BugCrowd Connector

Bugcrowd is a crowdsourced security platform, and is used by organizations for 24/7 Bug Bounty programs and white-hat Vulnerability Disclosure.


To import your internal BugCrowd findings to Cisco Vulnerability Management, please use the Cisco Vulnerability Management Security BugCrowd Connector.

User Prerequisites/Connector Setup:

  • The BugCrowd Connector does not need a Kenna Virtual Tunnel or Kenna Agent.

  • The User must have API Access to the BugCrowd API.

  • The User must have access to the items you wish to import to Cisco Vulnerability Management.

Configuring your Connector in Cisco Vulnerability Management

To set up the Connector, navigate to the Connectors tab in your Cisco Vulnerability Management deployment (you must be a Cisco Vulnerability Management Administrator to do so). On the Connectors page, select the Bugcrowd connector at the top of the page under the “Bug Bounties” section.

BugCrowd1.png

 

Once you select the Bugcrowd connector the following screen will appear:

 

BugCrowd2.png

  • Enter a name for the connector, or leave it as “Bugcrowd."

  • Enter the Username and Password for the user account with the API key and access you need.

  • Schedule the connector and select the run frequency.

  • Click "Save and Verify."

  • If you’d like to set a connector level asset inactivity limit, you can do that at this time. For Bug Bounty connectors we recommend a longer Asset Inactivity Limit, as these items are ingested / seen less often than a typical VM/AppSec vulnerability.

 

What Bugcrowd Items does Cisco Vulnerability Management Import and what API Calls are involved?

Cisco Vulnerability Management will import all of the findings associated with the user account leveraged. We will pull all of the recognized Submissions from BugCrowd.

 

Fields in BugCrowd

Fields in Cisco Vulnerability Management

Notes

target_name*

Application identifier

Search for application_identifer in Cisco Vulnerability Management by using the custom query box and typing application:""

submissions > Bug_url

URL

Search for url in Cisco Vulnerability Management by using the custom query box and typing url:""

state (is_open)

Vulnerability Status

 

reference_number

scanner_id

 

priority

scanner_score

1-5

vrt_lineage

unique_identifier on the vulnerability page

 

Description

Description

 

Extra Information

Details

 

remediation_advice + vulnerability_references

Diagnosis in Fixes / or scanner_vulnerability in vulnerability

 

 

*Important: Target Name may appear as “Unset BugCrowd Target”

 

The Connector does not pull in the following:

  • Amount Paid

  • Comments

  • Custom Fields
  • Unfamiliar vrt_records that cannot be logically mapped

    • This information will not fail the connector, but this record will not be included in the successful run.

The API endpoints we leverage are:

  •  https://api.bugcrowd.com

  • /submissions/#{bounty_uuid}

  • /bounties/#{bounty_uuid}/submissions

  • Please note we are currently using the v3 API for BugCrowd at this time.

Optional Settings

The following settings can be enabled on the backend for Bugcrowd Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.

  • Exclude Informationals

    • When this option is enabled, Cisco Vulnerability Management will not import vulnerabilities that do not include a CVE, CWE, or WASC ID.

  • Ignore Scanner Last Seen Time

    • This can be enabled for customers who do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.

  • Custom Ordered Locators

    • Locators (IP, Netbios, FQDN, etc) can be reordered to better deduplicate vulnerabilities on the connector level or the entire Platform level. For more information see the help article here.

Common Reasons for BugCrowd Connector Run Failures

  • Bad credentials

  • No reports are found, Cisco Vulnerability Management will abort

  • Failed API calls

  • Inability to process unexpected data/format

  • If more than 1% of connector payloads fail, Cisco Vulnerability Management will auto-fail the Connector Run.

Additional Assistance:

Please contact Support should you require any additional assistance with the Bugcrowd Connector(s).

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.