Import Data
Hawkra can import scan results from popular security tools, automatically creating assets, ports, and vulnerabilities in your workspace. This eliminates the need to manually enter findings from your scans and ensures that your workspace stays synchronized with your actual assessment data.
Supported Formats
| Format | File Extension | Available To |
|---|---|---|
| Nmap XML | .xml | All tiers |
| Burp Suite XML | .xml | All tiers |
| BloodHound JSON | .json | All tiers |
| Nessus | .nessus | Premium / Self-Hosted |
| OpenVAS | .xml | Premium / Self-Hosted |
| OWASP ZAP | .xml | Premium / Self-Hosted |
Nmap, Burp Suite, and BloodHound imports are available on all tiers. Nessus, OpenVAS, and OWASP ZAP imports require a Premium subscription or a Self-Hosted deployment. Attempting to import a restricted format on a lower tier returns an error message indicating that a Premium subscription is required.
How It Works
Imports are processed as background jobs. When you submit an import, Hawkra creates a job record, queues it to a Redis job queue, and a background worker picks it up for processing. This means you can continue working in the platform while your import runs. The import job tracks its progress and provides detailed results when complete.
Each import is scoped to a specific network within a workspace. The assets, ports, and vulnerabilities created by the import are associated with that network.
Import Workflow
- Upload the scan file -- First, upload your scan output file using the Files feature. This stores the file in encrypted workspace storage.
- Create the import -- Navigate to the network where you want the data imported and select Import Data. Choose the uploaded file and the import format.
- Configure options -- Optionally enable host filtering (e.g., ignore hosts without open ports).
- Submit -- The import job is created with a Pending status and queued for background processing.
- Monitor progress -- The import transitions through statuses as it is processed:
- Pending -- queued, waiting for a worker
- Processing -- actively being parsed and imported
- Completed -- finished successfully with result statistics
- Failed -- an error occurred (error message is provided)
Key Actions
Starting an Import
- Ensure your scan file has been uploaded to the workspace (see Files & Notes).
- Navigate to the target network within your workspace.
- Click Import Data.
- Select the uploaded file from the file picker.
- Choose the correct import format from the dropdown.
- Optionally check Ignore hosts without open ports to skip hosts that have no port data.
- Click Import to submit the job.
The system returns the import job with a status of Pending and a 202 Accepted response. The job will be processed in the background.
Starting an import requires the EditAssets permission and an active workspace subscription.
Host Filtering
When the Ignore hosts without open ports option is enabled, the import parser skips any hosts that do not have associated port data. This is useful for Nmap scans that discover many hosts via ping sweep but only have detailed port information for a subset of them.
Viewing Import History
Navigate to the Imports section of your workspace to see a list of all import jobs. Each entry shows:
- Import Type -- the format that was imported (Nmap, Burp, etc.)
- Status -- Pending, Processing, Completed, or Failed
- Created Date -- when the import was submitted
- Start / Completion Time -- when processing began and ended
Viewing Import Results
Click on a completed import to see detailed statistics:
| Metric | Description |
|---|---|
| Assets Created | Number of new assets added to the workspace. |
| Assets Updated | Number of existing assets that were updated with new data. |
| Assets Skipped | Number of assets that were skipped (e.g., due to host filtering). |
| Ports Created | Number of new ports discovered and recorded. |
| Ports Updated | Number of existing ports updated with new information. |
| Vulnerabilities Created | Number of new vulnerabilities added. |
| Vulnerabilities Skipped | Number of duplicate or existing vulnerabilities that were skipped. |
| Vulnerability Links Created | Number of new associations between vulnerabilities and assets. |
Failed Imports
If an import fails, the job status is set to Failed and an error message is provided describing what went wrong. Common causes include:
- Malformed or corrupt scan files
- Unsupported file format for the selected import type
- Missing required data in the scan file
Review the error message, fix the source file if needed, and submit a new import.
Quota Enforcement
Import jobs respect the workspace and tier quotas. If processing an import would exceed your asset or vulnerability limits, the excess items may be skipped. Check your tier limits and current usage before running large imports.
Tips & Notes
- Always verify that you are selecting the correct import format for your file. For example, both Nmap and OpenVAS produce
.xmlfiles, but they have different structures. - Use the Ignore hosts without open ports option to reduce noise in network reconnaissance imports.
- Large scan files may take longer to process. The background processing model means you do not need to keep the browser open.
- Import results give you a clear count of what was created, updated, and skipped. Use this to verify that your import captured everything you expected.
- You can run multiple imports into the same network to build up a comprehensive picture from different tools and scan passes.
- Each import is logged in the workspace audit trail for traceability.