Generic Upload Guide

Summary: How to upload generic scan files into Ivanti Neurons.

Generic Upload Overview – CSV

The Ivanti Neurons platform’s Generic Upload functionality allows users to upload assets and findings information from any CSV-format source they have into the platform using the Generic Upload Mapping tool. This utility provides the flexibility to bring in data from an unsupported scanner, a homegrown CMDB for assets, or even penetration test data from a red team or third-party penetration test on your assets.

Generic Upload Process: Network

Once you have exported the chosen source’s CSV data, log in to your Ivanti Neurons platform. Navigate to the Settings (Settings Menu - Gear - Small) > Uploads page by clicking the gear in the top-right corner of the screen.

Uploads Menu Location-1

In the Upload Wizard, enter the Upload Name and click Next.

Generic Upload - Upload Name Field

Select an assessment to associate with this scan. You can either select an available assessment or create a new one. To create a new assessment, click the Create Assessment button. Fill out the fields in the Add a New Assessment window and click Submit. You can now select your new assessment from the list.

Select an assessment from the list to associate with this scan (you can use the search field to find an assessment) and click Next.

Generic Upload - Create or Select Assessment

Select a network for this scan. You can either select an available network or create a new one. To create a new network, click the Create Network button. Fill out the fields in the Add a New Network window and click Submit. You can now select your new network from the list.

Select a network from the list (you can use the search field to find a network) and click Next.

Generic Upload - Create or Select Network

On the Upload Files page, there are two ways to add scan files. You can either drag and drop the file in the gray Drag files here or click the Select Files button and search for the scan file on your computer. Once the file has been added, click Upload.

Generic Upload - Upload Scan Files

Once the upload finishes, you must map the CSV file to the minimum required fields in Ivanti Neurons. This status is indicated in the State column as Requires Manual Mapping, as shown here.

Generic Upload - Requires Manual Mapping State

To start the mapping process, click Requires Manual Mapping.

Generic Upload - Requires Manual Mapping Location

Field Mapping

Accessing the Generic Upload Wizard for the first time presents the user with a brief tutorial on its features. The first step is to define the scanner type needed for the Scanner card. Depending on the data type, you can select either Host or Application. To create the scanner for the data set, click the Plus (+) button on the card.

A scanner is a data source used to attribute assets and findings within the platform. For example, you may have a scanner for your homegrown configuration management database (CMDB) for hosts, one for the homegrown CMDB for applications, one for a red team penetration test for your hosts, and one for a scanner that is not currently supported. All these are identified by their scanner and their plugin, which we will cover later.

Generic Upload - Scanner Plus Button Location

Clicking the Plus (+) button opens the Create Scanner window. Enter the scanner name, select the scanner type (host or application), add the scanner’s version, and enter a description. Note that each scanner has a different set of required fields that are defined later in this document.

Generic Upload - Create Scanner Window

After completing the required fields, click Submit. In the Scanner – Version box, the new scanner details appear. In the Mapping - Version card, the user can find any previously created mappings and check the Top row of the CSV contains headers box, if needed.  If the ingested data set contains a header, ensure that this box is checked. Additionally, the interface provides the user with breadcrumbs for the remaining required fields.

The required fields are important here; as mentioned earlier, the plugin is the unique identifier within your scanner that identifies a particular finding. With this, you can upload future data, and the platform with intuitively know whether things are closed by their presence in the newer file.

Generic Upload Guide - Map Attributes

Each required field is removed from the breadcrumb list as it is assigned.

Generic Upload Guide - Completed Field Mapping Removed

Other than the required fields, Ivanti Neurons also provides highly recommended fields that are important to map for better data representation. Leaving these recommended fields blank will not throw any errors.

Generic Upload Guide - Mapping Highly Recommended Fields

Ivanti Neurons fields allows users to map a field from the CSV to more than one field in Ivanti Neurons. Click Add another attribute in each pane to map the same CSV field to more than one field in Ivanti Neurons.

Generic Upload Guide - Add Another Attribute

The maximum number of Ivanti Neurons fields that can be mapped to the same CSV field is three.

Since there are more chances for Tags and Output (applicable only for application scanners) to have multiple values, they are handled differently. Ivanti Neurons allows the mapping of multiple CSV fields to the Tags and Output fields. All other fields remain the same. In other words, Ivanti Neurons cannot map multiple CSV fields to the same fields in Ivanti Neurons other than the Tags and Output fields.

Generic Upload Guide - Mapping Multiple Fields to Tags

Ivanti Neurons supports the Asset Only Mapping option as well. For example, if the CSV file only has host-related information and a user wishes to ingest only Host/Application data.

In the Mapping - Version pane, have the user enable the Asset Only Mapping option. Once this is ticked, the required fields change.

Generic Upload Guide - Asset Only Mapping

Once you have mapped all the required fields successfully, click the Save Mapping button to save this mapping.

Generic Upload Guide - Save Mapping Button

In the Create a Mapping window, fill out the name, version, and description fields. Once complete, click Submit.

Generic Upload Guide - Create a Mapping Window

For application scanners, the Create a Mapping window includes the Findings Type dropdown as a required field. User can choose the findings to be categorized as SAST, DAST, OSS, CONTAINER, and OTHERS. If no value is selected, by default Ivanti Neurons will mark all application findings as DAST.

Generic Upload Guide - Finding Type DAST

After saving the mapping, the platform must validate the data set. During the validation process, the system looks at the file’s first 5,000 lines. Click the Validate Mapping button to proceed.

Generic Upload - Validate Mapping Button Location

You will see the following screen during the validation process.

Generic Upload - Validation Processing

Once validation is complete, the platform provides the validation results. Depending on the system’s ability to validate data, the platform presents varying percentages on the amount of data that can be validated. In this example, all the fields are 100% valid. The user can also force the system to revalidate the complete file by clicking the Force Full Scan button.

Generic Upload - Force Full Scan Button Location

Once validation is complete, click the Finalize Import button. The Save Mapping to File dialog box appears.

Generic Upload - Save Mapping to File Dialog Box

Clicking Yes returns the user to the Upload Wizard. In the Upload Wizard, we can confirm the mapping was saved, the scanner was created, and the file is ready to process. To process the scan file, click the Start button.

Generic Upload - Start Button Location

When uploading the next set of data to the platform, it will automatically fingerprint to the scanner created earlier.

Appendix A: CSV Data Structure

Below is a sample of accepted field headers for both network and application CSV ingestion. In the Detailed View section, the required fields are noted as a baseline for the data to be ingested into the platform.  When generating the CSV file, it does not need to be in this exact format nor does it need to have the same headers.  When mapping the file, it is necessary to map the data to the fields. Detailed mapping is provided below.

Network

host_name,ip,fqdn,os,plugin_id,title,service_name,service_port,severity,description,cves,tags,reference_name,reference_url,date_found,finding_tags,Soln

Detailed Field View

Assets (Host)
 CPEs
 Certainty
 Criticality
 DNS
 Device Class
 Discovered On (yyyy-MM-dd)
 FQDN
 Hostname (required)
 IP Address (required)
 Last Found On (yyyy-MM-dd)
 NetBIOS
 Operating System
 Owner
 Tags

Findings (Host)
 CVEs
 Description (Highly Recommended)
 Discovered On (yyyy-MM-dd)
 Last Found On (yyyy-MM-dd)
 Plugin ID (required)
 Reference Names/IDs
 Reference Types
 Reference URLs
 Scanner Output
 Service Name
 Service Port
 Severity (required)
 Solution (Highly Recommended)
 Tags
 Title (required)

Application

Address,name1,Location,Description,Plugin ID,Severity,Solution,Title,Discovered On,Last Found On,Hostname,IP Address,Criticality,Owner,Tags,Title__findings,Discovered On_find,Last Found On_find,Plugin ID_find,Output,Full Request,Request Parameter,Request Method,Request URL,Full Response,Payload,CWE,Tags_finds,Reference Types,Reference URLs,Reference Names/IDs

Detailed Field View

Assets (Application)
 Base URL (required)
 Criticality
 Discovered On (yyyy-MM-dd)
 Hostname
 IP Address
 Last Found On (yyyy-MM-dd)
 Name (required)
 Owner
 Tags

Findings (Application)
 Application URL (required)
 CWE
 Description (Highly Recommended)
 Discovered On (yyyy-MM-dd)
 Full Request (Base64 Encoded)
 Full Response (Base64 Encoded)
 Last Found On (yyyy-MM-dd)
 Output
 Payload
 Plugin ID (required)
 Reference Names/IDs
 Reference Types
 Reference URLs
 Request Method
 Request Parameter
 Request URL
 Severity (required)
 Solution (Highly Recommended)
 Tags
 Title (required)