helix Vulnerability Management project, and navigate to the Integration Workflow workflow. 
  3. To define a schedule for importing scans, select the Components tab.
  4. Select Schedules > Scan Import Schedule, click .... and select View/Edit.
  5. On the Edit Schedule page, update the following values to define your custom import schedule: 

    Field nameAction
    Schedule NameEnter a short name for the schedule.
    OccurrenceSelect the time and recurrence of the import.
    FrequencySelect the frequency for the import.
    DurationSelect the start and end dates for the schedule.
  6. Click Save.
  7. To enable the defined schedule, assign it to the Enable Integration operation.
    1. Select ... next to the Enable Integration operation and select Settings.
    2. On the Schedule tab, select the following options:
      • Condition— Select On Schedule.
      • Schedule—Select Scan Import Schedule.
    3. Click Assign.

Once assigned, the import of the scan reports is automatically executed based on the schedule defined.

Task 4: Deploy and enable the project

Deployment is a one-time activity that initializes the integration configurations. The UI displays a message for the deployment status.

To deploy the project and then enable the integration:

  1. To deploy the project, next to the project name, click the ellipsis ..., and select Deploy Project.
  2. To enable the integration, next to the Enable Integration element, click the ellipsis ... , and select Deploy

The following image shows the steps to deploy the project and enable it by deploying the workflow:

After you enable the integration, Nessus scans are sent to BMC Helix Automation Console as per the defined schedule.

To manually execute the integration, click the ellipses ... next to the 1.0 Enable Integration operation in the workflow, and select Run.

Workflows included in the integration template

The integration template includes workflows for the basic configuration and each integration use case. The following tables describe the operations defined in each workflow. 

Integration Workflow

The Enable Integration operation integrates the operations across vendor and BMC Helix Automation Console. It defines the dummy schedule that users can modify based on their requirement to automatically run the scan imports at defined times.

HVM Workflow

This workflow imports the defined scans into BMC Helix Automation Console. 

Operation nameActions performed
HVM Login

Log in to the BMC Helix Vulnerability instance BMC Helix iPaaS by using the credentials provided in the project variables and retrieves the auth token.

HVM Generate JWTGenerates JWT from auth token.
HVM Import Scan 

Imports scan report for the IDs defined the project variables from the BMC Helix iPaaS temporary storage into BMC Helix Automation Console console.

HVM Wrapper

Integrates all the operations in this flow into a single logical flow.

Nessus Workflow

This workflow retrieves the scan data and verifies it for export. The following operations are included in this workflow:

Operation nameActions performed
Nessus Get Scan DetailsRetrieves the recent scan history UUID for the Nessus scan IDs provided in the project variables.
Nessus Export Scan Initiate the scans for export.
Nessus Check Scan Export StatusVerifies if the exported scans are ready for import.
Nessus Download Exported Scan

Downloads the scans into the BMC Helix iPaaS temporary storage

Nessus Wrapper

Integrates all the operations in this flow into a single logical flow.


Was this page helpful? Yes No Submitting... Thank you

Comments