Acunetix 360 is an end-to-end web security solution that offers a 360 view of an organization's security posture. It allows the enterprise to take control of the security of all its web applications, web services, and APIs, ensuring long-term protection.
To import your data from Acunetix360 to the Application Security Module module, you will need to leverage the Acunetix Connector under the Dynamic Assessment section of the Cisco Vulnerability Management UI.
The Connector is a mandatory full run connector. To start, you will need to have Acunetix scans running already. To do this, log into the Acunetix Vulnerability Scanner to start automating security tests. You’ll need to create a scan against a target. Once a scan of the target is complete, you can start pulling that asset and vulnerability data into the Cisco Vulnerability Management platform.
Prerequisites
-
If you have an on-premises deployment of Acunetix, a Virtual Tunnel is required for connection.
-
You must have access to the Acunetix API, and to the items which you would like to import.
-
You must be a Cisco Vulnerability Management Administrator.
Configuring your Connector in Cisco Vulnerability Management
1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. In the Dynamic Assessment section, click Acunetix.
4. On the Acunetix screen, enter the following information:
Name: Enter a name for the connector, or leave it as Acunetix .
API Key: Enter the API Key for the account.
Note: Your API key can be found in the profile of any Administrator user in the instance.
Host:
If your host is static, enter the IP address and the port number.
If your host is dynamic, enter the DNS and port number.
Schedule: Select the frequency that you’d like your Connector to run. (Cisco recommends mirroring the cadence of your Acunetix scans).
Asset Inactivity Limit: Enter a time in days for the connector level asset inactivity limit. Cisco recommends 2-3 times the scan cadence of your connector scans).
5. Click Save and Verify.
What Acunetix Items does Cisco Vulnerability Management Import?
Cisco Vulnerability Management will import all of the applications associated with the user leveraged for the connector.
Fields in Acunetix360 |
Fields in Cisco Vulnerability Management |
Note |
target_address |
Application Identifier |
Search for application_identifer in Cisco Vulnerability Management by using the custom query box and typing application:"*" |
|
File |
Search for file in Cisco Vulnerability Management by using the custom query box and typing file:"*" |
vulnerabilities > affects_url |
URL |
|
vt_name |
Vulnerability Name |
|
vuln_id |
Unique Vulnerability ID |
Unique ID of the vulnerability from the scanner. |
is_open |
vulnerability Status |
We do not map false positives, all vulnerabilities reported are imported in a default status of “open”. Once vulnerabilities are not reported in a subsequent scan, in which case the platform auto-closes the vuln. |
last_found_on |
Last Seen |
|
Diagnosis |
Description |
|
source > Details |
Details |
|
Recommendation |
Solution |
|
source vulnerability > cvss_score |
scanner_score |
0-10 |
~CWE |
CWE |
mapped based on identifier or manual (Code based, no human input) mapping based on data received |
The Connector does not pull in the following:
-
Custom Fields
-
Tags
Optional Settings
The following settings can be enabled for Acunetix Connectors. To have these settings enabled, or for more information, contact Cisco Support, or your Customer Success Engineer.
Exclude Informationals
When you enable this option, Cisco Vulnerability Management will only import vulnerabilities that include a CVE, CWE, or WASC ID.
Ignore Scanner Last Seen Time
Select this setting if you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.
Custom Ordered Locators
Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information, see the help article here.
Common Reasons for Acunetix Connector Run Failures
- Bad Credentials. If you enter the incorrect connector credentials during the connector setup, Cisco Vulnerability Management will not have access to the environment to make the API calls.
- If no reports are found, Cisco Vulnerability Management will abort the Connector run, rather than fail it outright.
- If an API call fails (no data available, or other reasons).
- If Cisco Vulnerability Management receives data that is not in the expected format and cannot process it, the connector will fail.
- If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector run.
Additional Assistance
Contact Support if you require any additional assistance with the Acunetix Connector.
Comments
Please sign in to leave a comment.