In this article you will find:
How does it work ?
Creating Bugcrowd CSV connector
How to view data from Bugcrowd in Vulcan
1. How does it work ?
Vulcan Bugcrowd CSV connector is very simple to use.
Each Submission in Bugcrowd is a valid file to be uploaded to Vulcan.
Once the CSV is uploaded, Vulcan is mapping in adanvced all the headers from the CSV into Vulcan fields. For example:
target_name in Bugcrowd CSV will be mapped into Vulcan's
vrt_lineage in Bugcrowd CSV will be mapped into Vulcan's
And so on.
The order of the headers does not matter when you download a Submission from Bugcrowd, but note that once you've uploaded a Bugcrowd CSV, and you want to upload an updated file of that CSV - You need to validate that same headers exists as in the previous CSV. For example:
If the first Bugcrowd CSV contained only the headers:
cvss_score, then the next Bugcrowd CSV you will uploaded in order to update the first CSV will must contains exactly same headers (not necessarily by the same order).
File must be CSV format
File should not exceed 200MB
The uploaded CSV should be from the Submissions in Bugcrowd.
The following fields are mandatory:
target_name(to determine the Site name),
vrt_lineage(to determine the Vulnerability name) and
bug_url(to determine the location of the vulnerability)
3. Creating Bugcrowd CSV
In the Connectors page, click on Add a Connector
Click on Bugcrowd CSV connector.
After making sure you overviewed sections 1 and 2, simply upload the Bugcrowd CSV and click on Create.
The process can take a few minutes (depends on the file size).
You can follow the progress on the connector's Log tab:
Once the connector is at Connected state, it is ready for being used.
4. How to view data from Bugcrowd in Vulcan
You can view the data from Bugcrowd from 2 angles;
Go to Assets and navigate to Websites tab. There you can find all the Applications and sites that came from either bug bounties, penetration testing or DAST tools.
To view data from Bugcrowd CSV use the Search bar and filter by either
Source: Bugcrowd CSV or by connector name.
In this view you can see all the targets as in the submission file, in addition to number of pages scanned and total number of vulnerabilities found on this target.
Clicking on each Site will open the Asset Card, where you can find more details about the vulnerabilities and the asset itself.
Go to Vulnerabilities and select on the top bar the status of the vulnerabilities you want to view (Vulnerable/Fixed/Ignored/All)
Use the Search bar and filter by either
Vulnerability Source: Bugcrowd CSV or by
Asset source: Bugcrowd CSV
By clicking on the vulnerabilities, you can open the Vulnerability Card and start performing remediation actions s.a Create Jira ticket/Share via Slack and more.