Skip to main content

Bright Connector

Updated over 2 weeks ago

Am I reading the correct user guide?

Some connectors on the Vulcan help center offer multiple user guides tailored to different setups and versions.

To open the correct user guide for your setup and version, go to the connector's setup page and click How to connect.


Connector details

About Bright

Bright Security (formerly NeuraLegion) is a Dynamic Application Security Testing (DAST) platform that enables developers to identify and resolve security vulnerabilities in web applications and APIs early in the development cycle.

  • It performs black-box testing by simulating real-world attacks on running applications.

  • It’s dev-centric, with deep CI/CD integrations, low false positives, and shift-left enablement.

  • Designed to be fully automated and easy to use, even by non-security teams.

Support scope

Supported products

Not supported: Bright Star

Category

Application Security - DAST

Ingestion type

Assets and vulnerabilities

Ingested asset type(s)

Web Applications

Bright Connector ingests DAST applications and findings, and maps them as Web Applications in Vulcan.

Integration type

UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)

Connector Setup

Prerequisites and user permissions

Before you begin configuring the Connector, make sure you have the following:

  • Ensure that the user account is associated with a single organization.

  • Confirm that the user has permission to create an API key. All roles have this capability.

  • Verify that the following read scopes are enabled on the API key:

    • groups

    • projects

    • issues

Creating a user with the appropriate permissions

To integrate Bright with Vulcan, you need to create an API key with the correct permissions.

  1. Log in with a user account that has access to all the projects you want to retrieve into Vulcan.

  2. Navigate to Settings → API Keys.

  3. Click Create API Key.

  4. Do not set an expiration date.

  5. Under Scopes, select:

    • groups:read

    • issues:read

    • projects:read

  6. Set the API key permissions with projects.read, applications.read, vulnerabilities.read.

Configuring the Bright connector

  1. Login to the Vulcan ExposureOS platform and go to Connectors > Add a Connector

  2. Click on the Bright icon.

  3. Set up the Connector as follows:

    1. If a gateway is required, refer to the Vulcan Gateway guide to configure the gateway before proceeding. If not, continue following the steps in this guide.

    2. Enter the API Key you generated earlier.

  4. Data pulling configuration:

    This configuration has dynamic settings tailored to the specific connector and integration type.

    • Fetch Unconfirmed issues: Select this option to include unconfirmed issues from Bright in the connector sync.

      Note: If you disable this option in a future sync after it was previously enabled, all previously fetched unconfirmed issues will be marked as fixed in the Vulcan platform.

    • Asset Retention: Configure the retention period for inactive assets based on their last seen date. If an asset has not been detected or updated in a scan within the specified days, it will be automatically removed from the Vulcan ExposureOS platform. This ensures your asset inventory stays current and relevant.

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Bright instance.

    Notes:

    • A successful connectivity test confirms that the platform can connect to the Bright instance. However, it does not guarantee that the synchronization process will succeed, as additional syncing or processing issues may arise.

      Example:

    • If the connectivity test fails, an error message with details about the issue will appear. Click the arrow next to the error message for more information about the exact error.

      Example:

  6. Connector scheduling: Set the connector's sync time and days. By default, all days are selected.

    Example:

  7. Click Create to start syncing the new connector, or Save Changes if editing an existing connector.

  8. Allow some time for the sync to complete. Then, you can review the sync status on the Connectors main page or under Connector sync logs on the connector's specific setup page.

    Example:

  9. To confirm the sync is complete, navigate to the Connectors page. The sync is complete once the Bright icon shows Connected.

    Example:


Bright in the Vulcan platform

Viewing findings

To view findings (instances) ingested by the Bright connector:

  1. Go to the Findings page.

  2. Click on Filter and set the condition to Vulnerability > Source > is > Bright.

    Example:

You can also:

Viewing vulnerabilities

To view vulnerabilities ingested by the Bright connector:

  1. Go to the Vulnerabilities page.

  2. Click on Filter and set the condition to Vulnerability > Source > is > Bright.

    Example:

You can also:

Viewing assets

To view assets ingested by the Bright connector:

  1. Go to the Assets page.

  2. Click on Filter and set the condition to Asset > Source > is > Bright.

    Example:

You can also:

Taking action on vulnerabilities and assets

To take remediation action on vulnerabilities and assets ingested by Bright:

  1. Go to the Vulnerabilities or Assets Page.

  2. Use the Filter to view the assets/vulnerabilities by source. You can always filter by Business Group and add more filters to narrow your search.

  3. Select the relevant vulnerabilities/assets from the results list.

  4. Click on Take Action to proceed with remediation or further actions.

    Example:

Automating remediation actions on vulnerabilities

Use Vulcan Playbooks to create automation and remediate vulnerabilities at scale.


Data Mapping

The Vulcan Platform integrates with Bright through an API that pulls relevant vulnerability and asset data and maps it to the platform's pages and fields. The vulnerabilities and/or assets data is ingested from the vendor platform and mapped into the Vulcan ExposureOs platform.

Website Dynamic Analysis data mapping

Asset data

Bright API field

Vulcan field

id

Asset uniqueness criteria

ns

Website Name (hostname)

host (Findings > Enrichment)

Website address (address)

summary.lastScan

Website Last report (last_seen)

groups

labels

id

scansByStatus

issuesBySeverity

issuesLength

lastScan

uniqueHosts

Website details (added_data)

labels

groups

Website Tags - Vendor’s tags (tags)

Unique Vulnerability Data

Bright API field

Vulcan field

type

Unique Vulnerability uniqueness criteria

type

Vulnerability title (title)

severity

Vulnerability score (cvss_score)

details

Vulnerability description (description)

exposure

resources

Vulnerability details (added_data)

type

CVE/S (report_item_cve)

cwe

CWE (cwe)

cvss

CVSS attack vector (cvss3_vector)

Finding data (asset-instance connection)

Bright API field

Vulcan field

id

Unique Vulnerability uniqueness criteria

createdAt

Vulnerability_Asset First seen (first_seen)

lastReported

Vulnerability_Asset Last seen (last_seen)

page url - 'https://app.brightsec.com/projects/ ' +projectId +'/issues/'+ id

method

entryPointId

resources (list)

screenshots (list)

exposure

details

request (dict)

response (dict)

Vulnerability_Asset details (added_data)

protocol

Vulnerability_Asset port (protocol)

url

Website Component - URLS (url)

status

Vulnerability_Asset Fixed mechanism (report_item_status)

remedy

Solution uniqueness criteria

remedy

Fix - Description(description)

Findings status mapping

Findings (instances) ingested from connectors are mapped into the Vulcan platform by status.

Bright status

Vulcan status

New

Vulnerable

Recurring

Vulnerable

Ignored

Risk Acknowledged

Resolved

Fixed

The statuses are mapped into the Findings page > Show <status> view:


Vulnerability score mapping

Risk scores ingested from connectors are converted into numeric scores and mapped into the Vulcan platform risk score field, eventually impacting the contextualized risk calculation.

Bright score

Vulcan score

Critical

10

High

7

Medium

5

Low

3

The scores are mapped into the Score field of the Vulnerability details:

Status update Mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones.

The table below lists how the status update mechanism works in the Bright Connector for the vulnerabilities and assets in the Vulcan Platform.

Status change

When?

The asset is archived

- Asset not seen for X days according to "Last Seen"

The vulnerability instance status changes to "Fixed"

- If the vulnerability no longer appears in the scan findings

- Vulnerability status on the connector's side changes to Resolved

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).

API endpoints in use

API

Usage

Get Projects

Get Issues

Get Groups

{{baseUrl}}/api/v2/scans

Scans

{{baseUrl}}/api/v2/scans/scan_id/issues

Issues


Data Validation

This section shows how to validate and compare data between Vulcan ExposureOS and the Bright platform.

Matching Asset Count

Objective: Ensure the number of repositories (assets) in Bright matches the corresponding assets in Vulcan.

In Bright:

  1. Go to Projects for the overall project Overview.

    • Each project shows the list of projects and the number of unique hosts (a.k.a., websites or APIs) included in each project.

  2. Validate the assets count according to the pre-selected asset definition in the connector setup.

    • If Projects: The number of assets in Vulcan should be equal to the number of projects in Bright

    • If Applications: The number of assets in Vulcan should be equal to the number of applications in Bright.

      How to count the applications in Bright? Summarize the “unique hosts“ count in the Projects page:

  3. After validating the assets' overall counts, select one asset and confirm that the metadata ingested to Vulcan is aligned with the data displayed in Bright:

    • Asset Name

    • Scan Dates - first seen and last seen dates

    • Labels

Validations if an asset is not present in Vulcan:

  • Archive by date: Ensure the asset is not archived in Vulcan based on an outdated last-seen date.

Matching vulnerabilities and findings count

Objective: Ensure that issues in Bright are accurately reflected in Vulcan.

In Bright:

  1. Go to Projects to view the overall project overview.

  2. On the Projects page, you’ll find a table that summarizes all issues by severity level.

    If the checkbox “Fetch Unconfirmed Issues” is enabled, each project page will include an Unconfirmed Issues section. This section displays findings that are not included in the main project overview.

    Note: If you enable the ‘Fetch Unconfirmed Issues’ option during one sync and then disable it in the following sync, all previously unconfirmed issues will be marked as FIXED in Vulcan.

    ​​Validations if vulnerability is not present in Vulcan:

  • If a finding is moved to status "fixed", you will no longer be able to see it in the Findings page.

  • A finding will not appear if the related asset was archived.

Did this answer your question?