Importing other scanning tool besides Qualys and Nessus
Importing a Scan with a New Mapping
Navigate to Vulnerabilities via the left navigation panel.
Select Import Vulnerabilities at the top right. 
Select Choose a File from the pop-up modal. Ensure the uploaded file is in CSV format upon upload. Max file size is 30MB. If your file size is bigger, consider breaking it down into multiple files for import.
The first row of the Excel spreadsheet should contain the headers of the columns.
Once the file has been uploaded. On the right side of the modal, select Create New Mapping.
Select Create Source Tool.
Select the Source Type Network Scan or Web Application Scan, respectively.
Select Create New Mapping.
Next, you'll need to map the source fields with an existing 6clicks Field or create a New Field. These mandatory and recommended fields apply to both Network Scan and WAS scan and are:
Mandatory:
- Title (6clicks field) must be mapped to Name (import file field).
- Host IP (6clicks field) must be mapped to Host (import file field); OR
- URL (6clicks field) must be mapped to URL (import file field).
Recommended:
- Source ID (6clicks field) mapped to QID (import file field). When a source ID is mapped, our system references the source ID for comparing and updating the vulnerability records of the respective asset upon import. If not mapped, the system references the Title for comparison and updates.
- Port (import file field) mapped to Port (6clicks field). Because the scanned asset could have multiple ports, the same vulnerability for the asset may appear over multiple lines for each port. Mapping the ports allows 6clicks to consolidate all the ports into one asset and vulnerability.
Mapping Severity Fields
Different tools have different names for the severity rating of a vulnerability. 6clicks uses a common naming convention as per NIST. The default severity ratings are:
- None
- Low
- Medium
- High
- Critical
To correctly map the import file severity rating to the 6clicks default ratings, ensure you map the Severity header in the import file to the Severity 6clicks property.
Once you have completed the mapping process for all properties, click Next
If you have mapped the severity ratings, you will be shown the Severity Mapping screen. Here you can map the values in your import file to the 6clicks default values. Below is an example where the import file used a 1-5 to indicate severity. Sometimes, your file may not include all severity values, so you will need to create them in the left column of fields. This is important for future scan imports where the severity rating does appear.
Once the scan has been imported successfully, a message will appear. Click View Summary to view the imported scan. 
The imported scan will show under the Imported Scans tab.
The list of vulnerabilities will be found under the Vulnerabilities tab.
Newly created mapping details can be found under the Scan Mappings tab.
Importing a Scan with an Existing Mapping
Navigate to Vulnerabilities via the left navigation panel.
Select Import Vulnerabilities at the top right.
Select Choose a File from the pop-up modal. Ensure the uploaded file is in CSV format upon upload.
The first row of the Excel spreadsheet should contain the headers of the columns.
Select an existing scan from the list, then select Import. In this example, we are using Rapid7_Network Scan.
Once the scan has been imported successfully, a message will appear. Click View Summary to view the imported scan.
The imported scan will show under the Imported Scans tab.
