SABB has no asset/CMDB like Atrium. They want the Nexpose connector to create Asset/Asset-Class GRC library from the vulnerability information itself.
- Creating asset from Nexpose feed through ETL and business criticality to be governed by fields like zone, host name etc
- Also Issues at times should be created at asset – Level1 or Asset class level. For example, desktop as an asset class should be used to create one single issue for an identified vulnerability instead of creating issue for all the actual desktops.
The connector mapping fields vary from customer to customer. With SABB it is Nexpose connector and the mapping fields are hostname and zone to be used to create both asset and vulnerability