WhiteHat Sentinel/Source Connectors

The WhiteHat application security tools combine automation, artificial intelligence technology, and human intelligence to deliver application security at scale. WhiteHat offers a number of products including DAST, SAST, and SCA scanning tools.

Application Security Module users can use the WhiteHat Sentinel or Source Connectors to import your application scan information from the two products into Cisco Vulnerability Management to assist you in reducing risk across your applications.

Prerequisites

  • You must have API access to WhiteHat

  • You must be a Cisco Vulnerability Management administrator

Configuring your WhiteHat Connector in Cisco Vulnerability Management

1. In the Cisco Vulnerability Management UI, click Connectors.

2. Click Add Connector.

3. Do one of the following:
* If you are using Sentinel, in the Dynamic Assessment section, click WhiteHat Sentinel.
* If you are using Source, in the Static Analysis section, click WhiteHat Source.

WhiteHat-Sentinel.png

WhiteHat-Sentinel-2.png

4. On the Sentinel or Source page, enter the following information:

  • Name: Enter a name for the connector, or leave it as Sentinel or Source.
  • API Key: Enter your WhiteHat API Key.

Help: To retrieve the API Key, log in to your WhiteHat account, navigate to your profile page, and you will see a link for the API key. The screen shot below shows the pop-up message you will see when displaying your API key.

WhiteHat_Sentinel_and_Risk_Meter_2_0_Customer_Notification.png

  • Schedule Select the frequency that you’d like your Connector to run. ( recommends mirroring the cadence of your Scans).
  • Asset Inactivity Limit: Enter a time in days for the connector level asset inactivity limit. For more information, refer to Setting Asset Inactivity Limits.

5. Click Save and Verify.

What WhiteHat Sentinel items are synchronized with Cisco Vulnerability Management items?

WhiteHat Field

Cisco Vulnerability Management Field

Notes

Sentinel - site_name

Source - Application > label

Application identifier

Search for Application identifier in Cisco Vulnerability Management by using the custom query box and typing application:""

Source - Location

File

 

Sentinel - url

URL

 

class

External ID

 

node: status (is_open?)

Finding Status

Vulnerability status is Open or Closed. We do not map False Positives or Triage States. Open vulnerabilities are reported in application scan reports. Closed vulns are no longer present in these reports and Cisco Vulnerability Management will autoclose the vulnerability.

last_fixed_on

Closed At

 

Sentinel: name
Source: identifier(name)

Vulnerability Name

 

severity

scanner_score

 0-20

CWEMappings > name → cross referenced to CWEs

CWE

 

Sentinel:
[Custom Description + default description]

Source:
[description + diagnosis]




Description

 

Sentinel: [custom solution + solution]

Source: solution



Solution

 

found

Found On

 

last_found_on

Last Seen

 

Tags
Site ID
Labels
Asset Owner Name
Custom Asset IDs

 

Tags

 

These items are turned into Tags in Cisco Vulnerability Management

Which WhiteHat Sentinel Items Does Cisco Vulnerability Management Import?

Cisco Vulnerability Management imports all of the applications associated with the user leveraged for the connector. We pull:

  • Applications

  • Assets

  • Findings/Vulnerabilities

    • Descriptions & Custom Descriptions (Sentinel)

    • Solutions & Custom Solutions (Sentinel)

    • Diagnosis and Solution (Source)

  • Tags

  • Associated Dates

What API Calls Are Involved?

  • https://sentinel.whitehatsec.com/api

    • source_vulns, vulns

    • assets

    • sites

What WhiteHat Items Are Turned into Cisco Vulnerability Management Tags?

  • Tags

  • Site ID

  • Labels

  • Asset Owner Name

  • Custom Asset IDs

Optional Settings

The following settings can be enabled for both WhiteHat Connectors.
To have these settings enabled, or for more information, contact your Customer Experience (CX) Team.

Exclude Informationals

When you enable this option, Cisco Vulnerability Management will only import vulnerabilities that include a CVE, CWE, or WASC ID.

Skip Tags

This setting enables you to not create any Tags in Cisco Vulnerability Management based on the WhiteHat metadata.

Ignore Scanner Last Seen Time

Select this setting if you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.

Tag Reset

This setting assists you with keeping your scanner metadata synchronized with Cisco Vulnerability Management. Each time the connector is run, all tags in Cisco Vulnerability Management will be removed and the scanner tag metadata re-created.

If you have created any manual tags or any tags were created from metadata from other connectors, that tag information will be removed and will be refreshed once those other connectors are rerun.

Custom Ordered Locators

Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information, see the help article here.

Common Reasons for WhiteHat Connector Run Failures

  • Bad Credentials. If you enter the incorrect connector credentials during the connector setup, Cisco Vulnerability Management will not have access to the environment to make the API calls.
  • If no reports are found, Cisco Vulnerability Management will abort the Connector run, rather than fail it outright.
  • If an API call fails (no data available, or other reasons).
  • If Cisco Vulnerability Management receives data that is not in the expected format and cannot process it, the connector will fail.
  • If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector run.

Additional Assistance

Contact Support if you require any additional assistance with the WhiteHat Sentinel Connector.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.