Importing AppSpider scan data

If you use Rapid7 AppSpider to scan your Web applications, you can import AppSpider data with Nexpose scan data and reports. This allows you to view security information about your Web assets side-by-side with your other network assets for more comprehensive assessment and prioritization.

The process involves importing an AppSpider-generated file of scan results, VulnerabilitiesSummary.xml, into a Nexpose site. Afterward, you view and report on that data as you would with data from a Nexpose scan.

If you import the XML file on a recurring basis, you will build a cumulative scan history in Nexpose about the referenced assets. This allows you to track trends related to those assets as you would with any assets scanned in Nexpose.

This import process works with AppSpider versions 6.4.122 or later.

To import AppSpider data, take the following steps:

  1. Create a site if you want a dedicated site to include AppSpider data exclusively. See Creating and editing sites. Since you are creating the site to contain AppSpider scan results, you do not need to set up scan credentials. You will need to include at least one asset, which is a requirement for creating a site. However, it will not be necessary to scan this asset. If you want to include AppSpider results in an existing site with assets scanned by Nexpose, skip this step.
  2. Download the VulnerabilitiesSummary.xml file, generated by AppSpider, to the computer that you are using to access the Nexpose Web interface.
  3. In the Sites table, select the name of the site that you want to use for AppSpider.
  1. In the Site Summary table for that site, click the hypertext link labeled Import AppSpider Assessment.
  2. Click the button that appears, labeled Choose File. Find the VulnerabilitiesSummary.xml on your local computer and click Open in Windows Explorer. The file name appears, followed by an Import button.
  3. Click Import.

The imported data appears in the Assets table on your site page. You can work with imported assets as you would with any scanned by Nexpose: View detailed information about them, tag them, and include them in asset groups, and reports.

Although you can include imported assets in dynamic assets groups, the data about these imported assets is not subject to change with Nexpose scans. Data about imported assets only changes with subsequent imports of AppSpider data.