BugCrowd is a crowdsourced security platform that organizations use for 24/7 Bug Bounty programs and white-hat Vulnerability Disclosure.
To import your internal BugCrowd findings to Cisco Vulnerability Management, use the Cisco Vulnerability Management Security BugCrowd Connector.
Prerequisites
- The BugCrowd Connector does not need a Virtual Tunnel or Agent.
- The user must have API Access to the BugCrowd API.
- The user must have access to the items you want to import to Cisco Vulnerability Management.
- You must be a Cisco Vulnerability Management administrator.
Configuring your Connector in Cisco Vulnerability Management
1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. In the Bug Bounties section, click BugCrowd.
4. On the Bugcrowd screen, enter the following information:
-
Name: Enter a name for the connector, or leave it as “Bugcrowd."
-
Enter the Username and Password for the user account with the API key and access you need.
- As of November 2021, Bugcrowd requires the use of a 'Legacy' API token to access v3. For more information, see New token deprecation warning for the legacy (v3) API
- To ensure Cisco Vulnerability Management has continued access to this data, choose "Legacy" type when generating your token. For more information, see: https://docs.bugcrowd.com/api/getting-started/
-
Schedule: Select the frequency that you’d like your Connector to run.
- Asset Inactivity Limit: Enter a time in days for the connector level asset inactivity limit. For BugCrowd connectors, Cisco recommends using a longer Asset Inactivity Limit because these items are ingested less often than a typical Vulnerability Management vulnerability or Application Security Module finding.
5. Click Save and Verify.
What Bugcrowd Items does Cisco Vulnerability Management Import and what API Calls are involved?
Cisco Vulnerability Management will import all of the findings associated with the user account that you are using. Cisco Vulnerability Management will import all of the recognized Submissions from BugCrowd.
Fields in BugCrowd |
Fields in Cisco Vulnerability Management |
Notes |
target_name* |
Application identifier |
Search for application_identifer in Cisco Vulnerability Management by using the custom query box and typing application:"" |
submissions > Bug_url |
URL |
Search for url in Cisco Vulnerability Management by using the custom query box and typing url:"" |
state (is_open) |
Vulnerability Status |
|
reference_number |
scanner_id |
|
priority |
scanner_score |
1-5 |
vrt_lineage |
unique_identifier on the vulnerability page |
|
Description |
Description |
|
Extra Information |
Details |
|
remediation_advice + vulnerability_references |
Diagnosis in Fixes / or scanner_vulnerability in vulnerability |
|
*Important: Target Name may appear as “Unset BugCrowd Target”
The Connector does not import the following:
-
Amount Paid
-
Comments
- Custom Fields
-
Unfamiliar vrt_records that cannot be logically mapped
-
This information will not fail the connector, but this record will not be included in the successful run.
-
The API endpoints that Cisco Vulnerability Management uses are:
-
https://api.bugcrowd.com
-
…/submissions/#{bounty_uuid}
-
/bounties/#{bounty_uuid}/submissions
Note: Cisco is currently using the v3 API for BugCrowd at this time.
Optional Settings
The following settings can be enabled on the backend for Bugcrowd Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.
Exclude Informationals
When you enable this option, Cisco Vulnerability Management will only import vulnerabilities that include a CVE, CWE, or WASC ID.
Ignore Scanner Last Seen Time
Select this setting if you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.
Custom Ordered Locators
Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information, see the help article here.
Common Reasons for BugCrowd Connector Run Failures
-
Bad credentials
-
No reports are found, Cisco Vulnerability Management will abort
-
Failed API calls
-
Inability to process unexpected data/format
-
If more than 1% of connector payloads fail, Cisco Vulnerability Management will auto-fail the Connector Run.
Additional Assistance
Contact Support if you require any additional assistance with the Bugcrowd Connector.
Comments
Please sign in to leave a comment.