Nucleus supports the ability to upload files containing asset data through the manual file upload utility (Import Scans > From File) or via the API. Uploading an asset file allows you to import results from other systems and to populate group information or other asset metadata which the vulnerability scanning tools don't support.
Please check out our asset inventory connectors for a more automated process of syncing asset data to your Nucleus console!
File Type Support
We support the following file types:
1. CSV (sample CSV file)
2. JSON
3. XML
Upload the Scan
To upload a custom scan, you need to follow these steps:
1. Navigate to Scans > Import via File.
2. Drag and Drop your asset csv file into the file import popup.
Your file will be uploaded and ingested as if it were a scan type from any tool.
Asset File Requirements
We require the following column headers in the Asset CSV upload in order to be created/updated in Nucleus.
Important fields:
nucleus_import_version - This needs to be set to '1' without the quotation marks
asset_name or ip_address - This will determine the asset name in Nucleus. It can be an application name or a server or web site.
scan_type - This value needs to be set to "Host" for network based assets and "Application" when populating data for applications
scan_tool - This value needs to be set to "Asset" for all asset-only uploads
All Fields
nucleus_import_version
Description: The version of the import api to use.
Accepted Values: 1 (There is only 1 version of the api at this time)
Required: Yes
scan_tool
Description: Scan tool used when displaying the tool in the application. This should be consistent across scan imports.
Required: Yes
scan_type
Description: Scan type should explain the type of asset that is being scanned. Applications are things like web applications or SAST/DAST scans. Container images are Blackduck and Nessus container type scans.
Accepted Values: Application/Container Image/Database/Host
Required: Yes
asset_name
Description: Name of the host or base URL that was scanned.
Required: Either this or ip_address must be included for each host
ip_address
Description: IP address for the host or web service scanned.
Format: x.x.x.x
Required: Either this or asset_name must be included for each host
asset_fqdn
Description: FQDN for scanned host.
Required: No
mac_address
Description: MAC address for scanned host.
Required: No
operating_system_name
Description: OS Name for scanned host.
Required: No
operating_system_version
Description: OS Version for scanned host.
Required: No
asset_notes
Description: Notes for scanned host.
Required: No
asset_criticality
Description: Critcality for scanned host.
Required: No
asset_location
Description: Asset location for scanned host.
Required: No
asset_groups
Description: This is a semi-colon separated list of all the groups that this asset is part of
Sample File Types
Nucleus recommends the csv file type, but also supports json or XML asset uploads
Below is an example of these files.
Example CSV file format
nucleus_import_version,asset_name,ip_address,asset_fqdn,scan_type,scan_tool,asset_groups,asset_location,asset_criticality,asset_notes,operating_system_version,operating_system_name,mac_address
1,hostname1,192.168.1.1,,Host,Asset,,,,,,,
1,hostname2,192.168.1.2,,Host,Asset,group1;group2,,,,,,
Comments
0 comments
Please sign in to leave a comment.