AppSpider Connector Page (XML Connector, fka: NTO Spider)

As of 2015, NTO Spider is now AppSpider, offered by Rapid7 after their acquisition of NT Objectives Inc.

AppSpider (fka: NTOSpider) is the first next-generation web application vulnerability scanner, providing automated vulnerability assessment with unprecedented accuracy and comprehensiveness. Able to quickly scan and analyze large complex web sites/applications, NTOSpider identifies application vulnerabilities as well as site exposure risk, ranks threat priority, produces highly graphical, intuitive HTML reports, and indicates site security posture by vulnerabilities and threat exposure.


To import your data from AppSpider to the Kenna.AppSec module, you will need to leverage the AppSpider Connector under the Dynamic Assessment tools.
The AppSpider Connector is a full-run connector, as it is an XML connector. It does not make API calls (incremental or otherwise).

 

User Prerequisites/Connector Setup:

  • Given that this connector is an XML connector, neither the Virtual Tunnel, nor the Kenna Agent, is relevant.

  • In order to upload data to the Connector, you must have the ability to export results from AppSpider in XML format.

    • Please note that this connector is for AppSpider specifically and does not support Insight AppSec from Rapid7.
       

Configuring your Connector in Cisco Vulnerability Management

 

To set up the Connector, navigate to the Connectors tab in your Cisco Vulnerability Management deployment (you must be a Cisco Vulnerability Management Administrator to do so). On the Connectors page, select the AppSpider connector under Dynamic Assessment.

NTOSpider.png

Once you select the AppSpider connector, the following screen will appear:

NTOSpider_1.png

 

  • Enter a name for the connector, or leave it as “Spider” if you wish.

  • Save and Verify

  • If you’d like to set a connector level asset inactivity limit, you can do that at this time, or later. (We recommend 2-3x the scan cadence of your connector scans).

 

What AppSpider Items does Cisco Vulnerability Management Import?

Cisco Vulnerability Management will import all of the vulnerabilities in the AppSpider report. We will pull:

Fields in AppSpider

Fields in Cisco Vulnerability Management 

Note

VulnList > Vuln > WEBSITE

Application Identifier

Search for application_identifer in Cisco Vulnerability Management by using the custom query box and typing application:""

vulnurl
normalizedurl
page
url
website

 

URL

 

Whichever of these items is listed first in the report is pulled in as the URL

vulntype

Vulnerability Name

 

 

-N/A-

 

vulnerability Status

 We do not map false positives, all vulnerabilities reported are imported in a default status of “open”. Once vulnerabilities are not reported in a subsequent scan, in which case the platform auto-closes the vuln.

description

Description

 

recommendation

Solution

 

-N/A-

scanner_score

Not Pulled in

cwe_id

CWE

 

wasc

Wasc ID

 

scanend = report_date

Found On

 

-N/A-

Tags

No tags are presented in the XML report. As a result, no tags are imported.

 

Optional Settings

The following settings can be enabled on the backend for AppSpider Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.

  • Exclude Informationals

    • When this option is enabled, Cisco Vulnerability Management will not import vulnerabilities that do not include a CVE, CWE, or WASC ID.

  • Ignore Scanner Last Seen Time

    • If you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.

  • Custom Ordered Locators

    • Locators (IP, Netbios, FQDN, etc) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information see the help article here.

 

Common Reasons forAppSpider Connector Run Failures

  • Unexpected data returned

    • If Cisco Vulnerability Management receives data that is not in the expected format and we are unable to process it, the connector will fail.

  • If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector Run

 

Additional Assistance:

Please contact Support should you require any additional assistance with the AppSpider Connector.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.