Adding scanned data to TrueSight Automation Console via BMC Helix iPaaS, powered by Jitterbit

BMC Helix iPaaS, powered by Jitterbit provides a pre-built integration template to add data scanned to TrueSight Automation Console (previously BMC Helix Vulnerability Management). To use the integration template with the values defined out of the box, you update the project variables with details of your systems and deploy the integration template. The integration template uses the BMC Helix iPaaS HTTP connector for API operations for TrueSight Automation Console (import scan report operation) and Vulnerability Management System vendors (export scan report operation).

Use the template to import data scanned by using any one of the following applications:

Nessus Scans
Qualys Vulnerability Management

The template provides the following capabilities:

Use case	Nessus scan to TrueSight Automation Console
Add Nessus scan data files	Imports a single or multiple scan data into TrueSight Automation Console. Multiple scans can be provided as a comma-separated list in the project variable defined for Nessus scan IDs.
Add Nessus scan data files	Runs the import manually on demand or automatically based on a configured schedule.
Use case	Qualys Vulnerability Management to TrueSight Automation Console
Add Qualys scan data files	Imports a single or multiple scan data into TrueSight Automation Console. Multiple scans can be provided as a comma-separated list in the project variable defined for Qualys scan references. Important: Due to the limitation associated with the reference ID generated for Qualys cans, you can use the scan reference ID to download the scan only once. The template uses the unique reference ID generated for a Qualys scan to download the file. This reference ID is a single use ID, and if you run the same scan again, Qualys generates a new reference ID for it, which invalidates the existing reference ID used to download the scan file. Due to this limitation, you cannot define specific scans to be run periodically and synced with TrueSight Automation Console.
Add Qualys scan data files	Runs the import manually on demand.

After you deploy the integration template, scanned data is automatically sent to TrueSight Automation Console.

Scanned data to TrueSight Automation Console data flow

The following image gives an overview of the data flow for adding scanned data to TrueSight Automation Console:

Before you begin

The following items are required for you to successfully set up and use this integration:

Required versions	Make sure you have access to the following applications: Qualys Vulnerability Management version 10.18.0.1-1 or later Nessus Vulnerability Management version 8.1.00 or later TrueSight Automation Console version 20.08 or later
Authentication and permissions	A TrueSight Automation Console user must: have administrator access to TrueSight Automation Console have Read permission belong to a valid security group set to import scan reports
	A Nessus system user must: have SCAN OPERATOR [24] user permissions and CAN VIEW [16] scan permissions be able to specify Nessus Scan ID(s) for which scan report needs to be downloaded
	A Qualys Vulnerability Management user must: be a valid Qualys user. be able to specify Qualys Scan Reference(s) for which the scan report needs to be downloaded.
Scan file requirements	The scan file exported from Nessus can be based on different types of scans, such as operating system or network scans. Mandatory requirements for the scan include: Server name Server IP address Server operating system Associated plugin IDs (a plugin is a check for a vulnerability) The scan file must be in XML format, and have a .nessus extension.
Scan file requirements	The scan file exported from Qualys can be based on different types of scans, such as operating system or network scans. Mandatory requirements for the scan file include: File must comply with the following DTD: https://qualysguard.qg2.apps.qualys.com/scan-1.dtd File cannot be based on report templates. File must be in XML format, and have an .xml extension.
Jitterbit Harmony subscription	Obtain a valid BMC Helix iPaaS subscription.
Application registration	Generate valid API keys for Nessus. To generate API keys, navigate to Settings> My Account > API keys and click Generate. This generates a new API Access Key and Secret Key and makes any previously generated API keys invalid. For more information, see Generate an API Key (Nessus).

Task 1: To Download and import the integration template project file

Download the Import Vulnerability Qualys Nessus scanner data in BMC Truesight Automation Console 2024-03-01 project file to your system.
This file contains the BMC Helix iPaaS Integration Studio project Import Vulnerability Qualys Nessus scanner data in BMC Truesight Automation Console 2024-03-01.
Important
Your ability to access product pages on the EPD website is determined by the license your company purchased.
As a developer, log in to BMC Helix iPaaS and navigate to the Integration Studio.
On the projects page, click Import.
Click Browse, and then select the file you downloaded.
The Project Name and Organization fields are automatically populated depending on the values defined.
From the Environment list, select the environment to which you want to import this integration template, and then click Import.
The project opens after the integration template is imported.
To open the project file at a later time, select the environment where the integration templates are available, and then select Import Vulnerability Qualys Nessus scanner data in BMC Truesight Automation Console 2024-03-01, and click View/Edit.

Task 2: Update the project variables for the integration template

Click ... next to the Environment name and select Project Variables.

Update the following project variables:

Details to access Nessus, Qualys, and TrueSight Automation Console applications

Project variables	Action
Nessus
Nessus_URL	Enter the Nessus system URL; for example, https://HostName:port
Nessus_Access_Key	Enter the Nessus system API access key.
Nessus_Secret_Key	Enter the Nessus system API secret key.
Qualys
Qualys_URL	Enter the URL of the Qualys system.
Qualys_Username	Enter the User ID to access the Qualys system.
Qualys_Password	Enter the password of the user to access the Qualys system.
TrueSight Automation Console
TSAC_URL	Enter the URL of the TrueSight Automation Console instance.
TSAC_User	Enter the user name of the user to access the TrueSight Automation Console instance.
TSAC_Password	Enter the password for the user to access the TrueSight Automation Console instance.
TSAC_Login_Role	Enter role of the TrueSight Automation Console Instance user.
TSAC_TenantID	Enter the tenant ID of the TrueSight Automation Console Instance. This value is mandatory if the user belongs to multiple tenants.
TSSA_Authentication_Type	Enter SRP. This variable enables a user to log in to BMC Helix Automation Console by using the SRP (Secure Remote Password) authentication method.
TSAC_Vendor	Enter Nessus or Qualys depending upon from which application you are importing scanned data. Important: You can add only one vendor per project.
TSAC_Cloud_User	Enter one of the following values for this flag to define the type of user for the TrueSight Automation Console instance: True: For a cloud user False: For a Server Automation user
Scan_References	Enter the Nessus vulnerability scan IDs or the Qualys vulnerability scan reference IDs. Use comma separated values for multiple options.

Filters for scanned data

Project variables	Action
TSAC_CIDR_Filter	Enter the IP address of the asset for which you want to import scanned data.
TSAC_OS_Filter	Enter the name of the operating system for which you want to import the scanned data into TrueSight Automation Console system. You can set the following values for this variable: Windows Linux Others Use comma separated values to add multiple options.
TSAC_Severity_Filter	Enter a vulnerability severity value for which we want to import the scanned data. You can set the following values for this variable: 5 - for critical 4 - for High 3 - for Medium 2 - for Low 1 - for Info Use comma separated values to add multiple options.

Email notification configurations

Project variables	Action
Email_SMTP	Enter the SMTP host details for emails configuration.
Email_Recipients	Enter the email address to which you want to send the failure notification emails. Use comma separated values for multiple names.
Email_From_Address	Enter the email address from which the failure notification emails should be sent

Task 3: (Optional) To update the defined schedule for importing scans

As an administrator, log in to BMC Helix iPaaS and navigate to the Integration Studio.
Open the Import Vulnerability Qualys Nessus scanner data in BMC Truesight Automation Console project, and navigate to the Integration Workflow workflow.
To define a schedule for importing scans, select the Components tab.
Select Schedules > Scan Import Schedule, click .... and select View/Edit.

On the Edit Schedule page, update the following values to define your custom import schedule:

Field name	Action
Schedule Name	Enter a short name for the schedule.
Occurrence	Select the time and recurrence of the import.
Frequency	Select the frequency for the import.
Duration	Select the start and end dates for the schedule.

Click Save.
To enable the defined schedule, assign it to the Enable Integration operation.
1. Select ... next to the Enable Integration operation and select Settings.
2. On the Schedule tab, select the following options:
  - Condition— Select On Schedule.
  - Schedule—Select Scan Import Schedule.
3. Click Assign.

Once assigned, the import of the scan reports is automatically executed based on the schedule defined.

Task 4: Deploy and enable the project

After you enable the integration, scanned files from the application you selected are sent to TrueSight Automation Console as per the defined schedule.

To manually execute the integration, click the ellipses ... next to the 1.0 Enable Integration operation in the workflow, and select Run.

Workflows included in the integration template

The integration template includes workflows for the basic configuration and each integration use case. The following tables describe the operations defined in each workflow.

Integration Workflow

The Enable Integration operation integrates the operations across vendor and TrueSight Automation Console. It defines the dummy schedule that users can modify based on their requirement to automatically run the scan imports at defined times.

TSAC Workflow

This workflow imports the defined scans into TrueSight Automation Console.

Operation name	Actions performed
TSAC Login	Logs in to the TrueSight Automation Console instance by using the credentials provided in the project variables and retrieves the auth token.
TSAC Generate JWT	Generates JWT from auth token.
TSAC Import Scan	Imports scan report for the IDs defined the project variables from the BMC Helix iPaaS temporary storage into TrueSight Automation Console console.
TSAC Wrapper	Integrates all the operations in this flow into a single logical flow.

Nessus Workflow

This workflow retrieves the scan data and verifies it for export. The following operations are included in this workflow:

Operation name	Actions performed
Nessus Get Scan Details	Retrieves the recent scan history UUID for the Nessus scan IDs provided in the project variables.
Nessus Export Scan	Initiates the scans for export.
Nessus Check Scan Export Status	Verifies if the exported scans are ready for import.
Nessus Download Exported Scan	Downloads the scans into the BMC Helix iPaaS temporary storage
Nessus Wrapper	Integrates all the operations in this flow into a single logical flow.

Qualys Workflow