Nucleus supports the ability to upload files containing asset data through the manual file upload utility (Import Scans > From File) or via the API. Uploading an asset file allows you to import results from other systems and to populate group information or other asset metadata which the vulnerability scanning tools don't support.

Please check out our asset inventory connectors for a more automated process of syncing asset data to your Nucleus console!

 

File Type Support

We support the following file types:

1. CSV (sample CSV file)

2. JSON

3. XML

 

Upload the Scan

To upload a custom scan, you need to follow these steps:

 

1. Navigate to Scans > Import via File.

2. Drag and Drop your asset csv file into the file import popup.

 

Your file will be uploaded and ingested as if it were a scan type from any tool.

 

Asset File Requirements

We require the following column headers in the Asset CSV upload in order to be created/updated in Nucleus.

 

 Important fields:

nucleus_import_version - This needs to be set to '1' without the quotation marks

asset_name or ip_address - This will determine the asset name in Nucleus. It can be an application name or a server or web site.

scan_type - This value needs to be set to "Host" for network based assets and "Application" when populating data for applications

scan_tool - This value needs to be set to "Asset" for all asset-only uploads

 

All Fields

nucleus_import_version

Description: The version of the import api to use.

Accepted Values: 1 (There is only 1 version of the api at this time)

Required: Yes

 

 scan_tool

Description: Scan tool used when displaying the tool in the application. This should be consistent across scan imports.

Required: Yes

 

scan_type

Description: Scan type should explain the type of asset that is being scanned. Applications are things like web applications or SAST/DAST scans. Container images are Blackduck and Nessus container type scans.

Accepted Values: Application/Container Image/Database/Host

Required: Yes

 

asset_name

Description: Name of the host or base URL that was scanned.

Required: Either this or ip_address must be included for each host

 

ip_address

Description: IP address for the host or web service scanned.

Format: x.x.x.x

Required: Either this or asset_name must be included for each host

 

asset_fqdn

Description: FQDN for scanned host.

Required: No

 

mac_address

Description: MAC address for scanned host.

Required: No

 

operating_system_name

Description: OS Name for scanned host.

Required: No

 

operating_system_version

Description: OS Version for scanned host.

Required: No

 

asset_notes

Description: Notes for scanned host.

Required: No

 

asset_criticality

Description: Critcality for scanned host.

Required: No

 

asset_location

Description: Asset location for scanned host.

Required: No

 

asset_groups

Description: This is a semi-colon separated list of all the groups that this asset is part of

 

 

 

Sample File Types

Nucleus recommends the csv file type, but also supports json or XML asset uploads

Below is an example of these files.

Example CSV file format

 nucleus_import_version,asset_name,ip_address,asset_fqdn,scan_type,scan_tool,asset_groups,asset_location,asset_criticality,asset_notes,operating_system_version,operating_system_name,mac_address
1,hostname1,192.168.1.1,,Host,Asset,,,,,,,
1,hostname2,192.168.1.2,,Host,Asset,group1;group2,,,,,,