What are Scanner Events?
If you have a supported scanner in your TLC environment (i.e., a Tripwire VnE Manager, a Nessus vulnerability scanner, or an Nmap security scanner), you can collect the scanner's data for use by TLC.
With any scanner, you can manually export data to a file(s), and then import the file to an Event Database. To export scanner data, see:
Configuring an Nmap Security Scanner
Configuring a Tripwire VnE Manager
Configuring a Tenable Nessus Vulnerability Scanner
To import scanner data, see Importing Scanner Data to an Event Database.
You can also automate this process by defining a schedule for the collection of data from a scanner Asset (see Configuring a Monitored Asset with a File Collector).
When an event is imported from a scanner file to an Event Database, TLC:
1. | Creates a Scanner Event in the database. |
2. | Performs an NSLookup to identify the system on which the event occurred (i.e. the Host). |
Note |
A Vulnerability Event is an event imported from a vulnerability scanner, such as Nessus or Tripwire VnE Manager. |
---|
In the TLC Console, you can then:
1. | Review Scanner Events and Hosts in the Event-Database Viewer (see Working with the Event-Database Viewer). |
2. | Assign Scanner Events and Hosts to Event Tickets (see Working with Event Tickets). |