This section provides orientation on importing occurrences of vulnerabilities registered in the Catalogue of Vulnerabilities section in the Knowledge module. This allows you to indicate when vulnerabilities identified by scanners that are not supported by the system are found in technology assets in the organizational structure.
Through the spreadsheet template available in this section, you can list which vulnerability occurrences were identified in which assets. When the spreadsheet is imported, the occurrences will appear in the Vulnerabilities tab for these assets in the Organization module, and can later be consolidated for the perimeters the assets belong to. Each asset can then be included in the scope of vulnerabilities of risk projects, where its vulnerabilities can be analyzed and included in the risk management cycle.
It is important to note that this feature is specifically used for vulnerabilities identified by scanners that are not supported by the system, as vulnerabilities from integrated scanners (Qualys and NeXpose) are automatically "mapped" to their respective technology assets when imported to the catalogue through integration tasks in the Administration module. Likewise, for unsupported scanners the system provides an integration task that allows you to import vulnerabilities from an XML file, which are then automatically imported to the catalogue of vulnerabilities in the Knowledge module and "mapped" to their corresponding technology assets.
Keep in mind that, before vulnerability occurrences can be imported, both the vulnerabilities and assets must already be registered in the system. For details on creating an integration task to import vulnerabilities from an unsupported scanner, see Chapter 17: Administration -> Integrations -> Integration Tasks -> Creating a Task to Import Vulnerabilities from an XML File. For details on registering technology assets in the organizational structure, see Chapter 3: Organization -> Assets -> Manage Assets -> How to Create and Edit an Asset and Its Properties.
When completing the spreadsheet, to specify the assets in which the occurrences were identified, you must follow the mapping criteria set for each asset or its perimeter (if the asset was configured to inherit the perimeter’s criteria or if all mapping fields were disabled, for example). In other words, according to the settings of an asset or its perimeter, the field used to identify the asset in the spreadsheet will vary. The available options are NetBIOS Name, DNS Name, and IP Address. For details on configuring mapping criteria for assets and perimeters, see Chapter 3: Organization -> Assets -> Manage Assets -> How to Create and Edit an Asset and Its Properties and Chapter 3: Organization -> Assets -> Manage Perimeters -> How to Create and Edit a Perimeter and Its Properties.
Note that the spreadsheet can only import occurrences from one source at a time, meaning that a separate spreadsheet must be used for each source. These sources are listed in the Source column in the Catalogue of Vulnerabilities section for each vulnerability. However, because this feature should only be used for vulnerabilities identified by unsupported scanners, the sources "Qualys Guard" and "NeXpose" are considered invalid and will prevent the system from importing the file.
Â