Netsparker Connector - XML File Connector

 

Netsparker is a web vulnerability management solution that focuses on scalability, automation, and integration. Netsparker operates within the Dynamic Application Security Testing (DAST) side of Application Security.

To import your data from Netsparker to the Kenna.AppSec module, you will need to leverage the Netsparker Connector under the “Dynamic Assessment” tools.

User Prerequisites/Connector Setup:

Given that Cisco Vulnerability Management's Netsparker Connector is a File-Based Connector, the only pre-requisite is that you have access to export data from your NetSparker Deployment in XML format.

Configuring your Netsparker Connector in Cisco Vulnerability Management

Navigate to the Connectors tab in your Cisco Vulnerability Management deployment (you must be a Cisco Vulnerability Management Administrator to do so) and under “Dynamic Assessment” select Netsparker.

 

Netsparker1.png

Once you select the Netsparker icon, you will be greeted with the following screen:

 

Netsparker2.png

 

  • Name: Enter a name for the connector, or leave it as "Netsparker".

  • Leave the Kenna Virtual Tunnel checkbox blank as this is a file-based connector.
  • Asset Inactivity Limit (days): Use this if you wish to set an inactivity limit for assets ingested by this connector.
    • Connector-level asset inactivity limits take precedence over the global inactivity limit. If you do not set an Asset Inactivity Limit, the Global Limit will apply to data ingested by this connector. See Setting Asset Inactivity Limits
    • We recommend an asset inactivity limit of 2-3x the scan cadence of your Netsparker Scans if you plan to upload regularly.
  • Save and verify.

To Run the Connector, upload the Netsparker file on your local machine to the Connector (Or Drag & Drop). The connector will start processing data and a loading bar will appear.

 

What Netsparker Items does Cisco Vulnerability Management Import?

Fields in NetSparker

Fields in Cisco Vulnerability Management

Note

parse the domain from the target > URL

Application Identifier

Search for application_identifer in Cisco Vulnerability Management by using the custom query box and typing application:""

url

URL

 

--

vulnerability Status

 We do not map false positives. Since the XML report is structured in a way to only report open vulns, if a vulnerability was reported previously that is no longer reported, the platform will autoclose the “missing” vulnerability.

 

scanner_score

Information - 0
Low - 3

Medium - 6

High - 9

Critical - 10

(0-10)

Name

Type → (Vulnerability Title)

 

raw_cwe_number

CWE

 

raw_wasc_number

WASC ID (if present)

 

raw_confirmed

Confirmed?

 

--

Date Formatting

We format differently for American Datetimes (%m/%d/%Y %H:%M:%S) and European Datetimes (%d.%m.%Y %H:%M:%S)

[parameter_details + request_details + response_details + remedy_details]

Description

 

remedy_details

Solution

 

--

Tags

 There are no Tags in the XML export, and as a result we don’t import any tags.

 

Optional Settings

The following settings can be enabled on the backend for Netsparker Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.

  • Exclude Informationals

    • When this option is enabled, Cisco Vulnerability Management will not import vulnerabilities that do not include a CVE, CWE, or WASC ID.

  • Ignore Scanner Last Seen Time

    • If you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.

  • Custom Ordered Locators

    • Locators (IP, Netbios, FQDN, etc) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information see the help article here.

Additional Assistance:

Please contact Support should you require any additional assistance with the Netsparker Connector.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.