Working with scans

This topic provides instructions on importing and deleting scans.

To obtain scans from a vulnerability management system, see Scans.

Importing a scan

On the Manage > Import page, click Import Scan, and do the following:

  1. Select the vulnerability management vendor.

  2. Attach the scan file based on the selected vendor.
    BMC recommends that you import files larger than 400 MB from a local area network with a latency of less than 50 milliseconds as large scans from remote networks might not succeed. You can also import a compressed file (single file only).

    Is there a file size limit for importing a scan file?

    Yes. You can import files up to 500 MB.

  3. To apply filters while importing data from a scan file, do the following:
    1. Select the operating systems.

    2. Choose one or more vulnerability severity options.

      Severity levels

      Qualys, Nessus, and Rapid7 use different scoring for severity levels. Qualys uses scores of 1-5. Nessus uses scores of 0-4. Rapid7 uses scores of 1-10. To maintain consistency, BMC increases the Nessus severity levels by one (so they become 1-5) and maps the ten Rapid7 severity levels to five levels. 

    3. Specify the IP addresses in the Classless Inter-Domain Routing (CIDR) format.
      Data is imported from the scan file only for the servers that belong to the specified IP address range. Default value is 0.0.0.0/0, which imports data for all the servers from the scan file.
      You can specify one of the following values:
      • Single IP address. Example: 168.19.13.12/24
      • Comma-separated multiple IP addresses. Example: 168.19.13.12/24,10.25.24.12/12
      • A combination of the above formats. Example: 168.19.13.12/24, 168.19.13.12/32,10.25.24.12/12

  4. Click Import.
    After the import is complete, a message confirms that the scan was imported and informs how many assets were automatically mapped to endpoints.

    If you import multiple scan files one after another, the Scanned Assets page and Import page show all the data that you import, not just the results of the most recent import. When you import a scan, asset and vulnerability information is added to any information that is already imported.

    Importing the same scan file more than once

    If you need to import the same scan file more than once, do the following:

    • For Qualys and Rapid7, scan files are identified by a unique <SCAN> tag within the XML file. If you are using those vulnerability management tools and you want to import the same scan more than once, you must modify the value of the <SCAN> tag. BMC recommends that you change the name of each scan to avoid confusion.

    • For Nessus, you must edit the existing .nessus file and provide a new name value for the <Report> tag. For example, in a tag such as <Report name="ProdAdmins_Linux" xmlns:cm="http://www.nessus.org/cm">, the new name value could be, name="NewProdAdmins_Linux"

      If the imported scans do not include a time zone, which time zone is considered?

      If no time zone is specified, it is browser's time zone.

Deleting a scan file

When you delete a scan file, all associations between endpoints and vulnerabilities contained in that file are deleted, unless the same association is also included in another scan file. When you delete a scan file, depending on the file size, it may take a while before the process is complete. 

On the Manage > Import page, click Action > Remove for the required file.

 

  • 19.11
Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*