In this article you will find:

  1. Prerequisites
  2. CSV Examples
  3. General information
  4. How to create Vulcan Report connector
  5. File Management
  6. Tracking and Remediation with Vulcan Report
  7. API
  8. FAQ

1. Prerequisites

Supported format: CSV
Max file size: 200 Mb
Required fields: Asset name, CVSS V.3 (only in vulnerability reports), Vulnerability Name (only in vulnerability reports)
File structure: First row must contain headers

2. CSV Examples

Examples of recommended CSV templates:
Host Vulnerability

DAST (Website) Vulnerability

Host Inventory

3. General information

Vulcan Report connector enables to upload CSV files to Vulcan.
You can upload any kind of CSV, while it requires to map manually fields from your report to Vulcan Report (more details about mapping are in 'Creating Vulcan Report Connector' section)

Basic flow:

There are 5 types of CSV that can be uploaded, each represents a different Vulcan data type:

  • Code Project (SAST) - Files that represent static analysis results.
  • Code Project (SCA) - Files that represent open source scan results.
  • Hosts (Asset Inventory) - Files that represent hosts' information. For example: CMDBs, Cloud providers.
  • Hosts (Vulnerability Assessment) - Files that represent vulnerabilities information. For example: Vulnerability scanners.
  • Websites - Files that represent application information. For example: DAST, penetration testing, bug bounties.

Each Vulcan Report connector represents a file from a specific product, there so you can create as many Vulcan Report connectors as you need.
For example, one Vulcan Report connector can represent your data from CMDBs (e.g ServiceNow) which contains relevant data of your hosts (Name, IP address, OS, etc.). Second Report Connector can represent your data from a Vulnerability Scanner (e.g Rapid7 Nexpose) which contains relevant data of your last scan (Vulnerability name, CVSS, CVE, etc.). 

Each uploaded CSV contains one mandatory field: 'Asset - Name'.
Correlation between different reports can be done only by asset name. For example:
CMDB report contains the asset name and Vulnerability Scanner report contains for each vulnerability, the related asset name.
Only if the asset names will match, the data will be correlated in Vulcan.

4. Creating Vulcan Report Connector

In Connectors page, click on Add a Connector

Click on Vulcan Report

  1. Name your Vulcan Report Connector - That way you can identify easily what this report represents.
  2. Click on browse or drag and drop the file you want to upload.

3. Choose data type - You can either upload Hosts or Websites.
**The reason for choosing data type lies in the fact that Vulcan's platform supports different asset types, each with its unique attributes.

Mapping

Mapping is a very simple operation but yet very important. The idea is mapping headers from CSV (which represent your data's attributes) into Vulcan fields.
For example: Asset name can be named in different ways from different products, so to support several naming conventions, the mapping operation aligns all variations to Vulcan's known fields.

The left column will consist of your CSV's headers. The right column will consist of the optional Vulcan fields.
Each Vulcan field can be mapped to one header, except from 'Asset - Details' and 'Vulnerability - Details' (more details about those special Vulcan fields under 'Supporting Custom Fields' section).

For each header, map the relevant Vulcan field.
Click on Create.
That's it! Your CSV records are now in Vulcan.

Note: It takes up to 10 minutes until all Vulcan processes are done on the ingested data.  

Supporting Custom Fields

Each Vulcan field can be mapped one time, except 'Asset - Details', 'Asset  - Tags' and 'Vulnerability - Details' that can be mapped as many times as you want.
Each header you'll map to 'Asset - Details' will be displayed on the Asset Card under the Details tab.
Each header you'll map to 'Assets - Tags' will be displayed as a tag on the relevant asset.
Each header you'll map to 'Vulnerability - Details' will be displayed on the Vulnerability Card under the Vulnerability tab.

Mapping Example

The following example uses the Host CSV example provided (see below under 'CSV Examples').
Each Vulcan field is mapped to a relevant header. Also, you can see that 'Asset - Tags' are mapped to two different headers (since you want to be able to filter and create Business Groups based on them) and 'Asset - Details' is also mapped to more than one header. 

The uploaded file will be seen like this:

5. File Management

File Management purpose is to provide the ability to download, renaming and delete files. It can be very useful in the following cases:

  • User wants to download the current/old files that were uploaded
  • User wants to rename filename
  • User wants to remove data from older files

You can get to File Management by hovering on existing Vulcan Report connector and click on Manage Files

Or by clicking on Edit and navigate to File Management tab

By hovering on on each file, you can perform 1 of the 3 options:
Download, rename and delete.

Note: Deleting file will affect data from that file only. Rest of data came from other related files will be maintained.

6. Tracking and Remediation with Vulcan Report

Each Vulcan Report connector represents data from an existing product or tool in your organization. Once a connector is created for the first time, you would probably like to upload more CSV that represents newer results.

Vulcan Report enables users to keep tracking of the data that was already ingested in Vulcan.

For the example, lets say you have a vulnerability scanner csv output from January scan, and after a period of time you want to upload to same Vulcan Report connector the output of February scan:

1. If a vulnerability exists in asset "ABC" in January and exists on the same asset "ABC" in February, then the status of the vulnerability will remain as it was (Vulnerable/In Progress)

2. If a vulnerability was not found in February bug did in January, then the status of the vulnerability will be changed to Fixed, as it indicates the vulnerability was fixed at the period of time between January and February.

3. If a vulnerability was found on asset "ABC" in January and same vulnerability was found on asset "XYZ" in February, then the number of assets associated with this vulnerability will show "2" in Vulcan.

4. If a vulnerability was found at February but did not in January, then a new vulnerability will be created.

7. API

An entire documentation of Vulcan API can be found in
https://[Account Name].vulcancyber.com/#/app/api More details can be found under the article API - User Guide

URL prefix: https://{client-name}.vulcancyber.com/api/asset_manager/vulcanreport/api_v1/ 

Relevant API calls

  • api/asset_manager/vulcanreport/api_v1/list_connectors/  - GET a list of all the VulcanReportConnector that exists in the system:   
  • api/asset_manager/vulcanreport/api_v1/connector/{ID}/upload_report/                     response: {"report_id": 1} - POST a CSV file to a specific VulcanReportConnector ID 
  • api/asset_manager/vulcanreport/api_v1/connector/{ID}/report_status/                   response: [{"report_id": 1, "status": "parsed", "record_count": 30}, {"report_id": 2, "status": "parsing"}]  - GET all the names of the uploaded reports to a specific VulcanReportConnector ID with parsing status. If status=parsed - return the number of recored that were found in the report. If not, indicate that status=parsing.
  • api/asset_manager/vulcanreport/api_v1/connector/{ID}/report_status/{REPORT_ID}/                                                                                                                       response: {"report_id": 1, "status": "parsed", "record_count": 30}  - GET information for a specific report in a VulcanReportConnector ID with parsing status. If status=Parsed - return the number of recored that were found in the report. If not, indicate that status=Parsing.

You can use the attached python script to get started with the Vulcan Report connector api.
vulcan_report_api_test.py

8. FAQ

Can I edit my current mapping to something else?
Currently no. Once the connector created the mapping is permanent .

Can I override existing Vulcan Report Connector?
Yes, but the structure of the file must be the same - meaning the order of the headers. 

Does mapping stay the same after override?
If the CSV is with same headers, then yes.

What file formats are supported?
Currently only CSV file format is supported. In the future, more file formats will be supported.

Can I create more than one Report Connector?
Yes. If you are uploading files from different tools, it is highly recommended to create a Report Connector for each one.

Did this answer your question?