Skip to main content
All CollectionsS2ORGOther
Vulnerability Scans in the Assessment
Vulnerability Scans in the Assessment
Kevin avatar
Written by Kevin
Updated over 8 months ago

S2Org has the ability to ingest Nessus, Qualys, Nexpose, and Nodeware scan files in both the Internal Technical and External Technical phases.

Step-by-Step

1. In the Current Assessment, open the Internal or External phase.

2. Click the Internal/External Scan Data button. This will open a window. 

3. Choose the type of scan file you'll be uploading. If you are not uploading a scan file, choose "Disable scan requirement."

NOTE: You must choose one of the options in this window for the Assessment to be complete and generate reports.

Dialog box for choosing Internal scan file type or disabling scan requirement

4. Click on the Add icon and select which scan files to upload from your computer. 

NOTE: If uploading multiple files, the system processes them faster if you compress all files into a .ZIP file and upload.

Add files for internal scan data

5. When you are done uploading files, the system will process the files. Once done, click the "Mark As Complete" button.

Mark as complete

6. Once internal scans are complete, the enumeration detail will appear in the scan window.

Internal scan data enumeration details

External scans only are marked as "Processed."

External scan details

7. All other detail can be found in the Current Assessment > Reports tab in the Reports Per Phase section.

Edit Scan Files

To make updates to the current scan files, open the Internal/External Scan Data window and click the Edit button. 

Each file will have the following actions available:

  • Reprocess

  • Download

  • Delete

Disable Scan Files

In some cases, there may not be vulnerability scan files available for your organization. If so, simply click on the "Disable scan requirement" option in the file type window. The scanning element will not be scored for the assessment. 

Disable scan requirement

NOTE: Not choosing a scan type or disabling the scan requirement will leave the Assessment incomplete and unable to generate reports.

Did this answer your question?