Forum Discussion
kjlynn_118532
Nimbostratus
Yeah, that article describes how to import the vulns into ASM, but it doesn't describe how to export them from WebInspect. --The standard "export" options in WI do not seem to produce anything readable by ASM.
HansE_165416
Jul 31, 2014Nimbostratus
WebInspect (currently 10.20) offers several XML outputs, so I am assuming that the F5 import tool is only expecting one of those. The F5 manual many need a listing of the acceptable, or expected schema, exports from the various vendor scanners. For example, WebInspect 10.xx "recently" added an Export to WAF option. This new XML output is different from the classic "Full" export that WebInspect has had for a decade. I suspect it is the Full export that your import function is expecting, which could explain the error you had in importing.
WebInspect Option 1: File menu > Export > Scan Details > "Full"
WebInspect Option 2: File menu > Export > "Protection Rules to Web Application Firewall"
You might also find answers on the HP WebInspect public user forums here: http://h30499.www3.hp.com/t5/HP-Application-Security-Center/ct-p/sws-sc01
Here is a guide: http://h30499.www3.hp.com/t5/Fortify-Application-Security/HP-WebInspect-and-F5-Integration/ba-p/6413212.U9pFv2OTFVI
Starting in 2014, there is also a private, customer-only set of WebInspect forums here: https://protect724.arcsight.com/