All Collections
User Guide
Importing a Vulnerability Assessment Report into SIRP
Importing a Vulnerability Assessment Report into SIRP
Ali Murtaza avatar
Written by Ali Murtaza
Updated over a week ago

The SIRP's Vulnerability Management module allows you to manage the entire lifecycle of vulnerabilities identified in your organization. There are multiple ways you can ingest vulnerabilities into SIRP for end-to-end management and closure:

  • Users can initiate scans on the vulnerability assessment tool from SIRP. As soon as the scan is finished, the assessment and the vulnerabilities within the assessment are auto-ingested in the platform.

  • Users can define an "Ingestion Source" by connecting SIRP with the vulnerability assessment tool. The ingestion source will fetch any new assessment from the VA tool into SIRP. In this scenario, the scans are executed directly within the VA tool (not through SIRP).

  • Users can also create the assessment and add vulnerabilities to that assessment, manually. In this scenario, no automated vulnerability assessments are executed. This type of process is useful to manage the vulnerabilities identified and reported as a result of a Penetration Testing exercise.

  • Lastly, users can "export" an assessment from the VA tool and import it into SIRP.

This guide will illustrate how you can import a report generated by a Vulnerability Assessment tool into SIRP. We will follow the steps below:

  • In Vulnerability Management, click Imported Assments > Import Assessment.

  • Select your VA tool from the dropdown menu. In this case, we have selected Nessus.

  • Click on the File icon to browse and select the .nessus file. Then click the Upload button

The import job is submitted to process the uploaded file and import the vulnerabilities.

Once the import is complete, click on Map Field from the Actions column, to begin mapping the files in the import file with the fields available in SIRP.

Field mapping

  • Click the + sign to create a template. Give the template a name and click Save. This will allow you to use the same field settings in the future imports.

  • In the JSON viewer on the right-hand side, click on the name of the report and then copy the name into the Assessment Name field.

  • Repeat the same process for Root-Path

Note: Root Path specifies the path from where you will be mapping all your information. In this case, the Root Path is {NessusClientData_v2/Report/ReportHost}

  • The rest of the fields in the assessment can be mapped from the Report Items section one-by-one

  • Once the mapping is complete click on the Import button

  • Once the import job is completed, the status will now change to Pending.

Click on View under the Actions column right-hand-side to view the newly imported assessment.

Did this answer your question?