Views:
Import a vulnerability scan. After you pull in the vulnerability information, you can add comments and show CVEs for a selected vulnerability scan. You cannot import a file that has a non-ASCII filename.

Procedure

  1. Run a vulnerability assessment report (vulnerability scan) using supported vulnerability management products from Qualys, Rapid7, and Tenable.
  2. Export the result of the vulnerability scan to a supported file format for use on the SMS.
  3. Select ProfilesVulnerability Scans (eVR).
  4. Click Import.
  5. Click Browse and select a vulnerability scan.
  6. Depending on the vulnerability management tool used to run the scan, select the appropriate converter:
    • Select Native if the vulnerability scan is an SMS-Standard CSV file.
    • Select Custom, and select the respective vulnerability management product: Qualys-CSV, Nessus, or Nexpose.
    To successfully import or convert a vulnerability scan, review the eVR scan specifications.
    The Converter Properties displays the converter version, the export format of the vulnerability scan (for example, CSV or XML), and the name of the vulnerability management vendor.
  7. (Optional) Enter comments about when the scan was imported.
  8. Click OK.
    The SMS converts the file and imports the data from the vulnerability scan. The SMS also displays the conversion results and the number of import errors. You can download the Conversion Information File. If the SMS detected any errors while converting or importing the vulnerability scan, you can download the Conversion Error File.
  9. Click OK.
    Note
    Note
    You can also import vulnerability scan data using the Vulnerability Scans (eVR) API. For more information, see the SMS Web API Guide on the Online Help Center.