Getting data into Cisco Vulnerability Management without a connector

If you’re looking to get assets, vulns, or metadata into the Cisco Vulnerability Management platform without using one of the established connectors, there are 4 options for you to use:

  • The Data Importer
  • The Asset Updater script
  • The Vuln Updater script
  • The CSV Uploader

This table outlines the pros and cons for each as well as some best practices for each option.

Options for Getting Data into Cisco Vulnerability Management without a Connector

Tool Options

Pros

Cons

Best Practices

Data Importer – Assets and Vulns OR Assets Only

Link to Data Importer  CSV to JSON Converter Script

Link to Data Importer Help Article

  • Most commonly used

  • Used when Cisco Vulnerability Management does not have a connector to bring in vulns, pentest findings, Application Security Module findings, etc.

  • Flexibility in mapping certain information to fields in Cisco Vulnerability Management such as details, solution, description etc.

  • Handles large bulk uploads at once

  • Option not to auto-close vulns when using for asset metadata

  • Supports tag prefixes

  • Supports adding a domain suffix appended to hostnames

  • Resets last_seen date on the asset

  • Creates assets it cannot find, which can affect your licensing

  • Cannot update custom fields

  • Bringing in additional vuln data from non-existing connectors

  • Tagging assets from another source, such as a cmdb (other than SNOW cmdb)

  • Prefixing tags in bulk

  • Best used for recurring updates to metadata as long as resetting the last_seen date is ok

Asset Updater Script – Assets only

Link to Asset Updater Script

  • Does not create unwanted assets

  • Does not update last_seen date on the asset

  • Supports tag prefixes

  • Is multi-threaded

  • Can customize matching with wildcards/code adjustments

  • Runs much slower than the KDI because it updates one asset at a time

  • Best used for “once in a while” updates to asset metadata as it can be slow depending on the number of assets being updated

Vuln Updater Script – Vulns Only

Link to Vuln Updater Script

  • Is multi-threaded

  • Can update vulns based on vuln ID, CVE, CWE, or results from IP or hostname search

  • Can update many vuln fields, including status, notes, custom fields and due dates

  • Runs much slower than the KDI because it updates one vuln at a time

  • Bulk updates to custom fields or notes

  • Bulk updates to due dates, or to clear them out

CSV Uploader

Link to CSV Uploader Help Page

  • Fast & relatively easy

  • Least used and not recommended where one of the previous options will do the job

  • Can create “fake” vulns

  • May create new assets if it can’t find a match

  • Inability to automate the upload

  • Will not auto-close vulns

  • Assigning Owners or Tags to assets

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.