For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

RockBD's avatar
RockBD
Icon for Altocumulus rankAltocumulus
May 05, 2025

Can i import nessus vulnerability scanner report?

Dear All Hope you all are doing well. Can anyone tell me how to import the Nessus vulnerability scanner report to protect my application until the vulnerabilities are fixed in F5 Big-IP WAF? I foun...
security
VGF5's avatar
VGF5
Icon for Cumulonimbus rankCumulonimbus
Jun 03, 2025

Hi RockBD,

I’m sure you’ve already figured it out, but here’s my answer

You cannot directly import a Nessus vulnerability scanner report into ASM/WAF and ASM natively supports importing vulnerability reports from certain scanners (such as Qualys, IBM AppScan, HP WebInspect, Trustwave, WhiteHat, and others) and also supports a "Generic Scanner" XML format that must conform to F5's schema. 

To use a Nessus report, you would need to convert it to the "Generic Scanner" XML format that matches the BIG-IP ASM schema (generic_scanner.xsd). This is not a built-in feature of Nessus and would require custom scripting or manual conversion.

Please follow the steps as described in the community:

Nessus 6 XSLT Conversion for ASM Generic Scanner Import | DevCentral