This article describes how to upload the results of a vulnerability scan to the MSS Portal.
Uploading vulnerability scans
Note: You must be a company administrator or a partner to upload vulnerability scans.
The Upload page lets you upload a vulnerability scan data file to the portal. This data is used to enhance the analysis of your company’s log data. The data file must be in a supported format: Qualys 4.0 and above, Nessus 1.x (please contact the MSS Service Desk to confirm that your version is supported), and McAfee Vulnerability Manager (formerly Foundstone) Risk_Data and Host_Data. Other vendor formats may be supported using Symantec's XML Vulnerability Format (XVF) 2.0; please contact MSS for further details. Consult the Symantec MSS XVF Reference Guide, available in the Downloads page, for detailed information about XVF . The upload file size limit is 50 MB. The bottom half of the Vulnerability Uploads window shows a listing of uploaded vulnerability scans. The grid report lists the uploaded file path and name, the contact who uploaded the file, the scan file type, associated comments, if any , whether the
upload was successful, and the date and time that the file was submitted to the SOC.
Note: Rapid7 NexPose users can export their vulnerability scans into the Qualys format and then upload them using the following instructions.
To upload a vulnerability data file
1 In the MSS portal, click the Assets tab.
2 In the Assets page, click the Manage Assets selection list, and select Vul Uploads.
3 Click Browse and locate the file to be uploaded.
4 If you want the Portal to use the scan contents to create new assets and modify ones already registered, check the check box next to that statement.
5 Optionally, in the Comment text box, type your comments regarding the file you are uploading.
6 Click Upload to upload the data file.