Hosted Toolkit

The Kenna Toolkit is a containerized framework that allows Cisco Vulnerability Management engineers, customers and partners to develop data ingestion services for a wider array of scanning sources. The Toolkit framework is an open-source library of services that translate scanner vulnerability data to the Kenna Data Importer format. 

Information on the Toolkit and instructions for running the container in a local environment can be found on the public Toolkit GitHub Site. Customers can run the Toolkit on their local container environment, allowing for complete control of secret storage, parameter changes, resource allocation and scheduling. As this option is not always viable, we have created the Kenna Hosted Toolkit where customers can have the container configured and run by Cisco Vulnerability Management. 

Purpose

Some customers do not have the needed infrastructure to support running the toolkit within their own environment or simply prefer to have it hosted along with their Cisco Vulnerability Management SaaS instance.

Limitations

  • The Toolkit Tasks/Connectors are configured by Cisco and customers will not have direct access to configuration or scheduling. 
  • Toolkit processing is monitored by Cisco Engineering and when a connector run fails, the administrator specified during setup will receive an email with remediation instructions.
  • All requests to change parameters or scheduling must be submitted in a support ticket. 
  • Only API-Based Toolkit tasks are available for the hosted service. Cisco Vulnerability Management does not currently support any file-based data sources.

Before You Begin

  1. On the Toolkit GitHub Site review the parameter and authentication requirements for the Task you want to implement. 
  2. To safely share passwords/keys with Support, the Cisco Secure Doc Exchange is used. This requires you to create a login with Cisco if you don't already have one. Go to www.cisco.com and click on "Log In/Sign up" to create an account. You will receive a confirmation email and your account will not be active until you have clicked on the link provided.  You can also contact the Support team to help you set up access and a folder for the Cisco Secure Doc Exchange tool.

    blobid0.png

  3. If possible, run a local docker instance to confirm all the needed/desired parameters settings. This will smooth the implementation and reduce the number of iterations needed when setting up the container with Support.

Implementing a Hosted Toolkit Service

  1. Create a new Kenna Data Importer (KDI) connector for each toolkit task. Note the connector ID.
  2. Open a support ticket requesting hosting for the specific task (scanner) being implemented.
    • Let support know which email address is registered with cisco.com on the Cisco Secure Doc Exchange.
    • Inform support of your desired connector run schedule. The default run is daily.
  3. Look out for an email from Cisco Vulnerability Management giving you access to a folder on the Cisco Secure Doc Exchange.
  4. Upload the file containing secrets and/or all parameter values to the folder in the Cisco Secure Doc Exchange. Non-Secret values can be shared directly in the support ticket if desired. The file should contain:
    • Scanner credentials/keys
    • Desired parameters if different from the default
    • The Kenna API Key to be used
    • The Connector ID to receive the data

Service Details

The Hosted Toolkit Service is run within the Cisco Vulnerability Management AWS cloud environment. Data is retrieved from the scanning services, transformed, and pushed to the customer's Cisco Vulnerability Management instance. Data temporarily stored during the transformation process is destroyed with the container object at the end of each scheduled run. Credentials, such as passwords and keys, are stored in the AWS Secrets store.

Connector Run Failures

Every time the Hosted Toolkit runs, it pushes data into Cisco Vulnerability Management. If a connector run fails, the administrator specified during setup will receive an automated email notification with additional details and follow up questions. The administrator should review these questions and will be directed back to this help article to review the remediation steps for each question prior to submitting a support ticket.

Important: Email notifications about failed connector runs will be sent every time your connector run fails.

Remediation Steps

To Discontinue this Connector

If you no longer need this connector's data to be ingested and would like to stop receiving failure notifications, please let our Support team know by replying to this email or filing a ticket from the Help Center.

 

To Fix Scanner Credentials that Changed

Please verify if any recent changes were made to the account credentials that Cisco Vulnerability Management uses to access the data from your scanner. If so, please let our Support team know by replying to the connector failure email or filing a ticket from the Help Center. Please attach the latest email failure notification with the time stamps in the header.  

Important: Please DO NOT send any credentials in an email or include them in tickets!  Use the Cisco Secure Doc Exchange outlined in the above section "Before You Begin".

To Fix Scanner Settings that Changed

Please verify if any changes were recently made to the account that Cisco Vulnerability Management uses to access your scanner data. If so, you will need to contact your scanner administrator and ask them to restore the settings for the account utilized by Cisco Vulnerability Management. If you need any additional assistance with this, please let the Support team know by replying to the connector failure email or filing a ticket from the Help Center. the Support team may be able to assist with verifying the impacts of the recent changes to the connector settings. 

Important: Cisco Vulnerability Management is not responsible for supporting your scanner or scanner data, but in cases of data and data format related issues, the Support team can work with your scanner administrator to help narrow down the issue at hand.

For the Support team to be able to assist with data and data format related issues, you will have to provide a recent raw data file produced by your scanner for ingestion into Cisco Vulnerability Management.  Please DO NOT email it or include the file in a support ticket. Use the Cisco Secure Doc Exchange outlined in the above section "Before You Begin". Please be sure to include the same raw data file that caused the error when loaded into Cisco Vulnerability Management.  

To Fix any Scanner Errors

If you see any errors logged by the scanner, please let our Support team know by replying to the connector failure email or filing a ticket from the Kenna Help Center. the Support team may be able to assist with correlating the scanner errors with the failed connector runs.

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.