Overview
About Purplemet
Purplemet is a Web Application Security Monitoring SaaS solution focused on what hackers may see and exploit. It’s complementary to scanners enabling cyber hygiene on a URL portfolio while providing an additional list of vulnerabilities and technologies.
Why integrating Purplemet into the Vulcan platform?
The Purplemet Connector by Vulcan integrates with the Purplemet platform to pull and ingest website-type assets and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.
Purplemet Connector details
Supported products | |
Category | Application Security - DAST |
Ingested asset type(s) | Websites |
Integration type | UNI directional (data is transferred from Purplemet to the Vulcan Platform in one direction) |
Supported version and type | SaaS (latest) |
Connector Setup
Prerequisites and user permissions
Ensure that your Purplemet account has a Purplemet subscription. Otherwise, the API endpoints will not be available.
Generating Purplemet API Token
Go to your Purplemet platform
Go to Tokens on the left menu
Click Add
Insert a Friendly Name of your choice (Example: VulcanAPI) and Generate a token. Make sure the Activation toggle is on.
Click Confirm on the upper right part of the screen.
Make sure the status of the generated API token is Enabled.
Configuring the Purplemet Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the Purplemet icon.
Set up the Connector as follows:
Enter the API Key you generated earlier
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Purplemet instance, then click Create (or Save Changes).
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
Allow some time for the sync to complete. Then, you can review the sync status under Log.
To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Purplemet icon shows Connected, the connection is complete.
Purplemet in the Vulcan Platform
Locating Purplemet vulnerabilities in the Vulcan Platform
As Purplemet discovers vulnerabilities, the Vulcan Platform Connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:
Open the Vulcan Platform dashboard and navigate to the Vulnerabilities.
Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.
Locate Purplemet on the vulnerability source/Connector list and click to filter results.
Click on any vulnerability to view further information.
Locating Purplemet Website assets in the Vulcan Platform
To find all retrieved Website assets from Purplemet:
Open the Vulcan Cyber dashboard and navigate to Assets.
Click on the Websites tab.
Click on the Search or filter websites input box and select Connector from the drop-down selection.
Locate the Purplemet option to view all synced assets.
Automating actions on vulnerabilities detected by Purplemet
Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the Purplemet Connector.
Click here to learn how to create automation in the Vulcan Cyber Platform.
From Purplemet to the Vulcan Platform
The Vulcan Platform integrates with Purplemet through API to pull vulnerabilities and assets data and map it to the Vulcan Platform.
Websites mapping
Purlemet field/mapping element | Vulcan field/mapping element | Value Example |
Web application ID | Uniqueness criteria* + Asset Details |
|
Web application URL | Asset Name |
|
Web application URL | Address |
|
Web application URL | Asset’s vulnerable pages |
|
websites | Asset Type |
|
Web application ID IP address notification enabled last analysis status last analysis mode last analysis user name | Asset details | Web application ID:
IP address:
notification enabled:
last analysis status:
last analysis mode:
last analysis user name:
|
Vendor tags | Asset Tags |
|
Location / found at | Asset vulnerable pages |
|
| Last scan |
|
createdAt | Creation date |
|
Issue name + Web application URL | Vulnerability instance uniqueness criteria |
|
| Vulnerability instance first seen | |
| Vulnerability instance last seen |
|
| Vulnerability instance score | |
Issue name | Unique vulnerability uniqueness criteria* + vulnerability title |
|
| Vulnerability description |
|
| Vulnerability details |
|
active | Vulnerability status |
|
| CVSS |
|
CVEs | CVE/S |
|
CWE-ID | CWE | 16 |
| CVSS attack vector |
|
*Uniqueness criteria is a set of criteria that their combination determines the uniqueness of a vulnerability or an asset. The set includes:
Asset - Web application ID
Vulnerability - Issue name
Vulnerability-Asset connection: Issue ID + Web application URL
Vulnerability status mapping
Purplemet Status | Vulcan Status |
Open | Vulnerable |
Fixed | Fixed |
Ignored | Acknowledged |
Vulnerability score mapping
Purplemet Score | Vulcan Score |
Critical | 10 |
High | 7 |
Medium | 5 |
Low | 3 |
Information | 0 |
Update Mechanisms
Status update mechanisms
Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any were added).
The below table shows how the Vulcan Platform updates the status of existing Vulnerabilities and Assets upon the daily Purplement connector sync.
Update type | Mechanism |
Archiving Assets | An asset not found on the connector's last sync is archived and no longer presented on the Vulcan platform. |
Changing the vulnerability instances status from "Vulnerable" to "Fixed" | - When the vulnerability status on the vendor changes to "FIXED" - When the vulnerability no longer appears in the scan findings |
Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).
API
API Endpoints in use
API version: v1.15.4
API | Use in Vulcan | Permissions required |
Assets
| None | |
Tag ID | None | |
https://api.purplemet.com/site/{tag_id}/site | Asset tags | None |
| None |
Data Validation
Assets data validation
In Purplement, click on Web Applications on the left bar to see all of the tenant’s websites. All Purplemet’s web applications will be displayed on the Vulcan Platform similarly. The assets count ("Records") in Purplemet should match the Assets count in the Vulcan Platform. Deleted assets will be archived from the Vulcan Platform.
In Purplemet:
In Vulcan:
Vulnerabilities data validation
In the Vulcan Platform, ingested vulnerabilities are aggregated and consolidated by uniqueness criteria to deduplicate the data (Isn't that the whole point?). Purplemet Issues are aggregated by Vulnerability name in the Vulcan Platform. Meaning, Vulcan will show less (or equal in case there are no duplications) number of vulnerabilities.
In Vulcan, each Purplemet issue unique name will be a single vulnerability aggregating the relevant assets.
For example:
Having 3 “Content Security Policy Not Implemented” active issues in Purplemet will be displayed as 1 Vulcan unique vulnerability with 3 associated assets (3 vulnerability instances).
Note that Purplemet displays issues by the statuses Active, Fixed, and Ignored. When comparing the Vulnerability data between Purplemet and the Vulcan Platform, look under the Active tab in Purplemet. Vulnerabilities in statuses Fixed or Ignored arent fetched into the Vulcan Platform.
In Purplemet:
In Vulcan:
