Overview
About Detectify
Detectify is a SaaS-based website security service that analyzes and monitors the security level of a user's website by applying a broad range of emulated hacker attacks and providing reports that describe the identified vulnerabilities and their potential risk in the hands of malicious hackers.
Why Integrate Detectify into the Vulcan platform?
The Detectify Connector by Vulcan integrates with the Detectify platform to pull and ingest Detectify website-type assets and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.
Detectify Connector details
Supported products | |
Category | Vulnerability Assessment |
Ingested asset type(s) | Websites |
Integration type | UNI directional (data is transferred from Detictify to the Vulcan Platform in one direction) |
Supported version and type | SaaS (latest) |
Application Security type | DAST |
Connector Setup
Prerequisites and user permissions
Before you begin configuring the connector, make sure you have the following:
Detectify API Key with the following permissions:
Allow listing domain
Allow reading vulnerabilities
Allow listing and reading reports
Allow listing scan profiles
See here how the permissions are used in the API
Generating Detectify API Key:
Go to your Detectify platform
Go to your Account > Account Settings
Click on the API-Keys tab
Click Generate API Key
Specify the name and description of the API Key (e.g., Vulcan) and click Generate API-Key again.
In the API Configuration window, set the following API Setting Permissions:
Allow listing domain
Allow reading vulnerabilities
Allow listing and reading reports
Allow listing scan profiles
See here how the permissions are used in the API
Click Save.
Configuring the Detectify Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the Detectify icon.
Set up the Connector as follows:
Enter the API Key you generated earlier
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Detectify instance, then click Create (or Save Changes).
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
Allow some time for the sync to complete. Then, you can review the sync status under Log.
To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Detectify icon shows Connected, the connection is complete.
Detectify in the Vulcan Platform
Locating Detectify vulnerabilities in the Vulcan Platform
As Detectify discovers vulnerabilities, the Vulcan Platform Connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:
Open the Vulcan Platform dashboard and navigate to the Vulnerabilities.
Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.
Locate Detectify on the vulnerability source/Connector list and click to filter results.
Click on any vulnerability to view further information.
Locating Detectify Website assets in the Vulcan Platform
To locate all retrieved Website assets from Detectify:
Open the Vulcan Cyber dashboard and navigate to Assets.
Click on the Websites tab.
Click on the Search or filter websites input box and select Connector from the drop-down selection.
Locate the Detectify option to view all synced assets.
Automating actions on vulnerabilities detected by Detectify
Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the Detectify Connector.
Click here to learn how to create automation in the Vulcan Cyber Platform.
From Detectify to the Vulcan Platform
Data Mapping
The Vulcan Platform integrates with Detectify through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields.
Websites mapping
Detectify field/mapping element | Vulcan field/mapping element |
domain token | Uniqueness criteria* + Asset Details |
title | Asset Name |
websites | Asset Type |
Location / found at | Asset vulnerable pages |
last_seen | Last scan |
created | Creation date |
Title + URL | Vulnerability instance uniqueness criteria |
Created_at | Vulnerability instance first seen |
Updated_at | Vulnerability instance last seen |
Severity (See Vulnerability Status Mapping) | Vulnerability instance score |
status | Vulnerability status |
title | Unique vulnerability uniqueness criteria* + vulnerability title |
definition.description | Vulnerability description |
cvss_scores, severity, owasp, definition.risk, tags | Vulnerability details |
cvss_scores | CVSS CVSS attack vector |
location | Fix Reference |
*Uniqueness criteria is a set of criteria that their combination determines the uniqueness of a vulnerability or an asset. The set includes:
Asset - token (domain)
Vulnerability title
Solution title
Vulnerability-Asset connection (Title + URL)
Vulnerability status mapping
Detectify Status | Vulcan Status |
Active, New, Regression | Vulnerable |
Patched | Fixed |
False Positive | Ignored - False Positive Accepted Risk |
Accepted Risk | Ignored - Risk Acknowledged |
Vulnerability score mapping
Detectify score | Vulcan score |
Critical | 10 |
High | 7 |
Medium | 5 |
Low | 3 |
Information | 0 |
Update Mechanisms
Status update mechanisms
Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any were added).
The below table lists how the status update mechanism works in the Detectify connector for the existing vulnerabilities and assets in the Vulcan Platform.
Update type | Mechanism |
Archiving Assets | An asset not found on the connector's last sync is archived and no longer presented on the Vulcan platform. |
Change of vulnerability instances status from "Vulnerable" to "Fixed" | - When the vulnerability status on the vendor changes to "Patched" - When the vulnerability no longer appears in the scan findings |
Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).
API
API Endpoints in use
API version: 2.2.2
API | Use in Vulcan | Permissions required |
| Allow listing domains | |
https://api.detectify.com/rest/v2/fullreports/{ScanProfileToken}/latest/ |
| Allow listing and reading reports |
https://api.detectify.com/rest/v2/profiles/{DomainToken}/ | None. Used for findings report API. | Allow listing scan profiles |
| Allow reading vulnerabilities |
FAQ
Data Validation
Why the number of vulnerabilities listed in Detecitfy is higher than in Vulcan?
In the Vulcan Platform, ingested vulnerabilities are aggregated and consolidated by uniqueness criteria to deduplicate the data (Isn't that the whole point?). In Detectify, there is no vulnerability aggregation, and a unique vulnerability with the same URL can be listed several times (based on UUID). Therefore, when validating the data between the Detectify platform and the Vulcan Platform, it is expected to observe a higher vulnerability count on Detectify than on Vulcan.
For example, the screens below show that the "DMARC Policy With Bad Practice" and "Apple App-Site Association File Exposure" vulnerabilities were found three times each on the same URL page and they are listed three times on Detectify's Vulnerabilities page. Once the integration is complete, each vulnerability will appear only once on the Vulnerabilities page of the Vulcan Platform.
In Detectify:
In Vulcan:
Another source for vulnerabilities in Detectify is the Scan Reports findings, which is the latest report of each scan profile that reflects the current state of the domain. The data of the report is also ingested into the Vulcan Platform in addition to the Vulnerabilities Report. However, the findings in the report aren't necessarily exclusive to the report as some of them can also appear in the Detectify Vulnerabilities Report.
Nevertheless, the findings of the Scan Reports are aggregated and consolidated into the Vulcan Platform in the same way as the vulnerabilities findings.
See the example below of how the same finding is found and listed on the Vulnerabilities report as well as on the Scan Reports:
Read about how Detectify's findings and vulnerabilities at:
Application Scanning Findings: https://developer.detectify.com/#tag/application-scanning-finding
Vulnerabilities: https://developer.detectify.com/#tag/vulnerabilities