Getting data into Cisco Vulnerability Management without a connector

If you’re looking to get assets, vulns, or metadata into the Cisco Vulnerability Management platform without using one of the established connectors, there are 4 options for you- the Kenna Data Importer (or KDI), the Asset Updater Script, the Vuln Updater script, and the CSV Uploader. This table outlines the pros and cons for each as well as some best practices recommended by our team.  

Options for Getting Data into Cisco Vulnerability Management without a Connector

Tool Options

Pros

Cons

Best Practices

Kenna Data Importer (KDI) – Assets and Vulns OR Assets Only

Link to Kenna Data Importer (KDI) CSV to JSON Converter Script

Link to Kenna Data Importer (KDI) Help Article

  • Most commonly used

  • Used when Cisco Vulnerability Management does not have a connector to bring in vulns, pentest findings, appsec findings, etc.

  • Flexibility in mapping certain information to fields in Cisco Vulnerability Management such as details, solution, description etc.

  • Handles large bulk uploads at once

  • Option not to auto-close vulns when using for asset metadata

  • Supports tag prefixes

  • Supports adding a domain suffix appended to hostnames

  • Resets last_seen date on the asset

  • Creates assets it cannot find, which can affect your licensing

  • Cannot update custom fields

  • Bringing in additional vuln data from non-existing connectors

  • Tagging assets from another source, such as a cmdb (other than SNOW cmdb)

  • Prefixing tags in bulk

  • Best used for recurring updates to metadata as long as resetting the last_seen date is ok

Asset Updater Script – Assets only

Link to Asset Updater Script

  • Does not create unwanted assets

  • Does not update last_seen date on the asset

  • Supports tag prefixes

  • Is multi-threaded

  • Can customize matching with wildcards/code adjustments

  • Runs much slower than the KDI because it updates one asset at a time

  • Best used for “once in a while” updates to asset metadata as it can be slow depending on the number of assets being updated

Vuln Updater Script – Vulns Only

Link to Vuln Updater Script

  • Is multi-threaded

  • Can update vulns based on vuln ID, CVE, CWE, or results from IP or hostname search

  • Can update many vuln fields, including status, notes, custom fields and due dates

  • Runs much slower than the KDI because it updates one vuln at a time

  • Bulk updates to custom fields or notes

  • Bulk updates to due dates, or to clear them out

CSV Uploader

Link to CSV Uploader Help Page

  • Fast & relatively easy

  • Least used and not recommended where one of the previous options will do the job

  • Can create “fake” vulns

  • May create new assets if it can’t find a match

  • Inability to automate the upload

  • Will not auto-close vulns

  • Assigning Owners or Tags to assets

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.