Forum Discussion
kjlynn_118532
Oct 22, 2013Nimbostratus
Importing WebInspect vulnerabilities into ASM
The literature indicates that 11.4 can import vulnerability definitions from WebInspect, but I've been unable to find any details about how that works. Can someone please point me at instructions for...
kjlynn_118532
Nimbostratus
Yeah, that article describes how to import the vulns into ASM, but it doesn't describe how to export them from WebInspect. --The standard "export" options in WI do not seem to produce anything readable by ASM.
HansE_165416
Jul 31, 2014Nimbostratus
WebInspect (currently 10.20) offers several XML outputs, so I am assuming that the F5 import tool is only expecting one of those. The F5 manual many need a listing of the acceptable, or expected schema, exports from the various vendor scanners. For example, WebInspect 10.xx "recently" added an Export to WAF option. This new XML output is different from the classic "Full" export that WebInspect has had for a decade. I suspect it is the Full export that your import function is expecting, which could explain the error you had in importing.
WebInspect Option 1: File menu > Export > Scan Details > "Full"
WebInspect Option 2: File menu > Export > "Protection Rules to Web Application Firewall"
You might also find answers on the HP WebInspect public user forums here: http://h30499.www3.hp.com/t5/HP-Application-Security-Center/ct-p/sws-sc01
Here is a guide: http://h30499.www3.hp.com/t5/Fortify-Application-Security/HP-WebInspect-and-F5-Integration/ba-p/6413212.U9pFv2OTFVI
Starting in 2014, there is also a private, customer-only set of WebInspect forums here: https://protect724.arcsight.com/
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects