Am I reading the correct user guide?
Am I reading the correct user guide?
Some connectors on the Vulcan help center offer multiple user guides tailored to different setups and versions.
To open the correct user guide for your setup and version, go to the connector's setup page and click How to connect.
Connector details
About Bright
Bright Security (formerly NeuraLegion) is a Dynamic Application Security Testing (DAST) platform that enables developers to identify and resolve security vulnerabilities in web applications and APIs early in the development cycle.
It performs black-box testing by simulating real-world attacks on running applications.
It’s dev-centric, with deep CI/CD integrations, low false positives, and shift-left enablement.
Designed to be fully automated and easy to use, even by non-security teams.
Support scope
Supported products |
Not supported: Bright Star |
Category | Application Security - DAST |
Ingestion type | Assets and vulnerabilities |
Ingested asset type(s) | Web Applications
Bright Connector ingests DAST applications and findings, and maps them as Web Applications in Vulcan. |
Integration type | UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction) |
Supported version and type | SaaS (latest) |
Connector Setup
Prerequisites and user permissions
Before you begin configuring the Connector, make sure you have the following:
Ensure that the user account is associated with a single organization.
Confirm that the user has permission to create an API key. All roles have this capability.
Verify that the following read scopes are enabled on the API key:
groups
projects
issues
Creating a user with the appropriate permissions
To integrate Bright with Vulcan, you need to create an API key with the correct permissions.
Log in with a user account that has access to all the projects you want to retrieve into Vulcan.
Navigate to Settings → API Keys.
Click Create API Key.
Do not set an expiration date.
Under Scopes, select:
groups:read
issues:read
projects:read
Set the API key permissions with
projects.read
,applications.read
,vulnerabilities.read
.
Configuring the Bright connector
Login to the Vulcan ExposureOS platform and go to Connectors > Add a Connector
Click on the Bright icon.
Set up the Connector as follows:
If a gateway is required, refer to the Vulcan Gateway guide to configure the gateway before proceeding. If not, continue following the steps in this guide.
Enter the API Key you generated earlier.
Data pulling configuration:
This configuration has dynamic settings tailored to the specific connector and integration type.
Fetch Unconfirmed issues: Select this option to include unconfirmed issues from Bright in the connector sync.
Note: If you disable this option in a future sync after it was previously enabled, all previously fetched unconfirmed issues will be marked as fixed in the Vulcan platform.
Asset Retention: Configure the retention period for inactive assets based on their last seen date. If an asset has not been detected or updated in a scan within the specified days, it will be automatically removed from the Vulcan ExposureOS platform. This ensures your asset inventory stays current and relevant.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Bright instance.
Notes:
A successful connectivity test confirms that the platform can connect to the Bright instance. However, it does not guarantee that the synchronization process will succeed, as additional syncing or processing issues may arise.
Example:If the connectivity test fails, an error message with details about the issue will appear. Click the arrow next to the error message for more information about the exact error.
Example:
Connector scheduling: Set the connector's sync time and days. By default, all days are selected.
Example:Click Create to start syncing the new connector, or Save Changes if editing an existing connector.
Allow some time for the sync to complete. Then, you can review the sync status on the Connectors main page or under Connector sync logs on the connector's specific setup page.
Example:To confirm the sync is complete, navigate to the Connectors page. The sync is complete once the Bright icon shows Connected.
Example:
Bright in the Vulcan platform
Viewing findings
To view findings (instances) ingested by the Bright connector:
Go to the Findings page.
Click on Filter and set the condition to Vulnerability > Source > is > Bright.
Example:
You can also:
Filter by Business Group and add more filters to narrow your search further.
Filter by Connector-specific parameters (also known as Native Parameters) if available.
Click on a finding for more details.
Viewing vulnerabilities
To view vulnerabilities ingested by the Bright connector:
Go to the Vulnerabilities page.
Click on Filter and set the condition to Vulnerability > Source > is > Bright.
Example:
You can also:
Filter by Business Group and add more filters to narrow your search further.
Filter by Connector-specific parameters (also known as Native Parameters) if available.
Click on a vulnerability for more details.
Viewing assets
To view assets ingested by the Bright connector:
Go to the Assets page.
Click on Filter and set the condition to Asset > Source > is > Bright.
Example:
You can also:
Filter by Business Group and add more filters to narrow your search further.
Filter by Connector-specific parameters (also known as Native Parameters) if available.
Click on an asset for more details.
Taking action on vulnerabilities and assets
To take remediation action on vulnerabilities and assets ingested by Bright:
Go to the Vulnerabilities or Assets Page.
Use the Filter to view the assets/vulnerabilities by source. You can always filter by Business Group and add more filters to narrow your search.
Select the relevant vulnerabilities/assets from the results list.
Click on Take Action to proceed with remediation or further actions.
Example:
Automating remediation actions on vulnerabilities
Use Vulcan Playbooks to create automation and remediate vulnerabilities at scale.
Data Mapping
The Vulcan Platform integrates with Bright through an API that pulls relevant vulnerability and asset data and maps it to the platform's pages and fields. The vulnerabilities and/or assets data is ingested from the vendor platform and mapped into the Vulcan ExposureOs platform.
Website Dynamic Analysis data mapping
Asset data
Bright API field | Vulcan field |
| Asset uniqueness criteria |
| Website Name (hostname) |
| Website address (address) |
| Website Last report (last_seen) |
| Website details (added_data) |
| Website Tags - Vendor’s tags (tags) |
Unique Vulnerability Data
Bright API field | Vulcan field |
| Unique Vulnerability uniqueness criteria |
| Vulnerability title (title) |
| Vulnerability score (cvss_score) |
| Vulnerability description (description) |
| Vulnerability details (added_data) |
| CVE/S (report_item_cve) |
| CWE (cwe) |
| CVSS attack vector (cvss3_vector) |
Finding data (asset-instance connection)
Bright API field | Vulcan field |
| Unique Vulnerability uniqueness criteria |
| Vulnerability_Asset First seen (first_seen) |
| Vulnerability_Asset Last seen (last_seen) |
| Vulnerability_Asset details (added_data) |
| Vulnerability_Asset port (protocol) |
| Website Component - URLS (url) |
| Vulnerability_Asset Fixed mechanism (report_item_status) |
| Solution uniqueness criteria |
| Fix - Description(description) |
Findings status mapping
Findings (instances) ingested from connectors are mapped into the Vulcan platform by status.
Bright status | Vulcan status |
New | Vulnerable |
Recurring | Vulnerable |
Ignored | Risk Acknowledged |
Resolved | Fixed |
The statuses are mapped into the Findings page > Show <status> view:
Vulnerability score mapping
Risk scores ingested from connectors are converted into numeric scores and mapped into the Vulcan platform risk score field, eventually impacting the contextualized risk calculation.
Bright score | Vulcan score |
Critical | 10 |
High | 7 |
Medium | 5 |
Low | 3 |
The scores are mapped into the Score field of the Vulnerability details:
Status update Mechanisms
Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones.
The table below lists how the status update mechanism works in the Bright Connector for the vulnerabilities and assets in the Vulcan Platform.
Status change | When? |
The asset is archived | - Asset not seen for X days according to "Last Seen" |
The vulnerability instance status changes to "Fixed" | - If the vulnerability no longer appears in the scan findings - Vulnerability status on the connector's side changes to |
Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).
API endpoints in use
API | Usage |
Get Projects | |
Get Issues | |
Get Groups | |
{{baseUrl}}/api/v2/scans | Scans |
{{baseUrl}}/api/v2/scans/scan_id/issues | Issues |
Data Validation
This section shows how to validate and compare data between Vulcan ExposureOS and the Bright platform.
Matching Asset Count
Objective: Ensure the number of repositories (assets) in Bright matches the corresponding assets in Vulcan.
In Bright:
Go to Projects for the overall project Overview.
Each project shows the list of projects and the number of unique hosts (a.k.a., websites or APIs) included in each project.
Validate the assets count according to the pre-selected asset definition in the connector setup.
After validating the assets' overall counts, select one asset and confirm that the metadata ingested to Vulcan is aligned with the data displayed in Bright:
Asset Name
Scan Dates - first seen and last seen dates
Labels
Validations if an asset is not present in Vulcan:
Archive by date: Ensure the asset is not archived in Vulcan based on an outdated last-seen date.
Matching vulnerabilities and findings count
Objective: Ensure that issues in Bright are accurately reflected in Vulcan.
In Bright:
Go to Projects to view the overall project overview.
On the Projects page, you’ll find a table that summarizes all issues by severity level.
If the checkbox “Fetch Unconfirmed Issues” is enabled, each project page will include an Unconfirmed Issues section. This section displays findings that are not included in the main project overview.
Note: If you enable the ‘Fetch Unconfirmed Issues’ option during one sync and then disable it in the following sync, all previously unconfirmed issues will be marked as FIXED in Vulcan.
Validations if vulnerability is not present in Vulcan:
If a finding is moved to status "fixed", you will no longer be able to see it in the Findings page.
A finding will not appear if the related asset was archived.