AppSpider is the first next-generation web application vulnerability scanner that provides automated vulnerability assessment with unprecedented accuracy and comprehensiveness. It can quickly scan and analyze large complex web sites and applications, NTOSpider identifies application vulnerabilities as well as site exposure risk, ranks threat priority, produces highly graphical, intuitive HTML reports, and indicates site security posture by vulnerabilities and threat exposure.
To import your data from AppSpider to the Application Security Module, you will need to use the AppSpider Connector under the Dynamic Assessment tools section of the Cisco Vulnerability Management UI.
The AppSpider Connector is a full-run connector, because it is an XML connector. It does not make API calls (incremental or otherwise).
Prerequisites
-
This connector is an XML connector, so neither the Virtual Tunnel, nor the Agent, is relevant.
-
To upload data to the Connector, you must be able to export results from AppSpider in XML format.
-
Note that this connector is for AppSpider specifically and does not support Insight AppSec from Rapid7.
-
- You must be a Cisco Vulnerability Management Administrator.
Configuring your Connector in Cisco Vulnerability Management
1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. In the Dynamic Assessment section click b.
4. On the AppSpider page, enter the following information:
-
Name: Enter a name for the connector, or leave it as “Spider”.
- Asset Inactivity Limit: Enter a time in days for the connector level asset inactivity limit. Cisco recommends 2-3 times the scan cadence of your connector scans.
5. Click Save and Verify.
What AppSpider Items does Cisco Vulnerability Management Import?
Cisco Vulnerability Management will import all of the vulnerabilities in the AppSpider report.
Fields in AppSpider |
Fields in Cisco Vulnerability Management |
Note |
VulnList > Vuln > WEBSITE |
Application Identifier |
Search for application_identifer in Cisco Vulnerability Management by using the custom query box and typing application:"" |
vulnurl |
URL |
Whichever of these items is listed first in the report is pulled in as the URL |
vulntype |
Vulnerability Name |
|
-N/A- |
vulnerability Status |
We do not map false positives, all vulnerabilities reported are imported in a default status of “open”. Once vulnerabilities are not reported in a subsequent scan, in which case the platform auto-closes the vuln. |
description |
Description |
|
recommendation |
Solution |
|
-N/A- |
scanner_score |
Not Pulled in |
cwe_id |
CWE |
|
wasc |
Wasc ID |
|
scanend = report_date |
Found On |
|
-N/A- |
Tags |
No tags are presented in the XML report. As a result, no tags are imported. |
Optional Settings
The following settings can be enabled on the backend for AppSpider Connectors. To have these settings enabled, or for more information, contact Cisco Support, or your Customer Success Engineer.
Exclude Informationals
When you enable this option, Cisco Vulnerability Management will not import vulnerabilities that do not include a CVE, CWE, or WASC ID.
Ignore Scanner Last Seen Time
Select this setting if you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.
Custom Ordered Locators
Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information, see the help article here.
Common Reasons forAppSpider Connector Run Failures
- If Cisco Vulnerability Management receives data that is not in the expected format and cannot process it, the connector will fail.
- If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector run.
Additional Assistance
Contact Support ifyou require any additional assistance with the AppSpider Connector.
Comments
Please sign in to leave a comment.