Importing issues from an internal or a third-party scanner

Import issues from an internal or a third-party scanner or from manual pen testing so that you can triage them. These issues are marked as 'New' so that you can easily identify them in the list of issues that you must address.

Before you begin

Procedure

  1. From an application tab in the Monitor view of AppScan® Enterprise, click Import Issues.
  2. Select an existing scan or create a new one. Follow the wizard instructions to complete the process. Make sure you give the scan a unique name; don't use the default name of the scan as the name.
  3. Check the log file to investigate whether any issues weren't imported.
    Note:
    1. If the attribute contributes to the issue uniqueness, but has an error in the file, the issue is not imported.
    2. If the attribute does not contribute to issue uniqueness and has an error:
      • For dropdown attributes, AppScan® Enterprise replaces the error with the default value specified in the scanner profile, and imports the issue.
      • For all other attribute types, AppScan® Enterprise does not import the attribute value that has the error, but does import the issue.
    These behaviors are then logged in the import log file.
  4. To see a list of issue imports for an application, click View details in the sidebar, and scroll down the Application Attributes window to the Issue Imports section. If a scanner is deleted from AppScan Enterprise, the imports for that scanner are deleted from the list, although the import issues are still available in the application grid.
    Note: v9.0.3.5

    You can delete selected issue imports from the application. Depending on the number of issues being removed from this application, this operation might take a while.

Results

If any imported issues appear in the Undetermined category, it means that the CVSS score cannot be calculated because required attributes are not defined.
Imported issues as undetermined