Scans

Scans enable you to discover potential issues on the assets in your environment. You can use various vulnerability management systems such as Qualys, Nessus, and Rapid7 to scan the assets. After scanning, you can export scan results from these systems and then import them into BMC Helix Automation Console and TrueSight Automation Console. An exported scan file collects information about assets (such as servers) and the vulnerabilities associated with those assets.

When a vulnerability scan is imported into Automation Console, assets included in the scan are automatically mapped to endpoints managed by the underlying endpoint manager, TrueSight Server Automation. The automatic asset mapping process matches the Domain Name Server (DNS) and then the IP address of an asset in a vulnerability scan to an endpoint managed in TrueSight Server Automation.

You can remediate these assets against the vulnerabilities using Automation Console.

This topic describes prerequisites for importing scans, and a few considerations that you need to keep in mind before you import.

Prerequisites for importing scans

Before importing a scan, ensure that the you have exported scan results from the vulnerability management system. The exported file must meet the requirements listed below.

Rapid7 scan file requirement

The scan file exported from Rapid7 must use the XML Export 2.0 format.

Qualys scan file requirements

The scan file exported from Qualys:

• must comply with the following DTD: https://qualysguard.qg2.apps.qualys.com/scan-1.dtd
• cannot be based on report templates.
• must be in XML format and it must end with the .xml extension.

Nessus scan file requirements                                 

• The scan file exported from Nessus can be based on different types of scans (such as OS or network scans) but at a minimum, it must include the following details:
  • Server name
  • Server IP address
  • Server operating system
  • Associated plugin IDs (a plugin is a check for a vulnerability)
• The scan file must be in XML format, and the file must end with the .nessus extension.

Considerations before you import

Before you begin importing scans, consider the following:

• A record is one asset with one vulnerability. For example, two assets with 10 vulnerabilities each equals 20 records.
• If subsequent scans include assets that are already scanned with vulnerabilities that are already found, those vulnerabilities do not increase the record count. 
• To manage record counts, you can reduce the scope of a scan (for example, scanning only for vulnerabilities with severity 4 and 5) or remove unneeded devices from the scan, such as endpoints not managed with TrueSight Server Automation.

Where to go from here

To import or delete scans, see Working-with-scans.