What are Scanner Events?

If you have a supported scanner in your TLC environment (i.e., a Tripwire VnE Manager, a Nessus vulnerability scanner, or an Nmap security scanner), you can collect the scanner's data for use by TLC.

With any scanner, you can manually export data to a file(s), and then import the file to an Event Database. To export scanner data, see:

Configuring an Nmap Security Scanner

Configuring a Tripwire VnE Manager

Configuring a Tenable Nessus Vulnerability Scanner

To import scanner data, see Importing Scanner Data to an Event Database.

You can also automate this process by defining a schedule for the collection of data from a scanner Asset (see Configuring a Monitored Asset with a File Collector).

When an event is imported from a scanner file to an Event Database, TLC:

1. Creates a Scanner Event in the database.
2. Performs an NSLookup to identify the system on which the event occurred (i.e. the Host).

Note 

A Vulnerability Event is an event imported from a vulnerability scanner, such as Nessus or Tripwire VnE Manager.

In the TLC Console, you can then:

1. Review Scanner Events and Hosts in the Event-Database Viewer (see Working with the Event-Database Viewer).
2. Assign Scanner Events and Hosts to Event Tickets (see Working with Event Tickets).