The Toolkit is a containerized framework that allows Cisco Vulnerability Management engineers, customers and partners to develop data ingestion services for a wider array of scanning sources. The Toolkit framework is an open-source library of services that translate scanner vulnerability data to the Data Importer format.
You can find information on the Toolkit and instructions for running the container in a local environment on the public Toolkit GitHub Site. Customers can run the Toolkit on their local container environment, which allows for complete control of secret storage, parameter changes, resource allocation and scheduling. As this option is not always viable, Cisco has created the Hosted Toolkit where customers can have the container configured and run by Cisco Vulnerability Management.
Purpose
Some customers do not have the infrastructure needed to support running the toolkit in their own environment or simply prefer to have it hosted along with their Cisco Vulnerability Management SaaS instance.
Limitations
- Cisco configures the Toolkit Tasks/Connectors and customers do not have direct access to configuration or scheduling.
- Cisco Engineering monitors Toolkit processing and when a connector run fails, the administrator that was specified during setup will receive an email with remediation instructions.
- All requests to change parameters or scheduling must be submitted in a support ticket.
- Only API-Based Toolkit tasks are available for the hosted service. Cisco Vulnerability Management does not currently support any file-based data sources.
Before You Begin
- On the Toolkit GitHub Site review the parameter and authentication requirements for the Task you want to implement.
- To safely share passwords/keys with Support, the Cisco Secure Doc Exchange is used. This requires you to create a login with Cisco if you don't already have one. Go to www.cisco.com and click on "Log In/Sign up" to create an account. You will receive a confirmation email and your account will not be active until you have clicked on the link provided. You can also contact the Support team to help you set up access and a folder for the Cisco Secure Doc Exchange tool.
- If possible, run a local docker instance to confirm all the needed/desired parameters settings. This will make the implementation easier and reduce the number of iterations needed when setting up the container with Support.
Implementing a Hosted Toolkit Service
- Create a new Data Importer connector for each toolkit task. Ensure that you take note of the connector ID.
- Open a support ticket requesting hosting for the specific task (scanner) being implemented.
- Let support know which email address is registered with cisco.com on the Cisco Secure Doc Exchange.
- Inform support of your desired connector run schedule. The default run is daily.
- Look out for an email from Cisco Vulnerability Management giving you access to a folder on the Cisco Secure Doc Exchange.
- Upload the file containing secrets and/or all parameter values to the folder in the Cisco Secure Doc Exchange. Non-Secret values can be shared directly in the support ticket The file should contain:
- Scanner credentials/keys
- Desired parameters if different from the default
- The API Key to be used
- The Connector ID to receive the data
Service Details
The Hosted Toolkit Service is run in the Cisco Vulnerability Management AWS cloud environment. Data is retrieved from the scanning services, transformed, and pushed to the customer's Cisco Vulnerability Management instance. Data temporarily stored during the transformation process is destroyed with the container object at the end of each scheduled run. Credentials, such as passwords and keys, are stored in the AWS Secrets store.
Connector Run Failures
Every time the Hosted Toolkit runs, it pushes data into Cisco Vulnerability Management. If a connector run fails, the administrator specified during setup will receive an automated email notification with additional details and follow up questions. The administrator should review these questions and will be directed back to this help article to review the remediation steps for each question prior to submitting a support ticket.
Important: Email notifications about failed connector runs will be sent every time your connector run fails.
Remediation Steps
To Discontinue this Connector
To Fix Scanner Credentials that Changed
Verify if any recent changes were made to the account credentials that Cisco Vulnerability Management uses to access the data from your scanner. If so, to let our Support team know, reply to the connector failure email or file a ticket from the Help Center. Attach the latest email failure notification with the time stamps in the header.
Important: Do not send any credentials in an email message or include them in tickets. Use the Cisco Secure Doc Exchange outlined in the above section "Before You Begin".
To Fix Scanner Settings that Changed
Verify if any changes were recently made to the account that Cisco Vulnerability Management uses to access your scanner data. If so, you will need to contact your scanner administrator and ask them to restore the settings for the account that Cisco Vulnerability Management uses. If you need any additional assistance, to let the Support team know reply to the connector failure email message or file a ticket from the Help Center. The Support team might be able to assist with verifying the impacts of the recent changes to the connector settings.
Important: Cisco Vulnerability Management is not responsible for supporting your scanner or scanner data, but in cases of data and data format related issues, the Support team can work with your scanner administrator to help narrow down any issues.
For the Support team to be able to assist with data and data format related issues, you will have to provide a recent raw data file that your scanner produced for ingestion into Cisco Vulnerability Management. Do not email the file or include the file in a support ticket. Use the Cisco Secure Doc Exchange outlined in the above section "Before You Begin". Ensure to include the same raw data file that caused the error when it was loaded into Cisco Vulnerability Management.
To Fix any Scanner Errors
If you see that the scanner has logged errors, to let our Support team know reply to the connector failure email message or file a ticket from the Help Center. The Support team might be able to assist with correlating the scanner errors with the failed connector runs.
Comments
Please sign in to leave a comment.