HCL AppScan Enterprise Connector (API)

October 18, 2021 18:27

HCL AppScan, previously known as IBM AppScan, is a family of desktop and web security testing and monitoring tools formerly from the Rational Software division of IBM. In July 2019, the product was acquired by HCL Technologies and currently slated under HCL Software, a product development division of HCL Technologies.

AppScan Enterprise: Large-scale, multi-user, multi-app dynamic application security to identify, understand, and remediate vulnerabilities, and achieve regulatory compliance.

To import your data from HCL AppScan Enterprise to the Kenna.AppSec module, you will need to leverage the HCL AppScan Enterprise Connector under the Dynamic Assessment tools.

Important: There are two different AppScan Connectors: the AppScan Connector (XML) and the AppScan Enterprise Connector (API). They do not support the same tools. The AppScan Connector (XML) supports data from AppScan Standard and ASoC. The HCL AppScan Enterprise Connector supports HCL AppScan Enterprise. Please use the HCL AppScan Enterprise connector for your Enterprise AppScan deployment.

The Connector is a mandatory full run connector and does not support incremental runs.

What Types of AppScan Data does Kenna Support?

DAST
IAST

User Prerequisites/Connector Setup:

If your HCL AppScan Enterprise deployment is an on-premise deployment, you will need to leverage the Kenna Virtual Tunnel. The Kenna Agent does not currently support AppScan Enterprise.
The user account whose credentials are used in the setup must have access to the AppScan API.

Configuring your AppScan Enterprise Connector in Kenna

To set up the Connector, navigate to the Connectors tab in your Kenna deployment (you must be a Kenna Administrator to do so). On the Connectors page, select HCL AppScan Enterprise

Once you select the HCL AppScan Enterprise Connector, the following screen will appear:

Enter a name for the connector, or leave it as "AppScan Enterprise".
Enter the API ID and API Key for the account
Schedule the Connector. Select the frequency at which you’d like your Kenna Connector to run. (we recommend mirroring the cadence of your AppScan Scans).
Asset Inactivity Limit (days): Use this if you wish to set an inactivity limit for assets ingested by this connector.
- Connector-level asset inactivity limits take precedence over the global inactivity limit. If you do not set an Asset Inactivity Limit, the Global Limit will apply to data ingested by this connector. See Setting Asset Inactivity Limits.
If your AppScan Deployment is on-premise and you need to leverage the Virtual Tunnel, please select the Use Virtual Tunnel checkbox which will appear below the Asset Inactivity Limit for customers with a Virtual Tunnel already set up.
Save and Verify

What AppScan Enterprise Items does Kenna Import?

Kenna will import all of the applications associated with the user leveraged for the connector. We will pull:

AppScan Field	Kenna Field	Notes
Enterprise: N/A	Application identifier	Search for Application identifier in Kenna by using the custom query box and typing application:"*"
issue-group > url	URL
source_vulnerability.issue_type_id	Identifier
ignored=false	Vulnerability Status	Vulnerability status is Open or Closed. We do not map False Positives or Triage States. Open vulnerabilities are reported in application scan reports. Closed vulns are no longer present in these reports and Kenna will auto-close the vulnerability.
name	Vulnerability Name
severity	scanner_score	0-10 OR Informational - 0 Low - 3 Medium - 6 High - 9
cwe (id)	CWE
{Technical Description + Causes + SecurityRisks + Affected Products}	Description	These items are combined and distilled into Vulnerability Description in Kenna.
{Priority + Fix Recommendation}	Solution
issue.last_found_on	last_seen_time
found_on	Found Date
owner	Owner
{Variant + CWE + Comments + Reasoning + Test Difference}	Details	These items are combined and distilled into Vulnerability Details in Kenna.
Tags	Tags	These items are turned into Tags in Kenna

The Kenna Connector does not pull in the following:

Custom Fields

What API Calls are involved?

The API endpoints we leverage are:

standard login request
https://#{host}:#{port}/ase/api/#{endpoint}"
get applications (id)
- issues/reports/#{id}
for each ID returned, fetch the scan report
- issues/reports/securitydetails
when reports left to fetch = nil, consolidate and upload client file to Kenna
- file_name = "#{name}-#{app_id}-#{report_id}-#{connector_run.id}
then logout https://#{host}:#{port}/ase/api/logout

Optional Settings

The following settings can be enabled on the backend for AppScan Enterprise Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.

Exclude Informationals
- When this option is enabled, Kenna will not import vulnerabilities that do not include a CVE, CWE, or WASC ID.
Skip Tags
- This setting will allow you to NOT create any Tags within Kenna based on the scanner metadata.
Ignore Scanner Last Seen Time
- If you do not want the asset last seen time in Kenna to be the scanner reported last seen time.
Tag Reset
- This setting will assist in keeping your scanner metadata in sync with Kenna. Each time the connector is run, ALL tags within Kenna will be removed and the scanner tag metadata re-created.
- If you have created any manual tags OR any tags were created off of metadata from other connectors that tag info will be removed and will be refreshed once those other connectors are rerun.
Custom Ordered Locators
- Locators (IP, Netbios, FQDN, etc) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information see the help article here.

Common Reasons for AppScan Enterprise Connector Run Failures

Bad credentials
No reports are found, Kenna will abort
Failed API calls
Inability to process unexpected data/format
If more than 1% of connector payloads fail, Kenna will auto-fail the Connector Run.

Additional Assistance:

Please contact Kenna Support should you require any additional assistance with the AppScan Enteprise Connector.