execute scan-report import
Use this command to import a scan report . FortiADC supports scan reports from the following products:
- Acunetix
- IBM AppScan Standard
- WhiteHat
- HP WebInspect
- Qualys
- Telefonica FAAST
- ImmuniWeb
- FortiWeb
- FortiADC
By analyzing the scan results in the imported report, FortiADC automatically generates a WAF profile to prevent the reported attacks. In this command, you will required to specify the name of the generated WAF profile and the actions to be taken upon the attacks.
Syntax
execute scan-report import {ftp/tftp <filename> <ip> | restapi <key> <app>} vendor <vendor> profile <profile-name> high <action> medium <action> low <action>
ftp/tftp <filename> <ip> |
Import a scan report file by FTP or TFTP. |
restapi <key> <app>
|
REST API key. Specify it only when vendor is WhiteHat and Telefonica FAAST. It is used for retrieving a report from the WhiteHat and Telefonica FAAST portal using the REST API. |
vendor <vendor>
|
Vendor report type, including:
Some types of reports have specific requirements. For details, see WhiteHat Sentinel scanner report requirements, Telefónica FAAST scanner report requirements, and HP WebInspect scanner report requirements. |
profile <profile-name>
|
|
high <action>
|
Specify the action that FortiADC will take if High severity attacks are detected. |
medium <action>
|
Specify the action that FortiADC will take if Medium severity attacks are detected. |
low <action>
|
Specify the action that FortiADC will take if Low severity attacks are detected. |
WhiteHat Sentinel scanner report requirements
To allow (Undefined variable: FortiWebVariables.FortiWeb) to generate rules using a WhiteHat Sentinel scanner report, ensure that the parameters “display_vulnerabilities” and “display_description” are enabled when you run the scan.
You can upload a WhiteHat Sentinel scanner report using either a report file you have downloaded manually or directly import the file from the WhiteHat portal using the RESTful API. Importing a scanner file from the WhiteHat portal requires the API key and application name that WhiteHat provides.
To retrieve the WhiteHat API key and application name
- Go to the following location and log in:
- In the top right corner, click My Profile.
- Click View My API Key and enter your password.
- To view the application name, navigate to the Assets tab. The application name is the NAME value. For example:
https://source.whitehatsec.com/summary.html#dashboard
Your API key is displayed. For example:
Telefónica FAAST scanner report requirements
You can upload a Telefónica FAAST scanner report using either a report file you have downloaded manually or directly import the file from the Telefónica FAAST portal using the RESTful API. Importing a scanner file from the Telefónica FAAST portal requires the API key that Telefónica FAAST provides. One Telefónica FAAST scanner account can apply for an API key.
To apply for a Telefónica FAAST API key
- Go to the following location and log in:
- In the session : Authentication page, please select POST > api/session for the method, and fill in the blanks for username and password. Then click Try it out.
- The API key will be gave in the Response Body if the username and password are authorized.
https://cybersecurity.telefonica.com/vulnerabilities/es/api_docs
HP WebInspect scanner report requirements
To generate rules from HP WebInspect, when you export the report, for the Details option, select either Full or Vulnerabilities.