All Collections
Connectors
Application Security (SCA/SAST/DAST)
SecurityScorecard Connector
SecurityScorecard Connector

Learn all about integrating SecurityScorecard into the Vulcan Platform

Updated over a week ago

Overview

About SecurityScorecard

SecurityScorecard is a comprehensive cyber security risk ratings platform that continuously monitors the cyber security health of organizations to inform on cyber security risk management. SecurityScorecard identifies public-facing vulnerabilities that create a security risk.

Why Integrating SecurityScorecard into the Vulcan platform?

The SecurityScorecard Connector by Vulcan integrates with the SecurityScorecard platform to pull and ingest SecurityScorecard website-type assets and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.

SecurityScorecard Connector details

The SecurityScorecard connector maps domains to websites.
Note: The vendor also displays positive findings (AKA "Positive Signals"), which are not fetched into the Vulcan Platform.

Supported products

Security Ratings

Category

Security Rating

Ingested asset type(s)

Websites - DAST

Integration type

UNI directional (data is transferred from SecurityScorecard to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)

Connector Setup

Prerequisites and user permissions

Before you begin configuring the connector, make sure you have the following:

  • SecurityScorecard API Token

  • To access the API key, the SecurityScorecard account should be set as a business or enterprise account.

Generating SecurityScorecard API Token:

Generating a token for the Security Scorecard API is very straightforward: there is only one type of user and no permissions hierarchy.

  1. Go to your SecurityScorecard platform.

  2. Go to your Account > My Settings

  3. Go to API

  4. Click on "Generate New API Token" and then on Confirm.

  5. Copy-paste the generated API to someplace safe.

Configuring the SecurityScorecard Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the SecurityScorecard icon.

  4. Set up the connector as follows:

    • Enter the API Key you generated earlier

  5. The SecurityScorecard platform displays informational findings in addition to critical, high, and low-severity findings. If relevant, check the "Pull Informational findings" check box to pull informational findings.

  6. SecurityScorecard has custom scorecards. If relevant, check the "Ingest Custom Scorecards data" checkbox to pull custom scorecards data. Otherwise, only the main scorecards are pulled.

  7. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your SecurityScorecard instance, then click Create (or Save Changes).

  8. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  9. Allow some time for the sync to complete. Then, you can review the sync status under Log.

  10. To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the SecurityScorecard icon shows Connected, the connection is complete.

SecurityScorecard in the Vulcan Platform

Locating SecurityScorecard vulnerabilities in the Vulcan Platform

As SecurityScorecard discovers vulnerabilities, the Vulcan Platform Connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:

  1. Open the Vulcan Platform dashboard and navigate to the Vulnerabilities.

  2. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.

  3. Locate SecurityScorecard on the vulnerability source/Connector list and click to filter results.

  4. Click on any vulnerability to view further information.

Locating SecurityScorecard Website assets in the Vulcan Platform

To locate all retrieved Website assets from SecurityScorecard:

  1. Open the Vulcan Cyber dashboard and navigate to Assets.

  2. Click on the Websites tab.

  3. Click on the Search or filter websites input box and select Connector from the drop-down selection.

  4. Locate the SecurityScorecard option to view all synced assets.

Automating actions on vulnerabilities detected by SecurityScorecard

Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the SecurityScorecard Connector.

Click here to learn how to create automation in the Vulcan Cyber Platform.

From SecurityScorecard to the Vulcan Platform

Data Mapping

The Vulcan Platform integrates with SecurityScorecard through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields.

Websites mapping

SecurityScorecard field

Vulcan field

company_domain

Asset Uniqueness criteria*

company_name

Name

website

Asset type

parent_domain

Address

First field that has a value: final_url / url / target / company_domain / parent_domain

Pages

company_score

security_scorecard_last30days_score_change

company_industry

Asset Details

tag_name

Asset tags

Vulcan last seen time

Last scan

Status

feedback_type

created_at

Creation date

issue_type

Vulnerability uniqueness criteria*

title

Title

security_scorecard_severity

Score

short_description

Description

cvss_score: "{% if severity == 'high' %}10{% elif severity == 'medium' %}6{% elif severity == 'low' %}3{% elif severity == 'info' %}0{% endif %}

cloud_vv_id

issue_key

score_impact

score_factor

security scorecard severity

Details

vulnerability_url + vulnerability_id

CVE/S

issue_id

Asset-Vulnerability connection uniqueness criteria

first_seen

First seen

last_seen

Last seen

total_score_impact

Score

feedback_type

Status changes (including resurfacing)

issue_id

url_or_ip: first field that has a value: final_url / url / target / company_domain / parent_domain

cve: vulnerability_url + vulnerability_id, formatted as a hyperlink

observation

Info tool tip (from Assets screen)

issue_type

Solution uniqueness criteria

“Fix for” vulnerability title

Title

recommendation

Description

references

References

* Uniqueness criteria is a set of criteria that their combination determines the uniqueness of a vulnerability or an asset. The set includes:

  • asset - company_domain

  • vuln - issue_type / issue_key

  • solution - issue_type / issue_key

  • vuln_asset_connection - issue_id

  • solution_vuln_connection - issue_type / issue_key

Vulnerability status mapping

SecurityScorecard Status

Vulcan Status

Open

Under review

Approved

Vulnerable

Resolved

Technical Remediation

Vulnerability no longer appears on SecurityScorecard

Fixed

Declined

Misattribution

False Positive

Ignored - False Positive

Compensation Control

Ignored - Risk Acknowledged

Vulnerability score mapping

SecurityScorecard score

Vulcan score

High

10

Medium

6

Low

3

Info

0

Positive Findings (Positive Signals)

Positive findings/signals are not fetched into the Vulcan Platform.

Update Mechanisms

Status update mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any were added).

The table below lists how the status update mechanism works in the SecurityScorecard connector for the vulnerabilities and assets in the Vulcan Platform.

Update type

Mechanism

Archiving Assets

An asset not found on the connector's last sync is archived and no longer presented on the Vulcan platform.

Change of vulnerability instances status from "Vulnerable" to "Fixed"

- When the vulnerability status on the vendor changes to "Technical Remediation"

- When the vulnerability no longer appears in the scan findings

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync time (the next day).

API

API Endpoints in use

API

Use in Vulcan

Permissions required

https://api.securityscorecard.io/myself

Asset

Basic

https://api.securityscorecard.io/portfolios

Asset

Basic

https://api.securityscorecard.io/portfolios/{portfolio_id}/companies

Asset

Basic

https://api.securityscorecard.io/companies/{company_domain}

Asset details

Basic

https://api.securityscorecard.io/companies/{company_domain}/factors

Vulnerability details

Basic

https://ui-metadata.securityscorecard.io/metadata/issue-types/{issue_type}.json

Vulnerability solution

None

https://api.securityscorecard.io/companies/{company_domain}/issues/{issue_type}

vulnerability-asset connection

Basic

https://api.securityscorecard.io/scorecard-tags

Asset tags

Basic

https://api.securityscorecard.io/scorecard-tags/{tag_id}//companies

Asset tags

Basic

Data Validation

How do I validate the data between SecurityScorecard and the Vulcan Platform?

When validating the data between the SecurityScorecard platform and the Vulcan Platform, the number of unique vulnerabilities fetched into the Vulcan Platform should match the total number of the SecurityScorecard findings under HIGH, MEDIUM, LOW, and INFORMATIONAL (if configured to be fetched in the connector settings). Keep in mind that Vulcan doesn't fetch "Positive Signals" findings.

Related Articles
Purplemet Connector
Detectify Connector
Tenable.io Connector
HackerOne Connector
CyCognito Connector
Did this answer your question?