Automatic Importing of Vulnerability Scan Data

Overview

Automatic importing of your vulnerability scanning results is now here! The platform now supports the auto importing of completed scans from supported vulnerability scanning solutions.

Users are able to edit individual project settings to monitor a scanner(s) for completed scans and have them automatically import the results into the platform for visibility, making the process seamless.

To enable this feature, Enterprise users can do the following:

Step 1. Create a new Project or edit an existing Project.

Step 2. Select Managed Vulnerability Scanning from the Service Type drop-down. By doing this, additional Project options become available, including the Auto Import option

Step 3. Select Enabled from the Auto Import drop-down

Once enabled the Project will display the Auto Importer settings menu with a helpful walkthrough tutorial to assist with assigning your required external scanner(s). If this is your first time configuring Auto Import we recommend you step through the walkthrough to familiarise yourself with the configuration options.

Open

Enabling Auto Importing

Here’s an overview of the options available when defining an auto import task within the Project’s Auto Importer:

• External Scanner - Select your connected external scanner that you wish to import your results from.

• Scan Type - The test type of the scan that will be created from an import.

• Scan Name Prefix - When a external scan is imported a Scan Prefix can be used to Prefix the name of a the platform project scan. This can be useful when trying to identify those scans that are using the auto import feature.

• Scan Identifier - Identifying which scans to import into the platform can be made easier by telling the platform to search for a unique scan identifier. This is useful if you only want to automatically import particular external scans. Scans are identified by a partial word match, for example: EXT VA....

• Merge Multiple Scans - This feature allows you to merge multiple scans completed on the same day relating to the selected scanner. This is particularly useful if you have multiple external scans completing each day. This feature will combine those multiple scans into one scan entry within the platform.

• Merge Multiple Scanners - This feature allows you to merge multiple scans completed on the same day relating from multiple scanners. This is particularly useful if you have multiple external scans completing each day. This feature will combine those multiple scans from multiple scanners into one scan entry within the platform.

• Actions - Once you have defined each of the options for an auto import task, please be sure save the Project’s settings

Open

Adding a new scanner

Other operational features of the Auto Import feature include:

• Multiple auto import tasks can be defined in any one Project, up to a maximum of 10.

• Once an auto import task has been defined and the Project has been saved, the platform will periodically query the appropriate external scanners for new scan results that match the definitions in the auto import task. New scan results from corresponding external scanner(s) will be imported into the platform as new Scan entries automatically within the Project.

• Project Leads will receive notifications on any successful and failed auto imports. For Project Leads to receive notifications, they must be defined under the Project Lead option within the Project

Example Scanning Use Cases for Automatic Importing

The tables below provide simplified example scenarios of how the platform’s Auto Import feature could be aligned with your existing scanning regimes on supported external scanners (see https://rootshellsecurity.atlassian.net/wiki/spaces/PK/pages/1304330281 & https://rootshellsecurity.atlassian.net/wiki/spaces/PK/pages/1312423937 for further details)

Whilst the platform provides enough flexibility to address most scanning use cases and scenarios, a ‘keep-it-simple’ approach to the structure of the platform Projects and your scanning regime is recommended to ensure all necessary scanning data can be imported into the platform in a timely manner and structured in a logical and sensible way. Depending on how you want to structure your Projects and the Scan entries the platform, it may be necessary to amend your existing scanning regime to best align with the functionality of the platform’s Auto Import feature. Please review the example use cases below and, if you are unsure how best to utilise the platform’s Auto Import feature with your scanning regime, please direct any queries to the platform Support; either by raising a request via the platform’s in-platform Help Centre function, or by visiting Platform Support.

Whilst these example scenarios below are based on integration with the Tenable Security Nessus Professional scanning platform, any external platform (that is currently supported by the platform (via API integration) can be used.

The headers in the modal below refer to the available configuration options within a platform Project when defining Auto Importer tasks, like so:

For each of the following scenarios, a SCAN TYPE of ‘MVS - External Network Scanning’ will be used. The SCAN TYPEs available in your tenant may differ from those used in these scenarios.

Single scan task running once per day (Single Scanner)

This scenario is useful when importing to the platform the results from a single scan task on an scanner that runs once per day. The scan results will be imported into a new Scan entry in the Project each time the platform identifies, retrieves and imports new scan results.

For example, consider the following:

• You have defined a single scan task on a single external scanner

• The scan task has a unique SCAN IDENTIFIER configured on the external scanner (see table below)

• You run the scan task once per day

After one week of scanning the platform Project in would contain seven Scan entries. Each Scan entry in the platform Project would be name AutoImport ExternalVA

Single scan task running multiple times per day (Single Scanner)

Similar to the above scenario, this is useful when importing to the platform a single scan task that runs on an scanner multiples times throughout the same day.

For example, consider the following:

• You have defined a single scan task on a single external scanner

• The scan task has a unique SCAN IDENTIFIER configured on the external scanner (see table below)

• You run the scan task at 09:00 and again at 16:00

The two scans that run at 09:00 and again at 16:00 would be merged into a single Scan entry in the Project. If the scan runs every day at 09:00 and again at16:00 for seven days, after one week of scanning the platform Project would contain seven Scan entries. Each Scan entry in the platform Project would be name “AutoImport ExternalVA”

Multiple scan tasks running once per day (Single Scanner)

This scenario is useful when importing to the platform multiple scan tasks on an scanner that run once per day.

For example, consider the following:

• You have defined two scan tasks on a single external scanner - lets assume each scan task assesses a separate group of IP addresses (in this example targets are grouped by country)

• Each of the two scan tasks has a unique SCAN IDENTIFIER configured on the external scanner (see table below)

• You run both these scan tasks once per day.

If the two scan tasks run on a daily basis for seven days, after one week of scanning the platform Project would contain 14 scan entries. Scan entries in the platform Project (for the daily UK scan tasks) would be named “AutoImport ExternalVA_UK” whilst Scan entries in the platform Project (for the daily US scan tasks) would be name “AutoImport ExternalVA_US”

Multiple scan tasks running multiple times per day (Single Scanner)

Similar to the previous scenario, this is useful when importing to the platform multiple scan tasks that run multiple times per day.

For example, consider the following:

• You have defined two scan tasks on a single external scanner - each scan task assesses a separate group of IP addresses (in this example targets are grouped by country)

• Each of the two scan tasks has a unique SCAN IDENTIFIER configured on the external scanner (see table below)

• You run both of the scan tasks at 09:00 and again at 16:00

The platform will merge the daily 09:00 and 16:00 repetitive scans into their own Scan entry in the platform Project. If the two scans run every day at 09:00 and 16:00 for seven days, after one week of scanning the platform Project would contain fourteen Scan entries. The Scan entries in the platform Project (for the UK scan tasks), of which there would be seven in total, would each be named “AutoImport ExternalVA_UK”, whilst Scan entries in the platform Project (for the US scan tasks), of which there would also be seven in total, would each be named “AutoImport ExternalVA_US”

Scan task running once per day (Multiple Scanners)

This scenario is useful when importing to the platform scan tasks from multiple separate scanners that run once per day

For example, consider the following:

• You have deployed two external scanners

• Each external scanner has a single scan task with the same SCAN IDENTIFIER configured on each scanner (see table below)

• You run each scan task on each external scanner once per day

The platform will merge the daily scan results from each external scanner into their own Scan entry in the platform Project. If the two scans run daily for seven days, after one week of scanning the platform Project would contain seven Scan entries. Each Scan entry in the platform Project would be name “Global Multi Import”

Scan task running multiple times per day (Multiple Scanners)

Similar to the previous scenario, this is useful when importing to the platform scan tasks from multiple external scanners that run multiple times per day

For example, consider the following:

• You have deployed two external scanners

• Each external scanner has a single scan task with the same SCAN IDENTIFIER configured on each scanner (see table below)

• You run each scan task on each external scanner at 09:00 and again at 16:00

The platform will merge the daily 09:00 and 16:00 repetitive scan results from each external scanner into their own Scan entry in the platform Project. If the two scans run twice a day for seven days, after one week of scanning the platform Project would contain seven Scan entries. Each Scan entry in the platform Project would be name “Global Multi Import”