Importing External Scan Results
About Importing External Scan Results
You can import diagnostic results from network scanning tools such as Nessus, OpenVAS, Nmap, or ASM (Attack Surface Management) services, as well as results from tools other than the FutureVuls scanner (hereafter referred to as external scan results) and manage them as vulnerabilities and tasks.
By importing scan results from tools like Nessus and Nmap, which scan the target from the outside, you can centrally manage both internal vulnerability information scanned by the FutureVuls scanner and vulnerabilities exposed on the network detected by tools like Nmap and Nessus.
By combining this feature with other FutureVuls functionalities, the following can be achieved:
- Immediate detection and remediation of externally exposed vulnerabilities
- Centralized management by ticketing both internal and externally exposed vulnerabilities
- Automatic risk assessment using FutureVuls’ SSVC feature for prioritization
External Scan List
Displayed Items
You can check the list of external scan results added to the target server from the second pane of the server tab.
| Item | Details |
|---|---|
| External Scan Name | The name of the added external scan result |
| External Scan | Whether the vulnerability associated with the external scan result is exposed externally |
| Creation Date | The date the external scan result was added |
| Update Date | The date the external scan result was updated |
Adding External Scan Results
By pressing the “Add External Scan Results” button at the top of the external scan list screen, a dialog will appear to add external scan results.
| Item | Details |
|---|---|
| External Scan Name | The name of the external scan result to be added |
| CVE-ID List | The list of CVE-IDs output from the external scan |
| External Scan | Whether the vulnerabilities in the added external scan result are exposed externally (checked by default). |
The “External Scan” value should be checked if the vulnerabilities in the added external scan result are exposed externally.
Cases where it should be unchecked include:
- Adding output results from tools that scan for internal vulnerabilities, such as the FutureVuls scanner.
After adding the external scan results, vulnerabilities will be registered into a group based on the CVE-ID list. If the CVE-ID list contains CVE-IDs that cannot be registered (such as non-existent or incorrectly formatted CVE-IDs), they will not be added, and only the registerable CVE-IDs will be registered.
During the next server scan, tasks associated with the newly registered vulnerabilities will be added.
If you want to manage the added external scan results immediately in the task tab, please manually run a scan from the server details.
When you check the “External Scan” box and add the external scan results, the external scan column in the vulnerability and task list associated with each CVE-ID will be checked, and you can confirm it from the list screen.
You can use the filter function in the task and vulnerability list to filter only items marked as external scans.
External Scan Details
Displayed Items
In the external scan details, you can check and update the details of the added external scan results.
The following items are displayed in the external scan details:
| Item | Details |
|---|---|
| Package Name | The name of the added external scan result |
| Scan Type | If added with the “External Scan” box checked, it will be displayed as an external scan |
| Update Date | The date the external scan result was updated |
| CVE-ID | The list of CVE-IDs associated with the added external scan result |
You can click on a vulnerability in the displayed list to navigate to the details page of the selected vulnerability.
From the icon at the top right, you can update or delete the added external scan results.
Updating External Scan Results
The following three items can be updated:
- External Scan Name
- CVE-ID List
- External Scan
The list of CVE-IDs already added is set as default values.
If you only want to update the external scan name without updating the CVE-ID list, submit without changing the CVE-ID list from the default values.
To update the CVE-ID list after a re-scan, delete the default values from the input field and paste the new external scan results before submitting.
CVE-IDs that are no longer included in the updated external scan results will be treated as no longer detected, and the associated tasks will automatically be marked as patch_applied. The external scan results will be removed from the associated task’s external scan column but will still be displayed in the external scan details.
Deleting External Scan Results
You can delete the added external scan results.
When you delete an external scan result:
- Tasks associated with the external scan result
- Vulnerabilities associated with the external scan result
will be deleted simultaneously.
If there are other external scan results or software associated with the task or vulnerability, only the relation with the deleted external scan result will be removed.