Importing Nessus Scans (Network and Web Application)

This article applies to importing Nessus Network and Web Application Scans for vulnerability mapping

1. Import a scan with a new mapping

a. Excel format example

2. Map the source fields

3. Map the severity fields and import

4. Import a scan with an existing mapping

1. Import a scan with a new mapping 

Navigate to Vulnerabilities via the left navigation panel

Select Import Vulnerabilities at the top right 

Select Choose File from the pop-up modal. Ensure the uploaded file is in CSV format. The maximum file size is 30MB. If your file size is larger, consider breaking it down into multiple files for import.

importvulnerabilities

Excel format example

Here is an example of a Nessus upload CSV file. The first row of the Excel spreadsheet should contain the headers of the columns.

Choose the file you wish to upload, select the appropriate Source Tool (Nessus) and Source Type (Network Scan or Web Application Scan), and then select Create New Mapping

nessuscreatenewmapping

2. Map the source fields

Map the source fields with an existing 6clicks Field or create a New Field. You will need to map the mandatory fields noted below and we suggest that you map the recommended fields. These mandatory and recommended fields apply to both Nessus Network and Nessus WAS (Web application) scans. 

Mandatory:

  • Title (6clicks field) must be mapped to Name (import file field)
  • Host IP (6clicks field) must be mapped to Host (import file field); OR
  • URL (6clicks field) must be mapped to URL (import file field)

Recommended: 

  • Source ID (6clicks field) mapped to QID (import file field). When a source ID is mapped, our system references the source ID for comparing and updating the vulnerability records of the respective asset upon import. If not mapped, the system references the Title for comparison and updates.
  • Port (import file field) mapped to Port (6clicks field). Because the scanned asset could have multiple ports, the same vulnerability for the asset may appear over multiple lines for each port. Mapping the ports allows 6clicks to consolidate all the ports into one asset and vulnerability.

3. Map the Severity Fields and Import

Different tools have different names for the severity rating of a vulnerability. 6clicks uses a common naming convention as per NIST. The default severity ratings are:

  1. None
  2. Low
  3. Medium
  4. High
  5. Critical

To correctly map the import file severity rating to the 6clicks default ratings, ensure you map the Severity header in the import file to the Severity 6clicks property.

Once you have completed the mapping process for all properties, click Next

If you have mapped the severity ratings, you will be shown the Severity Mapping screen. Here you can map the values in your import file to the 6clicks default values. Below is an example where the import file used a 1-5 to indicate severity. Sometimes, your file may not include all severity values, so you will need to create them in the left column of fields. This is important for future scan imports where the severity rating does appear.

Select Import. Once the scan has been imported successfully, a message will appear. Click View Summary to view the imported scan. 

The imported scan will show under the Imported Scans tab

The list of vulnerabilities will be found under the Vulnerabilities tab

Newly created mapping details can be found under the Scan Mappings tab

nessusimport

4. Import a Scan with an Existing Mapping

Once you have created a mapping for a particular type of scan you use, you can use it again for consistency when importing future scans of the same format. 

Navigate to Vulnerabilities via the left navigation panel

Select Import Vulnerabilities at the top right

Select Choose a File from the pop-up modal. Ensure the uploaded file is in CSV format upon upload and remember that the first row of the Excel spreadsheet should contain the headers of the columns. 

Select an existing scan from the list, then select Import. In the example below, we are using Nessus_Network Scan. 

Once the scan has been imported successfully, a message will appear. Click View Summary to view the imported scan. 

The newly imported scan that used the saved mapping will show under the Imported Scans tab.