1 of 1

Nmap (Assets)

PlexTrac supports importing asset information into the Clients module from Nmap in XML. Nmap, short for "Network Mapper," is an open-source network scanning tool that allows network administrators and security professionals to discover devices on a network, identify open ports and services, gather information about those services, perform OS fingerprinting, and automate tasks using custom scripts.

Field Mappings

All <host/> elements with a child <status/> containing the state="up" property will be parsed as an asset. If a field is not listed, then PlexTrac does not currently import.

Hostname: Derived from the inner <hostname name="host"/> element’s name property. <hostnames> <hostname name="<hostname>"/> </hostnames>

If no hostname is found from the elements above, the hostname is derived from the IP Address address addr element’s value.

IP Address (for hostname): <address addr="<hostname>"/>. This is also added to the Known IPs field on the asset.
Description: Defaults to "This asset was originally discovered via Nmap import."

Ports

All Ports data comes from the following element: <ports> <port protocol="${port protocol}" portid="${port number}"> <state="open"/> </port> </ports>

If a <port/> element does not have a <state="open"/> child element, it will not get imported with the rest of the asset’s ports.

Port number: <port portid="PORT NUMBER" .../>
Port protocol: <port protocol="PORT PROTOCOL" .../>
Port service: The service information for a Port can be found inside the parent <ports/> element <service name="" product="" version="" extrainfo="" /> The Port service name and Port version derive from a combination of product, version and extrainfo from the <service/> element.

Vulnerable Parameters

Vulnerable parameters are similar to ports and derived from the parent <ports/> element within the <script/> element.

Each <table/> element inside another <table/> element will be parsed as a vulnerable parameter.

For each of these vulnerable parameters, there will be multiple <elem /> elements containing the details for each parameter.

If the <elem .../> has the property key="id", this value will be added to the CVE information of the corresponding finding.

If the <elem .../> has the property key="cvss", this value will be added to the CVSS information of the corresponding finding and used to help set the severity.

Nmap (Assets)

Field Mappings

All <host/> elements with a child <status/> containing the state="up" property will be parsed as an asset. If a field is not listed, then PlexTrac does not currently import.

Hostname: Derived from the inner <hostname name="host"/> element’s name property. <hostnames> <hostname name="<hostname>"/> </hostnames>

If no hostname is found from the elements above, the hostname is derived from the IP Address address addr element’s value.

IP Address (for hostname): <address addr="<hostname>"/>. This is also added to the Known IPs field on the asset.
Description: Defaults to "This asset was originally discovered via Nmap import."

Ports

All Ports data comes from the following element: <ports> <port protocol="${port protocol}" portid="${port number}"> <state="open"/> </port> </ports>

If a <port/> element does not have a <state="open"/> child element, it will not get imported with the rest of the asset’s ports.

Port number: <port portid="PORT NUMBER" .../>
Port protocol: <port protocol="PORT PROTOCOL" .../>
Port service: The service information for a Port can be found inside the parent <ports/> element <service name="" product="" version="" extrainfo="" /> The Port service name and Port version derive from a combination of product, version and extrainfo from the <service/> element.

Vulnerable Parameters

Vulnerable parameters are similar to ports and derived from the parent <ports/> element within the <script/> element.

Each <table/> element inside another <table/> element will be parsed as a vulnerable parameter.

For each of these vulnerable parameters, there will be multiple <elem /> elements containing the details for each parameter.

If the <elem .../> has the property key="id", this value will be added to the CVE information of the corresponding finding.

If the <elem .../> has the property key="cvss", this value will be added to the CVSS information of the corresponding finding and used to help set the severity.