You can import results from other vendors to manage them with Prism Platform.
Prism supports the following formats:
- Tenable IO (WAS)
- Rapid 7
Follow the steps below to import third party results.
Step 1: Create a project. Select ‘Projects’ from the navigation menu and click ‘+ New project’ in the top right-hand corner.
Step 2: Enter details for the Project. Both ‘name’ and ‘job number’ are required fields (job number can be in any format and can include characters).
At the moment, you can import results for the two different services supported by the platform: Penetration Testing and Managed Vulnerability Scanning.
Step 3: Once the Project is set up, you need to add Phases to it (or ‘scans’ if Managed Vulnerability Scanning is the service type). To do this, click ‘Add phase’. You can also edit your Project’s details from this page.
Step 4: Enter the details for your Phase and click ‘Save’. ‘Phase name’ is the only required field.
Once you have created a phase, it will appear under ‘Phase details’. Here, you can click ‘Edit’ to change its details.
Step 5: The next step is to import your results. To do this, navigate to your newly created Phase, which can be found under the ‘Phase details’ section of your Project or under ‘Results’ on the navigation bar.
Step 6: Click the ‘Actions’ dropdown menu in the top right-hand corner and select ‘Import’.
Step 7: Click ‘Import Files’ and select your desired file type. The issues will then be entered into the table.
You can click the ‘three-dots’ button on the right-hand side of each issue in the table to preview an issue before importing it.
Step 8: Use the checkboxes on the left-hand side of each issue to select which issues to import. You can select all issues by checking the box at the top of the list. Click ‘Save import’ to import the selected issues into the Phase.
Then, the import will begin. This could take several minutes; you will receive an email notification once the import is complete.
The issues will then show within your Phase. If they don’t show, you may need to refresh the page.
When your issues are first imported into Prism, they are in a Draft state. This is to provide you with a final opportunity to check and verify the details. Once you are happy with the details, you will need to publish the results. This can be done by performing the following:
Step 9: Select all issues, or the individual issues, you would like to publish. Click ‘Actions’, then ‘Change Details’.
Step 10: Select ‘Published’, in order for Prism to recognise these as open issues, and then click ‘Change Details’.
Step 11: Return to your Project view, click ‘Edit’ and change the Phase Status to ‘Delivered’.
How to Prepare Your Spreadsheet for Import
The following column headings are accepted by Prism. The minimum required fields are ‘risk rating’, ‘name’, and ‘affected hosts’.
- Affected hosts
- Technical details
- OWASP ID
- CVSS Vector
The headings do not need to be exact; for example, capitalisation does not matter and underscores can be used interchangeably (such as ‘risk_rating’ or ‘risk rating’). The order of the headings also does not matter.
The following risk ratings are considered valid:
Any additional headings can be left in, as Prism will ignore them.