Adding scanned data to TrueSight Automation Console via BMC Helix iPaaS, powered by Jitterbit

BMC Helix iPaaS, powered by Jitterbit provides a pre-built integration template to add data scanned to TrueSight Automation Console (previously BMC Helix Vulnerability Management). To use the integration template with the values defined out of the box, you update the project variables with details of your systems and deploy the integration template. The integration template uses the BMC Helix iPaaS HTTP connector for API operations for TrueSight Automation Console (import scan report operation) and Vulnerability Management System vendors (export scan report operation).

Use the template to import data scanned by using any one of the following applications:

  • Nessus Scans
  • Qualys Vulnerability Management

 The template provides the following capabilities

Use case

Nessus scan to TrueSight Automation Console

Add Nessus scan data files

Imports a single or multiple scan data into TrueSight Automation Console. Multiple scans can be provided as a comma-separated list in the project variable defined for Nessus scan IDs.

Runs the import manually on demand or automatically based on a configured schedule.
Use caseQualys Vulnerability Management to TrueSight Automation Console
Add Qualys scan data files

Imports a single or multiple scan data into TrueSight Automation Console. Multiple scans can be provided as a comma-separated list in the project variable defined for Qualys scan references.

Important:

Due to the limitation associated with the reference ID generated for Qualys cans, you can use the scan reference ID to download the scan only once.

The template uses the unique reference ID generated for a Qualys scan to download the file. This reference ID is a single use ID, and if you run the same scan again, Qualys generates a new reference ID for it, which invalidates the existing reference ID used to download the scan file.

Due to this limitation, you cannot define specific scans to be run periodically and synced with TrueSight Automation Console.

Runs the import manually on demand.  

After you deploy the integration template, scanned data is automatically sent to TrueSight Automation Console.  

Scanned data to TrueSight Automation Console data flow

The following image gives an overview of the data flow for adding scanned data to TrueSight Automation Console:

Before you begin

The following items are required for you to successfully set up and use this integration: 

Required versions

Make sure you have access to the following applications:

  • Qualys Vulnerability Management version 10.18.0.1-1 or later
  • Nessus Vulnerability Management version 8.1.00 or later
  • TrueSight Automation Console version 20.08 or later
Authentication and permissions

A TrueSight Automation Console user must:

  • have administrator access to TrueSight Automation Console
  • have Read permission
  • belong to a valid security group set to import scan reports

A Nessus system user must:

  • have  SCAN OPERATOR [24] user permissions and CAN VIEW [16] scan permissions
  • be able to specify Nessus Scan ID(s)  for which scan report needs to be downloaded
  • A Qualys Vulnerability Management user must:
    • be a valid Qualys user. 
    • be able to specify Qualys Scan Reference(s) for which the scan report needs to be downloaded.
Scan file requirements

The scan file exported from Nessus can be based on different types of scans, such as operating system or network scans. Mandatory requirements for the scan include:

  • Server name
  • Server IP address
  • Server operating system
  • Associated plugin IDs (a plugin is a check for a vulnerability)

The scan file must be in XML format, and have a .nessus extension.

The scan file exported from Qualys can be based on different types of scans, such as operating system or network scans. Mandatory requirements for the scan file include:

Jitterbit Harmony subscription

Obtain a valid BMC Helix iPaaS Open link  subscription.

Application registration

Generate valid API keys for Nessus. 

To generate API keys, navigate to Settings> My Account > API keys  and click Generate. This generates a new  API Access Key and Secret Key  and makes any previously generated API keys invalid. For more information, see  Generate an API Key (Nessus) Open link .

Task 1: To Download and import the integration template project file

  1. Download the Import Vulnerability Qualys Nessus scanner data in BMC Truesight Automation Console 2024-03-01 Open link  project file to your system.
    This file contains the  BMC Helix iPaaS Cloud Studio project Import Vulnerability Qualys Nessus scanner data in BMC Truesight Automation Console 2024-03-01

    Important

    Your ability to access product pages on the EPD website is determined by the license your company purchased.

  2. As a developer, log in to BMC Helix iPaaS and navigate to the Cloud Studio.

  3. On the projects page, click Import.
  4. Click Browse, and then select the file you downloaded.
    The Project Name and Organization fields are automatically populated depending on the values defined. 
  5. From the Environment list, select the environment to which you want to import this integration template, and then click Import.
    The project opens after the integration template is imported. 
  6. To open the project file at a later time, select the environment where the integration templates are available, and then select Import Vulnerability Qualys Nessus scanner data in BMC Truesight Automation Console 2024-03-01, and click View/Edit.

Task 2: Update the project variables for the integration template

  1. Click ... next to the Environment name and select Project Variables.
  2. Update the following project variables:
    • Details to access Nessus, Qualys, and TrueSight Automation Console applications

      Project variablesAction
      Nessus
      Nessus_URL
      Enter the Nessus system URL; for example, https://HostName:port
      Nessus_Access_Key
      Enter the Nessus system API access key.
      Nessus_Secret_Key
      Enter the Nessus system API secret key.
      Qualys
      Qualys_URL
      Enter the URL of the Qualys system.
      Qualys_Username
      Enter the User ID to access the Qualys system.
      Qualys_Password
      Enter the password of the user to access the Qualys system.
      TrueSight Automation Console
      TSAC_URL
      Enter the URL of the TrueSight Automation Console instance.
      TSAC_UserEnter the user name of the user to access the TrueSight Automation Console instance.
      TSAC_PasswordEnter the password for the user to access the TrueSight Automation Console instance.
      TSAC_Login_RoleEnter role of the TrueSight Automation Console Instance user.
      TSAC_TenantID

      Enter the tenant ID of the TrueSight Automation Console Instance.

      This value is mandatory if the user belongs to multiple tenants.

      TSSA_Authentication_Type

      Enter SRP.

      This variable enables a user to log in to BMC Helix Automation Console by using the SRP (Secure Remote Password) authentication method.

      TSAC_Vendor

      Enter Nessus or Qualys depending upon from which application you are importing scanned data.

      Important: You can add only one vendor per project.

      TSAC_Cloud_User

      Enter one of the following values for this flag to define the type of user for the TrueSight Automation Console instance: 

      • True: For a cloud user
      • False: For a Server Automation user
      Scan_References

      Enter the Nessus vulnerability scan IDs or the Qualys vulnerability scan reference IDs.

      Use comma separated values for multiple options.

    • Filters for scanned data

      Project variablesAction
      TSAC_CIDR_FilterEnter the IP address of the asset for which you want to import scanned data.
      TSAC_OS_Filter

      Enter the name of the operating system for which you want to import the scanned data into TrueSight Automation Console system. 

      You can set the following values for this variable:

      • Windows
      • Linux
      • Others

      Use comma separated values to add multiple options.

      TSAC_Severity_Filter

      Enter a vulnerability severity value for which we want to import the scanned data. 

      You can set the following values for this variable:

      • 5 - for critical
      • 4 - for High
      • 3 - for Medium
      • 2 - for Low
      • 1 - for Info

      Use comma separated values to add multiple options.

    • Email notification configurations

      Project variablesAction
      Email_SMTP
      Enter the SMTP host details for emails configuration.
      Email_Recipients
      Enter the email address to which you want to send the failure notification emails. Use comma separated values for multiple names.
      Email_From_Address
      Enter the email address from which the failure notification emails should be sent

Task 3: (Optional) To update the defined schedule for importing scans

  1. As an administrator, log in to BMC Helix iPaaS and navigate to the Cloud Studio.
  2. Open the Import Vulnerability Qualys Nessus scanner data in BMC Truesight Automation Console project, and navigate to the Integration Workflow workflow. 
  3. To define a schedule for importing scans, select the Components tab.
  4. Select Schedules > Scan Import Schedule, click .... and select View/Edit.
  5. On the Edit Schedule page, update the following values to define your custom import schedule: 

    Field nameAction
    Schedule NameEnter a short name for the schedule.
    OccurrenceSelect the time and recurrence of the import.
    FrequencySelect the frequency for the import.
    DurationSelect the start and end dates for the schedule.
  6. Click Save.
  7. To enable the defined schedule, assign it to the Enable Integration operation.
    1. Select ... next to the Enable Integration operation and select Settings.
    2. On the Schedule tab, select the following options:
      • Condition— Select On Schedule.
      • Schedule—Select Scan Import Schedule.
    3. Click Assign.

Once assigned, the import of the scan reports is automatically executed based on the schedule defined.

Task 4: Deploy and enable the project

Deployment is a one-time activity that initializes the integration configurations. The UI displays a message for the deployment status.

To deploy the project and then enable the integration:

  1. To deploy the project, next to the project name, click the ellipsis ..., and select Deploy Project.
  2. To enable the integration, next to the Enable Integrations workflow, click the ellipsis ... for the Enable Integration operation, and select Run

The following image shows the steps to deploy the project and enable it by running the operation:

After you enable the integration, scanned files from the application you selected are sent to TrueSight Automation Console as per the defined schedule.

To manually execute the integration, click the ellipses ... next to the 1.0 Enable Integration operation in the workflow, and select Run.

Workflows included in the integration template

The integration template includes workflows for the basic configuration and each integration use case. The following tables describe the operations defined in each workflow. 

Integration Workflow

The Enable Integration operation integrates the operations across vendor and TrueSight Automation Console. It defines the dummy schedule that users can modify based on their requirement to automatically run the scan imports at defined times.

TSAC Workflow

This workflow imports the defined scans into TrueSight Automation Console. 

Operation nameActions performed
TSAC Login

Logs in to the TrueSight Automation Console instance by using the credentials provided in the project variables and retrieves the auth token.

TSAC Generate JWTGenerates JWT from auth token.
TSAC Import Scan 

Imports scan report for the IDs defined the project variables from the BMC Helix iPaaS temporary storage into TrueSight Automation Console console.

TSAC Wrapper

Integrates all the operations in this flow into a single logical flow.

Nessus Workflow

This workflow retrieves the scan data and verifies it for export. The following operations are included in this workflow:

Operation nameActions performed
Nessus Get Scan DetailsRetrieves the recent scan history UUID for the Nessus scan IDs provided in the project variables.
Nessus Export Scan Initiates the scans for export.
Nessus Check Scan Export StatusVerifies if the exported scans are ready for import.
Nessus Download Exported Scan

Downloads the scans into the BMC Helix iPaaS temporary storage

Nessus Wrapper

Integrates all the operations in this flow into a single logical flow.


Qualys Workflow

This workflow retrieves the scan data and verifies it for export. The following operations are included in this workflow:

Operation name

Actions performed

Qualys Download Exported Scan

Downloads the scans into the BMC Helix iPaaS temporary storage.

Qualys Wrapper

Integrates all the operations in this flow into a single logical flow.

Was this page helpful? Yes No Submitting... Thank you

Comments