Forum Discussion
kjlynn_118532
Nimbostratus
NimbostratusImporting WebInspect vulnerabilities into ASM
The literature indicates that 11.4 can import vulnerability definitions from WebInspect, but I've been unable to find any details about how that works. Can someone please point me at instructions for exporting vulnerabilities from WI and importing them into the ASM?
What_Lies_Bene1Cirrostratus
This looks like it covers it: http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-11-4-0/3.html
kjlynn_118532Yeah, that article describes how to import the vulns into ASM, but it doesn't describe how to export them from WebInspect. --The standard "export" options in WI do not seem to produce anything readable by ASM.
HansE_165416WebInspect (currently 10.20) offers several XML outputs, so I am assuming that the F5 import tool is only expecting one of those. The F5 manual many need a listing of the acceptable, or expected schema, exports from the various vendor scanners. For example, WebInspect 10.xx "recently" added an Export to WAF option. This new XML output is different from the classic "Full" export that WebInspect has had for a decade. I suspect it is the Full export that your import function is expecting, which could explain the error you had in importing. WebInspect Option 1: File menu > Export > Scan Details > "Full" WebInspect Option 2: File menu > Export > "Protection Rules to Web Application Firewall" You might also find answers on the HP WebInspect public user forums here: http://h30499.www3.hp.com/t5/HP-Application-Security-Center/ct-p/sws-sc01 Here is a guide: http://h30499.www3.hp.com/t5/Fortify-Application-Security/HP-WebInspect-and-F5-Integration/ba-p/6413212.U9pFv2OTFVI Starting in 2014, there is also a private, customer-only set of WebInspect forums here: https://protect724.arcsight.com/
- What_Lies_Bene1
Hmmm, this HP datasheet suggests XML export is available and the earlier F5 link I posted seems to suggest this is an acceptable format. What options do you have?
- kjlynn_118532
WI offers the following options under File->Export: scan... scan details... scan to Software Security Center... protection rules to HP Tipping Pt... protection rules to Web Application Firewall... I'm assuming it's that last one, but when I attempt it, I get "Unable to contact BIG-IP device". All other ASM operations seem to work fine.
- What_Lies_Bene1
Not sure why you'd get that error if you are simply exporting to a file??? Are you prompted for an IP?
- kjlynn_118532
OH. The export to a file appears to complete successfully. That error is on the import to ASM
- What_Lies_Bene1
OK, I see. I'd suggest F5 support is the best path for you then. I'm sure they will be helpful.