Fortinet black logo

CLI Reference

execute scan-report import

execute scan-report import

Use this command to import a scan report . FortiADC supports scan reports from the following products:

  • Acunetix
  • IBM AppScan Standard
  • WhiteHat
  • HP WebInspect
  • Qualys
  • Telefonica FAAST
  • ImmuniWeb
  • FortiWeb
  • FortiADC

By analyzing the scan results in the imported report, FortiADC automatically generates a WAF profile to prevent the reported attacks. In this command, you will required to specify the name of the generated WAF profile and the actions to be taken upon the attacks.

Syntax

execute scan-report import {ftp/tftp <filename> <ip> | restapi <key> <app>} vendor <vendor> profile <profile-name> high <action> medium <action> low <action>

ftp/tftp <filename> <ip>

Import a scan report file by FTP or TFTP.

restapi <key> <app> REST API key. Specify it only when vendor is WhiteHat and Telefonica FAAST. It is used for retrieving a report from the WhiteHat and Telefonica FAAST portal using the REST API.
vendor <vendor>

Vendor report type, including:

  • fortiadc

  • fortiweb

  • acunetix

  • appscan

  • whitehat

  • webinspect

  • qualys

  • faast

  • immuniweb

Some types of reports have specific requirements. For details, see WhiteHat Sentinel scanner report requirements, Telefónica FAAST scanner report requirements, and HP WebInspect scanner report requirements.

profile <profile-name>
  • Enter a new name for the WAF profile generated to prevent the reported attacks, or

  • Enter the name of an existing profile. The WAF settings based on the scan report will be merged to an existing WAF profile. If there are conflict settings, the new ones will overwrite the existing ones.

high <action> Specify the action that FortiADC will take if High severity attacks are detected.
medium <action> Specify the action that FortiADC will take if Medium severity attacks are detected.
low <action> Specify the action that FortiADC will take if Low severity attacks are detected.

WhiteHat Sentinel scanner report requirements

To allow (Undefined variable: FortiWebVariables.FortiWeb) to generate rules using a WhiteHat Sentinel scanner report, ensure that the parameters “display_vulnerabilities” and “display_description” are enabled when you run the scan.

You can upload a WhiteHat Sentinel scanner report using either a report file you have downloaded manually or directly import the file from the WhiteHat portal using the RESTful API. Importing a scanner file from the WhiteHat portal requires the API key and application name that WhiteHat provides.

To retrieve the WhiteHat API key and application name
  1. Go to the following location and log in:
  2. https://source.whitehatsec.com/summary.html#dashboard

  3. In the top right corner, click My Profile.
  4. Click View My API Key and enter your password.
  5. Your API key is displayed. For example:

  6. To view the application name, navigate to the Assets tab. The application name is the NAME value. For example:

Telefónica FAAST scanner report requirements

You can upload a Telefónica FAAST scanner report using either a report file you have downloaded manually or directly import the file from the Telefónica FAAST portal using the RESTful API. Importing a scanner file from the Telefónica FAAST portal requires the API key that Telefónica FAAST provides. One Telefónica FAAST scanner account can apply for an API key.

To apply for a Telefónica FAAST API key
  1. Go to the following location and log in:
  2. https://cybersecurity.telefonica.com/vulnerabilities/es/api_docs

  3. In the session : Authentication page, please select POST > api/session for the method, and fill in the blanks for username and password. Then click Try it out.
  4. The API key will be gave in the Response Body if the username and password are authorized.

HP WebInspect scanner report requirements

To generate rules from HP WebInspect, when you export the report, for the Details option, select either Full or Vulnerabilities.

execute scan-report import

Use this command to import a scan report . FortiADC supports scan reports from the following products:

  • Acunetix
  • IBM AppScan Standard
  • WhiteHat
  • HP WebInspect
  • Qualys
  • Telefonica FAAST
  • ImmuniWeb
  • FortiWeb
  • FortiADC

By analyzing the scan results in the imported report, FortiADC automatically generates a WAF profile to prevent the reported attacks. In this command, you will required to specify the name of the generated WAF profile and the actions to be taken upon the attacks.

Syntax

execute scan-report import {ftp/tftp <filename> <ip> | restapi <key> <app>} vendor <vendor> profile <profile-name> high <action> medium <action> low <action>

ftp/tftp <filename> <ip>

Import a scan report file by FTP or TFTP.

restapi <key> <app> REST API key. Specify it only when vendor is WhiteHat and Telefonica FAAST. It is used for retrieving a report from the WhiteHat and Telefonica FAAST portal using the REST API.
vendor <vendor>

Vendor report type, including:

  • fortiadc

  • fortiweb

  • acunetix

  • appscan

  • whitehat

  • webinspect

  • qualys

  • faast

  • immuniweb

Some types of reports have specific requirements. For details, see WhiteHat Sentinel scanner report requirements, Telefónica FAAST scanner report requirements, and HP WebInspect scanner report requirements.

profile <profile-name>
  • Enter a new name for the WAF profile generated to prevent the reported attacks, or

  • Enter the name of an existing profile. The WAF settings based on the scan report will be merged to an existing WAF profile. If there are conflict settings, the new ones will overwrite the existing ones.

high <action> Specify the action that FortiADC will take if High severity attacks are detected.
medium <action> Specify the action that FortiADC will take if Medium severity attacks are detected.
low <action> Specify the action that FortiADC will take if Low severity attacks are detected.

WhiteHat Sentinel scanner report requirements

To allow (Undefined variable: FortiWebVariables.FortiWeb) to generate rules using a WhiteHat Sentinel scanner report, ensure that the parameters “display_vulnerabilities” and “display_description” are enabled when you run the scan.

You can upload a WhiteHat Sentinel scanner report using either a report file you have downloaded manually or directly import the file from the WhiteHat portal using the RESTful API. Importing a scanner file from the WhiteHat portal requires the API key and application name that WhiteHat provides.

To retrieve the WhiteHat API key and application name
  1. Go to the following location and log in:
  2. https://source.whitehatsec.com/summary.html#dashboard

  3. In the top right corner, click My Profile.
  4. Click View My API Key and enter your password.
  5. Your API key is displayed. For example:

  6. To view the application name, navigate to the Assets tab. The application name is the NAME value. For example:

Telefónica FAAST scanner report requirements

You can upload a Telefónica FAAST scanner report using either a report file you have downloaded manually or directly import the file from the Telefónica FAAST portal using the RESTful API. Importing a scanner file from the Telefónica FAAST portal requires the API key that Telefónica FAAST provides. One Telefónica FAAST scanner account can apply for an API key.

To apply for a Telefónica FAAST API key
  1. Go to the following location and log in:
  2. https://cybersecurity.telefonica.com/vulnerabilities/es/api_docs

  3. In the session : Authentication page, please select POST > api/session for the method, and fill in the blanks for username and password. Then click Try it out.
  4. The API key will be gave in the Response Body if the username and password are authorized.

HP WebInspect scanner report requirements

To generate rules from HP WebInspect, when you export the report, for the Details option, select either Full or Vulnerabilities.