As an alternative to running an assessment on a vulnerability policy, SaltStack SecOps Vulnerability supports importing security scans generated by a variety of third-party vendors.
Instead of running an assessment on a vulnerability policy, you can import a third-party security scan directly into SaltStack Config and remediate the security advisories it identified using SaltStack SecOps Vulnerability. See How do I run a vulnerability assessment for more information about running a standard assessment.
- Kenna Security
After importing your scan, the Import Staging workspace displays an import summary and two tables: a list of Supported Vulnerabilities and a list of Unsupported Vulnerabilities. Supported vulnerabilities are the advisories that are available for remediation. Unsupported vulnerabilities are the advisories that cannot currently be remediated. The list of unsupported vulnerabilities includes an explanation of why they cannot be imported.
You can import a third-party from a file, from a connector, or by using the command line.
Before you can import a third-party security scan you must configure a connector. The connector must first be configured using the third-party tool's API keys.
To configure a Tenable.io connector:
|Secret Key and Access Key||Key pair required to authenticate with the connector API. For more information on generating your keys, see the Tenable.io documentation.|
|URL||Base URL for API requests. This defaults to https://cloud.tenable.com.|
|Days since||Query Tenable.io scan history beginning this number of days ago. Leave blank to query an unlimited period of time. When you use a connector to import scan results, SaltStack SecOps Vulnerability uses the most recent results per node available within this period.
Note: To ensure your policy contains the latest scan data, make sure to rerun your import after each scan. SaltStack SecOps Vulnerability does not poll Tenable.io for the latest scan data automatically.
- In your third-party tool, run a scan and make sure to pick a scanner that is in the same network as the nodes you want to target. Then, indicate the IP addresses you want to scan. If you are importing a third-party scan from a file, export the scan in one of the supported file formats (Nessus, XML, or CSV).
- In SaltStack Config, make sure you have downloaded SaltStack SecOps Vulnerability content.
- In the SaltStack SecOps Vulnerability workspace, create a security policy targeting the same nodes that were included in the third-party scan. Ensure the nodes you scanned in your third-party tool are also included as targets in the security policy. See How do I create a vulnerability policy for more information.
Note: After exporting your scan and creating a policy, you can import your scan by running the raas third_party_import "filepath" third_party_tool security_policy_name command. For example, raas third_party_import "/my_folder/my_tenable_scan.nessus" tenable my_security_policy. It is recommended to import your scan using the CLI if the scan file is especially large.
- In the policy dashboard, click the Policy Menu drop down arrow and select Upload Vendor Scan Data.
- Import your scan:
- If importing your scan from a file, select and select your third-party vendor. Then select the file to upload your third-party scan.
- If importing your scan from a connector, select and select the third-party. If no connectors are available, the menu directs you to the connectors settings workspace.
- Click Import All Supported to import all supported advisories. Alternatively, you can click the checkbox next to specific advisories in the Support Vulnerabilities table and click Import Selected.
The selected advisories are imported to SaltStack SecOps Vulnerability and appear as an assessment in the policy dashboard. The policy dashboard also displays Imported from under the policy title to indicate that the latest assessment was imported from your third-party tool.
What to do next
You can now remediate these advisories. See How do I remediate my advisories for more information.