This topic explains how to create a routine to import technology assets from NeXpose. Technology assets from a NeXpose inventory can be automatically imported to the organizational structure and kept updated. When imported, assets created in the organizational structure will be named as follows: [NetBIOS name] [(IP address)]. If no IP address is detected, the name will be based on its NetBIOS name alone. If no NetBIOS name is identified, the name will be based on its DNS name, and, lastly, it will be based on its IP address.
Assets imported through this task are identified internally using a NeXpose ID, which is kept even if the assets are moved to another perimeter. If an imported asset is copied, however, this internal ID will be lost and the system will treat the copied asset as a new asset. Note that in this case vulnerabilities will not likely be mapped correctly as the system will not know which asset they belong to. If the assets registered in NeXpose are the same as those registered in an external directory to be integrated with the system through a second integration task, we recommend that only assets from NeXpose be imported to the organizational structure. Otherwise, they will be duplicated in the system.
You can filter the assets to be imported by IP ranges or by groups of assets registered in the NeXpose database. If no filters are set, this task will import all the assets found in the NeXpose database. In the event that there are any vulnerability reports available for assets that are being imported, some additional information included in these reports will also be imported, such as asset components, the DNS name and the NetBIOS.
Should you choose to update properties of assets already imported, the information from NeXpose will overwrite any changes made to these assets, including deletions. Note that the configurations for custom asset attributes marked as required in the Objects and Attributes section of this module will be ignored in the XML file and therefore might be left blank. In addition, should you choose to reimport deleted assets, previously imported assets that were deleted from the system will be recreated the next time the task is executed. Only properties of previously imported assets will be updated, regardless of whether another asset was created with similar properties in the system.
You can choose to either keep all assets created automatically through this integration task in a single perimeter of your choice, or to have assets created in a new perimeter with each import routine. This perimeter will be named as follows: Imported from NeXpose Scanner [date + time imported]. Perimeters will only be created if there are new assets to be imported.
In addition to importing assets themselves, you can also choose to create asset components for the operating systems of these assets, as NeXpose reports which operating system it detects in each of the assets it scans. Asset components are created by mapping the names of these operating systems detected by scanners with CPE names associated with knowledge bases. Note that this only occurs when there is information on an imported asset in SCAP reports in NeXpose.
If this routine is set to run daily, for example, we recommend that it be executed before any other routines for importing vulnerabilities from NeXpose. This will ensure that all assets have been registered in the organizational structure before vulnerability reports are imported, otherwise new reports will have to be generated in NeXpose. Note that reports generated in NeXpose should be in SCAP Compatible XML Export format so that any asset components belonging to the imported assets can be created automatically. If the XML Export (version 1) format is selected, no asset components will be created. Keep in mind that only assets from reports generated within the last 30 days will be considered, and this time period can be customized in the web.config.