Nucleus supports the ability to upload files containing asset data through the manual file upload utility (Import Scans > From File) or via the API. Uploading an asset file allows you to import results from other systems and to populate group information or other asset metadata which the vulnerability scanning tools don't support.
Please check out our asset inventory connectors for a more automated process of syncing asset data to your Nucleus console!
File Type Support
We support the following file types:
1. CSV (sample CSV file)
Upload the Scan
To upload a custom scan, you need to follow these steps:
1. Navigate to Scans > Import via File.
2. Drag and Drop your asset csv file into the file import popup.
Your file will be uploaded and ingested as if it were a scan type from any tool.
Asset File Requirements
We require the following column headers in the Asset CSV upload in order to be created/updated in Nucleus.
nucleus_import_version - This needs to be set to '1' without the quotation marks
asset_name or ip_address - This will determine the asset name in Nucleus. It can be an application name or a server or web site.
scan_type - This value needs to be set to "Host" for network based assets and "Application" when populating data for applications
scan_tool - This value needs to be set to "Asset" for all asset-only uploads
Description: The version of the import api to use.
Accepted Values: 1 (There is only 1 version of the api at this time)
Description: Scan tool used when displaying the tool in the application. This should be consistent across scan imports.
Description: Scan type should explain the type of asset that is being scanned. Applications are things like web applications or SAST/DAST scans. Container images are Blackduck and Nessus container type scans.
Accepted Values: Application/Container Image/Database/Host
Description: Name of the host or base URL that was scanned.
Required: Either this or ip_address must be included for each host
Description: IP address for the host or web service scanned.
Required: Either this or asset_name must be included for each host
Description: FQDN for scanned host.
Description: MAC address for scanned host.
Description: OS Name for scanned host.
Description: OS Version for scanned host.
Description: Notes for scanned host.
Description: Critcality for scanned host.
Description: Asset location for scanned host.
Description: This is a semi-colon separated list of all the groups that this asset is part of
Sample File Types
Nucleus recommends the csv file type, but also supports json or XML asset uploads
Below is an example of these files.
Example CSV file format