If you’re looking to get assets, vulns, or metadata into the Cisco Vulnerability Management platform without using one of the established connectors, there are 4 options for you to use:
- The Data Importer
- The Asset Updater script
- The Vuln Updater script
- The CSV Uploader
This table outlines the pros and cons for each as well as some best practices for each option.
Options for Getting Data into Cisco Vulnerability Management without a Connector
|
Pros
|
Cons
|
Best Practices
|
Data Importer – Assets and Vulns OR Assets Only
Link to Data Importer CSV to JSON Converter Script
Link to Data Importer Help Article
|
-
Most commonly used
-
Used when Cisco Vulnerability Management does not have a connector to bring in vulns, pentest findings, Application Security Module findings, etc.
-
Flexibility in mapping certain information to fields in Cisco Vulnerability Management such as details, solution, description etc.
-
Handles large bulk uploads at once
-
Option not to auto-close vulns when using for asset metadata
-
Supports tag prefixes
-
Supports adding a domain suffix appended to hostnames
|
-
Resets last_seen date on the asset
-
Creates assets it cannot find, which can affect your licensing
-
Cannot update custom fields
|
-
Bringing in additional vuln data from non-existing connectors
-
Tagging assets from another source, such as a cmdb (other than SNOW cmdb)
-
Prefixing tags in bulk
-
Best used for recurring updates to metadata as long as resetting the last_seen date is ok
|
Asset Updater Script – Assets only
Link to Asset Updater Script
|
-
Does not create unwanted assets
-
Does not update last_seen date on the asset
-
Supports tag prefixes
-
Is multi-threaded
-
Can customize matching with wildcards/code adjustments
|
|
|
Vuln Updater Script – Vulns Only
Link to Vuln Updater Script
|
-
Is multi-threaded
-
Can update vulns based on vuln ID, CVE, CWE, or results from IP or hostname search
-
Can update many vuln fields, including status, notes, custom fields and due dates
|
|
|
CSV Uploader
Link to CSV Uploader Help Page
|
|
-
Least used and not recommended where one of the previous options will do the job
-
Can create “fake” vulns
-
May create new assets if it can’t find a match
-
Inability to automate the upload
-
Will not auto-close vulns
|
|
Comments
Please sign in to leave a comment.