When working with the Kenna AppSec module, applications that are scanned by your application scanner platform within the your environment will inherit the name of the application as it is stored on the scanning platform. At some point, you may desire to make changes to the application names as your organization or vulnerability management program changes. If planned properly, these changes do not need to result in orphaned assets, or duplicated assets/applications within Cisco Vulnerability Management. This article helps to describe how the stacking works within Kenna and how changes should be done to ensure it is seamless.
The way the applications are stacked in Cisco Vulnerability Management is dependent on 3 items:
The application name (like the top-level folder name)
The application identifier tied to the application name, and
The application identifier tied to the asset.
Making an Application Name Change
To make an application name change on your scanning platform you will need to change the application name, application identifier tied to the application, and the application identifier tied to the asset. By following these steps outlined below, you will make sure to preserve the score history of the application and ensure that when data from the renamed application is brought in, the assets are not duplicated.
The methodology to be followed is:
After a new name has been selected, update the application name / folder name within Kenna AppSec.
Update the application identifier tied to that application.
Update the application identifier tied to the assets under that application.
The application score will be preserved and when you pull in fresh data from the scanner, the imports will update those assets without creating new assets, or leaving the old ones orphaned.
This process can be automated using the API, which an help in situations where there are multiple applications or the applications have very many assets associated with them.
The methodology to be followed using the API is:
Search for assets tied to an application using the search asset API.
Update the application name and application identifier using the Update application API endpoint.
Update the application identifier tied to each asset (under the application) using the update asset API endpoint.
Finally, to automate the API process, you can use this script: https://github.com/ KennaSecurity/All_Samples .