WhiteHat Sentinel/Source Connectors

The WhiteHat application security tools combine automation, artificial intelligence technology, and human intelligence to deliver application security at scale. WhiteHat offers a number of products including DAST, SAST, and SCA scanning tools.

Kenna.AppSec users can use the WhiteHat Sentinel or Source Connectors to import your application scan information from the two products into Cisco Vulnerability Management to assist you in reducing risk across your applications.

User Prerequisites/Connector Setup:

Given that WhiteHat is deployed in the cloud, the connector has the following requirements:

  • Have API access to WhiteHat

  • be a Cisco Vulnerability Management Administrator to configure the connector

Configuring your WhiteHat Connector in Cisco Vulnerability Management

To import your data from WhiteHat Sentinel/Source to the Kenna.AppSec module, users can leverage the WhiteHat Sentinel Connector in the Dynamic Assessment category, or WhiteHat Source in the Static Assessment Category.

If you are using Sentinel, navigate to the Dynamic Assessment section in the Connectors tab in your Cisco Vulnerability Management deployment and select WhiteHat Sentinel or if you are using Source, navigate to the Static Assessment section and select WhiteHat Source as shown in the screenshot below.

 

lmn.png

After you select the Connector, on the new screen that displays, complete the following fields:

  • Enter a name for the connector or you can leave the default name - Sentinel or Source, if you wish.

  • Enter your WhiteHat API Key

  • Since WhiteHat has a standard location for data retrieval, there is no need to enter any custom URL or host information to access your scans.

  • Select the frequency that you want to run your WhiteHat Connector

Tip: It is recommended you run the connector in conjunction with how often you run the WhiteHat scan(s).

  • If you would like to set a connector-level asset inactivity limit, you can do that at this time, or later. Refer to Setting Asset Inactivity Limits for more information.

Help: To retrieve the API Key, login to your WhiteHat account and navigate to your profile page and you will see a link for the API key.  The screenshot below shows the popup message you will see when displaying your API key.

WhiteHat_Sentinel_and_Risk_Meter_2_0_Customer_Notification.png

What WhiteHat Sentinel items are synced with Cisco Vulnerability Management items?

WhiteHat Field

Cisco Vulnerability Management Field

Notes

Sentinel - site_name

Source - Application > label

Application identifier

Search for Application identifier in Cisco Vulnerability Management by using the custom query box and typing application:""

Source - Location

File

 

Sentinel - url

URL

 

class

External ID

 

node: status (is_open?)

Finding Status

 Vulnerability status is Open or Closed. We do not map False Positives or Triage States. Open vulnerabilities are reported in application scan reports. Closed vulns are no longer present in these reports and Cisco Vulnerability Management will autoclose the vulnerability.

last_fixed_on

Closed At

 

Sentinel: name
Source: identifier(name)

Vulnerability Name

 

severity

scanner_score

 0-20

CWEMappings > name → cross referenced to CWEs

CWE

 

Sentinel:
[Custom Description + default description]

Source:
[description + diagnosis]




Description

 

Sentinel: [custom solution + solution]

Source: solution



Solution

 

found

Found On

 

last_found_on

Last Seen

 

Tags
Site ID
Labels
Asset Owner Name
Custom Asset IDs

 

Tags

 

These items are turned into Tags in Cisco Vulnerability Management

 

Which WhiteHat Sentinel Items Does Cisco Vulnerability Management Import?

Cisco Vulnerability Management imports all of the applications associated with the user leveraged for the connector. We pull:

  • Applications

  • Assets

  • Findings/Vulnerabilities

    • Descriptions & Custom Descriptions (Sentinel)

    • Solutions & Custom Solutions (Sentinel)

    • Diagnosis and Solution (Source)

  • Tags

  • Associated Dates

What API Calls Are Involved?

  • https://sentinel.whitehatsec.com/api

    • source_vulns, vulns

    • assets

    • sites

What WhiteHat Items Are Turned into Cisco Vulnerability Management Tags?

  • Tags

  • Site ID

  • Labels

  • Asset Owner Name

  • Custom Asset IDs

Optional Settings

The following settings can be enabled on the back end for both WhiteHat Connectors.

Important: To have these settings enabled, or for more information, contact your Customer Experience (CX) Team.

  • Exclude Informationals

    • When this option is enabled, Cisco Vulnerability Management does not import vulnerabilities that do not include a CVE, CWE, or WASC ID.

  • Skip Tags

    • This setting allows you to NOT create any tags within Cisco Vulnerability Management based on the WhiteHat metadata.

  • Ignore Scanner Last Seen Time

    • If you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.

  • Tag Reset

    • This setting assists in keeping your WhiteHat metadata in sync with Cisco Vulnerability Management. Each time the connector is run, ALL tags within Cisco Vulnerability Management are removed and the WhiteHat tag metadata is re-created.

    • If you have created any manual tags OR any tags were created off of metadata from other connectors, that tag info is removed and is refreshed once those other connectors are rerun.

  • Custom Ordered Locators

    • Locators (IP, Netbios, FQDN, etc) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information, refer to this help article.

Common Reasons for WhiteHat Connector Run Failures

  • Bad credentials
  • No reports are found, Cisco Vulnerability Management will abort
  • Failed API calls
  • Inability to process unexpected data/format
  • If more than 1% of connector payloads fail, Cisco Vulnerability Management will auto-fail the Connector Run.

Additional Assistance:

Please contact Support should you require any additional assistance with the WhiteHat Sentinel Connector.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.