Netsparker is a web vulnerability management solution that focuses on scalability, automation, and integration. Netsparker operates within the Dynamic Application Security Testing (DAST) side of Application Security.
To import your data from Netsparker to the Application Security Module, you will need to use the Netsparker Connector under the Dynamic Assessment section of the Cisco Vulnerability Management UI.
Prerequisites
- You must have access to export data from your NetSparker Deployment in XML format.
- You must be a Cisco Vulnerability Management Administrator
Configuring your Netsparker Connector in Cisco Vulnerability Management
1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. In the Dynamic Assessment section, click Netsparker.
On the Netsparker page, enter the following information:
-
Name: Enter a name for the connector, or leave it as "Netsparker".
-
Asset Inactivity Limit (days): enter a time in days for the connector level asset inactivity limit.
Cisco recommends 2-3 times the scan cadence of your connector scans.- Connector-level asset inactivity limits take precedence over the global inactivity limit. If you do not set an Asset Inactivity Limit, the Global Limit will apply to data ingested by this connector. See Setting Asset Inactivity Limits.
5. Click Save.
To run the Connector, upload the Netsparker file on your local machine to the Connector (or drag-and-drop the file). The connector will start processing data and a loading bar will appear.
What Netsparker Items does Cisco Vulnerability Management Import?
|
Fields in NetSparker |
Fields in Cisco Vulnerability Management |
Note |
|
parse the domain from the target > URL |
Application Identifier |
Search for application_identifer in Cisco Vulnerability Management by using the custom query box and typing application:"" |
|
url |
URL |
|
|
-- |
vulnerability Status |
We do not map false positives. Since the XML report is structured in a way to only report open vulns, if a vulnerability was reported previously that is no longer reported, the platform will autoclose the “missing” vulnerability. |
|
|
scanner_score |
Information - 0 Medium - 6 High - 9 Critical - 10 (0-10) |
|
Name |
Type → (Vulnerability Title) |
|
|
raw_cwe_number |
CWE |
|
|
raw_wasc_number |
WASC ID (if present) |
|
|
raw_confirmed |
Confirmed? |
|
|
-- |
Date Formatting |
We format differently for American Datetimes ( |
|
[parameter_details + request_details + response_details + remedy_details] |
Description |
|
|
remedy_details |
Solution |
|
|
-- |
Tags |
There are no Tags in the XML export, and as a result we don’t import any tags. |
Optional Settings
The following settings can be enabled on the backend for Netsparker Connectors. To have these settings enabled, or for more information, contact Cisco Support, or your Customer Success Engineer.
Exclude Informationals
When you enable this option, Cisco Vulnerability Management will only import vulnerabilities that include a CVE, CWE, or WASC ID.
Ignore Scanner Last Seen Time
Select this setting if you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.
Custom Ordered Locators
Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information, see the help article here.
Additional Assistance
Contact Cisco Support if you require any additional assistance with the Netsparker Connector.
Comments
Please sign in to leave a comment.