Burp Scanner is a state-of-the-art vulnerability scanner for web applications. It is designed with security testers in mind, to integrate closely with your existing techniques and methodologies for manual and automated testing.
To import your data from BurpSuite to the Application Security Module, you will need to leverage the BurpSuite XML Connector under the Dynamic Assessment tools section on the Connectors page in the Cisco Vulnerability Management UI. The Connector is a mandatory full run connector because it is a file-based (XML) connector.
Prerequisites
-
Because the Connector is file based, users must have access to export data from BurpSuite in the proper format.
- You must be a Cisco Vulnerability Management administrator.
Configuring your Connector in Cisco Vulnerability Management
1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. In the Dynamic Assessment section, click BurpSuite.
4. On the BurpSuite screen, enter the following information:
- Name: Enter a name for the connector, or leave it as "Burp"
- Asset Inactivity Limit: Enter a time in days for the connector level asset inactivity limit. Cisco recommends 2-3 times the scan cadence of your connector scans).
5. Click Save and Verify.
What BurpSuite Items does Cisco Vulnerability Management Import?
Cisco Vulnerability Management will import all of the applications associated with the user leveraged for the export loaded to the connector. We will pull:
BurpSuite Field |
Cisco Vulnerability Management Field |
Notes |
---|---|---|
issue > host |
Application identifier |
Search for Application identifier in Cisco Vulnerability Management by using the custom query box and typing application:"" |
issue > host + issue > path |
URL |
IFF path is present |
|
Finding Status |
Vulnerability status is Open or Closed. We do not map False Positives or Triage States. Open vulnerabilities are reported in application scan reports. Closed vulns are no longer present in these reports and Cisco Vulnerability Management will autoclose the vulnerability. |
issue.name |
Vulnerability Name |
|
severity |
scanner_score |
0-10 |
issue.type |
Identifier (vulnerability) |
|
CWE ids |
CWE |
|
WASC ids |
WASC ID |
|
issue.background |
Description |
|
issue.host (without protocol) |
hostname |
|
export_time |
Last Seen |
Cisco Vulnerability Management does not receive an explicit last seen time. We utilize the report export time as the last seen date for all items. |
The Connector does not import the following:
-
Custom Fields
-
Tags
Optional Settings
The following settings can be enabled on the backend for BurpSuite Connectors. To have these settings enabled, or for more information, contact Cisco Support, or your Customer Success Engineer.
Exclude Informationals
When this option is enabled, Cisco Vulnerability Management will not import vulnerabilities that do not include a CVE, CWE, or WASC ID.
Ignore Scanner Last Seen Time
Enable this option if you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.
Custom Ordered Locators
Locators (such as IP, NetBIOS, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information, see the help article here.
Common Reasons for Burp Connector Run Failures
If Cisco Vulnerability Management receives data that is not in the expected format and cannot process it, the connector will fail.
If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector run.
Additional Assistance
Contact Cisco Support if you require any additional assistance with the BurpSuite Connector.
Comments
Please sign in to leave a comment.