WhiteHat Connector (new revision)

Learn all about integrating WhiteHat into the Vulcan Platform

Updated over a week ago

Am I reading the right user guide?

Certain connectors have more than one user guide. It depends on the environment's setup and on the connector's available releases (new vs. older revisions).

To access the user guide that is relevant to your environment, simply click on the "How to connect" button located on the connector's setup page. By doing so, you will be directed to the user guide that aligns with your specific environment, ensuring relevancy and accuracy.

Overview

About WhiteHat

WhiteHat™ Dynamic rapidly and accurately finds vulnerabilities in websites and applications with the scale and agility you need to identify security risks across your entire application portfolio.

Why integrating WhiteHat into the Vulcan platform?

The WhiteHat Connector by Vulcan integrates with the WhiteHat platform to pull and ingest WhiteHat Code project and website assets and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.

WhiteHat Connector Details

Supported products

Category

Application Security - DAST, SAST, and SCA

Ingested asset type(s)

Websites

Code Projects

Integration type

UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)


Connector Setup

Prerequisites and user permissions

Before you begin configuring the Connector, make sure you have the following:

Generating WhiteHat API KEY

  1. Go to the WhiteHat Platform.

  2. In the My Profile page, select API Key.

    1. Type your password into the Verify Password text field.

    2. Click Authenticate to display your key. If you have never requested your API key before, a key will be generated for you.

Configuring the WhiteHat Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the WhiteHat icon.

  4. Set up the Connector as follows:

    • Enter the API URL: https://sentinel.whitehatsec.com/api

    • Enter the API Key you generated earlier.

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your WhiteHat instance, then click Create (or Save Changes).

  6. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  7. Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.

  8. To confirm the sync is complete, navigate to the Connectors page. Once the WhiteHat icon shows Connected, the sync is complete.


WhiteHat in the Vulcan Platform

Viewing WhiteHat vulnerabilities in the Vulcan Platform

To view vulnerabilities by Connector/Source:

  1. Go to the Vulnerabilities page.

  2. Use the Search or Filter input box to select the Vulnerability Source or Connector filter.

  3. Select WhiteHat from the vulnerability source/Connector list to filter results.

  4. Click on any vulnerability for more vulnerability details.

Viewing WhiteHat assets in the Vulcan Platform

To view assets by Connector/Source:

  1. Go to the Assets page.

  2. Click on the relevant asset type tab.

  3. Use the Search or filter input box to select Connector from the drop-down selection.

  4. Select WhiteHat from the Asset source/Connector list to filter results and view all synced assets.
    See the complete list of available asset filters per asset type

Taking Action on vulnerabilities and assets detected by WhiteHat

To take remediation action on vulnerabilities and assets detected by WhiteHat:

  1. Go to Vulnerabilities / Assets Page.

  2. Click on the Search and Filter input box and select Connector from the drop-down selection.

  3. Locate the WhiteHat option to view all synced vulnerabilities/assets.

  4. Select the relevant Vulnerability/Asset.

  5. Click Take Action.

Automating remediation actions on vulnerabilities detected by WhiteHat

Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the WhiteHat Connector.


From WhiteHat to the Vulcan Platform - Data Mapping

The Vulcan Platform integrates with WhiteHat through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields.

Code Project fields mapping

WhiteHat field

Vulcan field

id

Asset uniqueness criteria

label

Asset Name

Code Projects

Asset Type

client_id

id

language

app_full_scan_enabled

is_mobile

service_level

asset_owner_name

organization

auto_remediation

asset_scan_status

compliance

groups

Asset Details

status

Asset Status

last_scan_completed

Asset Last report

Tags

Asset Tags - Vendor’s tags

class_readable or class or dast_classes.collection.name

Vulnerability uniqueness criteria

class_readable or class or dast_classes.collection.name

Vulnerability Title

description

Vulnerability Description

impact

risk

cvss_v3_score_rating

reason

Vulnerability Details

cvss_v3_score or cvss_v3_score_rating (See Vulnerability Score Mapping)

Vulnerability CVSS

cve_reference.collection

Vulnerability CVE/S

cvss_v3_vector

Vulnerability CVSS attack vector

Asset id + file_name + file_location + vulnerability id

OR (if no file_name / file_location)

Asset id + vulnerability id

Asset-Vulnerability connection uniqueness criteria

opened

Asset-Vulnerability connection First seen

modified

Asset-Vulnerability connection Last seen

cvss_v3_score or cvss_v3_score_rating(See Vulnerability Score Mapping)

Asset-Vulnerability connection Score

status (See Vulnerability Status Mapping)

Asset-Vulnerability connection Status

file_name

file_location

Asset-Vulnerability connection Info tooltip (from Assets screen)

sast_file_location

Asset-Vulnerability connection codebase - Source (SAST)

sast_file_name

Asset-Vulnerability connection codebase - Location (SAST)

solution

Solution uniqueness criteria

Fix for class_readable or class or dast_classes.collection.name

Solution Title

solution

Solution Description

Website fields mapping

WhiteHat field

Vulcan field

id

Asset uniqueness criteria

label

Asset Name

whitehat_id

organization

description

groups

allowed_hosts.hostname

asset_owner_name

wsi_global_rank

wsi_score

scan_status

asset_phase

client_id

Asset Details

website

Asset type

allowed_hosts.hostname

Asset Address

first_completed_scan.timestamp

Asset Created date

last_completed_scan.timestamp

Asset Last seen date

Tags

Asset Tags - Vendor’s tags

class_readable or class or dast_classes.collection.name

Vulnerability uniqueness criteria

class_readable or class or dast_classes.collection.name

Vulnerability Title

description

Vulnerability Description

impact

risk

cvss_v3_score_rating

reason

codebase

Vulnerability Details

cvss_v3_score or cvss_v3_score_rating (See Vulnerability Score Mapping)

Vulnerability CVSS

cvss_v3_vector

Vulnerability CVSS attack vector

Asset id + id + vulnerability id

Asset-Vulnerability connection uniqueness criteria

URL

Asset-Vulnerability connection Pages

opened

Asset-Vulnerability connection First seen

modified

Asset-Vulnerability connection Last seen

status (See Vulnerability Status Mapping)

Asset-Vulnerability connection Status

solution

Solution uniqueness criteria

Fix for class_readable or class or dast_classes.collection.name

Solution Title

solution

Solution Description

Vulnerability status mapping

WhiteHat Status

Vulcan Status

Any status other than "closed", "out of scope", accepted", "invalid" and "mitigated".

Vulnerable

closed

Fixed

out of scope

Ignored - false positive

accepted, invalid, mitigated

Ignored risk acknowledged

Vulnerability score mapping

WhiteHat score

Vulcan score

Critical

10

High

7

Medium

5

Low

3

Information

0

Status Update Mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any added).

The table below lists how the status update mechanism works in the WhiteHat connector for the vulnerabilities and assets in the Vulcan Platform.

Update type

Mechanism

Archiving Assets

By delta - when the asset isn't fetched on the next connector's sync.

Change of vulnerability instances status from "Vulnerable" to "Fixed"

By status "Closed" received from the connector.

By delta - when the vulnerability isn't fetched on the next connector's sync.

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).

API Endpoints in Use

API version: 1.0

API Release date: Nov 11, 2022

API

Use in Vulcan

Permissions required

/site

assets (website)

None

/application

assets (code project)

None

/vuln/stats

used to run the /vuln endpoint

None

/source_vuln

vulnerabilities, solutions, asset-vulnerability connections (code project)

None

/vuln

vulnerabilities, solutions, asset-vulnerability connections (website)

None


Data Validation

This section provides insight into how the data from WhiteHat is represented when ingested into the Vulcan Platform.

Note: For accurate test results, ensure that tests are conducted while logged into WhiteHat's UI with the same user configured in Vulcan to eliminate permission and scoping issues.

Note: Due to time differences in synchronization, a 100% match in numbers might not always be achieved. This document acknowledges and considers this aspect during validation.

Matching Unique Vulnerabilities

Goal: Match the vulnerabilities count in WhiteHat with Vulcan.

In WhiteHat:

  1. Click on "Findings" on the upper menu to see all vulnerabilities connections.

    Note: This view shows all vulnerabilities connections and not unique vulnerabilities. To match counts with Vulcan’s unique vulns, you need to apply filters (see next step).

  2. Filter by status to see only open and mitigated vulns.

  3. Export findings as CSV and remove duplications by Class (vuln name).

Matching Assets

Goal: Match the assets count in WhiteHat with Vulcan.

In WhiteHat:

  1. Click on the "Assets" tab.

  2. Note that WhiteHat's view includes both asset types: Websites and Code Projects.

In Vulcan:

WhiteHat’s applications are mapped into Code Projects.

WhiteHat’s Sites are mapped into Websites.

Matching Vulnerability Instances

Goal: Match connections between a vulnerability and an asset in WhiteHat with Vulcan.

In WhiteHat:

In the assets view, each asset has its Vulns count.

In Vulcan:

For websites, this number matches the unique vulnerability count of each asset in Vulcan.

For applications (code projects), this number will be higher than the count in Vulcan.

Matching Code Project Vulnerability and Asset-Vulnerability Connections Numbers

In WhiteHat:

  • In the /source_vuln endpoint, each asset-vulnerability connection contains traces and steps detailing the file_location and file_name where the vulnerability was found.

In Vulcan:

  • Vulcan defines a code project’s asset-vulnerability connection by its file_location and file_name. A single asset-vulnerability connection in WhiteHat with multiple steps may show in Vulcan as multiple, distinct, asset-vulnerability connections.

Matching Vulnerability Instances' Status

Goal: Check that different statuses of vulnerability instances are translated properly to Vulcan.

Vulcan Status

WhiteHat Status

Vulnerable

Any status, other than those detailed below, will be considered Vulnerable

Fixed

Closed

Ignored - false positive

Out of scope

Ignored risk acknowledged

Accepted, invalid, mitigated


Did this answer your question?