Am I reading the right user guide?
Certain connectors have more than one user guide. It depends on the environment's setup and on the connector's available releases (new vs. older revisions).
To access the user guide that is relevant to your environment, simply click on the "How to connect" button located on the connector's setup page. By doing so, you will be directed to the user guide that aligns with your specific environment, ensuring relevancy and accuracy.
Overview
About WhiteHat
WhiteHat™ Dynamic rapidly and accurately finds vulnerabilities in websites and applications with the scale and agility you need to identify security risks across your entire application portfolio.
Why integrating WhiteHat into the Vulcan platform?
The WhiteHat Connector by Vulcan integrates with the WhiteHat platform to pull and ingest WhiteHat Code project and website assets and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.
WhiteHat Connector Details
Supported products | |
Category | Application Security - DAST, SAST, and SCA |
Ingested asset type(s) | Websites Code Projects |
Integration type | UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction) |
Supported version and type | SaaS (latest) |
Connector Setup
Prerequisites and user permissions
Before you begin configuring the Connector, make sure you have the following:
WhiteHat API URL:
https://sentinel.whitehatsec.com/api
Generating WhiteHat API KEY
Go to the WhiteHat Platform.
In the My Profile page, select API Key.
Type your password into the Verify Password text field.
Click Authenticate to display your key. If you have never requested your API key before, a key will be generated for you.
Source: WhiteHat Documentation
Configuring the WhiteHat Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the WhiteHat icon.
Set up the Connector as follows:
Enter the API URL:
https://sentinel.whitehatsec.com/apiEnter the API Key you generated earlier.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your WhiteHat instance, then click Create (or Save Changes).
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.
To confirm the sync is complete, navigate to the Connectors page. Once the WhiteHat icon shows Connected, the sync is complete.
WhiteHat in the Vulcan Platform
Viewing WhiteHat vulnerabilities in the Vulcan Platform
To view vulnerabilities by Connector/Source:
Go to the Vulnerabilities page.
Use the Search or Filter input box to select the Vulnerability Source or Connector filter.
Select WhiteHat from the vulnerability source/Connector list to filter results.
Click on any vulnerability for more vulnerability details.
Viewing WhiteHat assets in the Vulcan Platform
To view assets by Connector/Source:
Go to the Assets page.
Click on the relevant asset type tab.
Use the Search or filter input box to select Connector from the drop-down selection.
Select WhiteHat from the Asset source/Connector list to filter results and view all synced assets.
See the complete list of available asset filters per asset type
Taking Action on vulnerabilities and assets detected by WhiteHat
To take remediation action on vulnerabilities and assets detected by WhiteHat:
Go to Vulnerabilities / Assets Page.
Click on the Search and Filter input box and select Connector from the drop-down selection.
Locate the WhiteHat option to view all synced vulnerabilities/assets.
Select the relevant Vulnerability/Asset.
Click Take Action.
Automating remediation actions on vulnerabilities detected by WhiteHat
Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the WhiteHat Connector.
From WhiteHat to the Vulcan Platform - Data Mapping
The Vulcan Platform integrates with WhiteHat through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields.
Code Project fields mapping
WhiteHat field | Vulcan field |
id | Asset uniqueness criteria |
label | Asset Name |
Code Projects | Asset Type |
client_id id language app_full_scan_enabled is_mobile service_level asset_owner_name organization auto_remediation asset_scan_status compliance groups | Asset Details |
status | Asset Status |
last_scan_completed | Asset Last report |
Tags | Asset Tags - Vendor’s tags |
class_readable or class or dast_classes.collection.name | Vulnerability uniqueness criteria |
class_readable or class or dast_classes.collection.name | Vulnerability Title |
description | Vulnerability Description |
impact risk cvss_v3_score_rating reason | Vulnerability Details |
cvss_v3_score or cvss_v3_score_rating (See Vulnerability Score Mapping) | Vulnerability CVSS |
cve_reference.collection | Vulnerability CVE/S |
cvss_v3_vector | Vulnerability CVSS attack vector |
Asset id + file_name + file_location + vulnerability id OR (if no file_name / file_location) Asset id + vulnerability id | Asset-Vulnerability connection uniqueness criteria |
opened | Asset-Vulnerability connection First seen |
modified | Asset-Vulnerability connection Last seen |
cvss_v3_score or cvss_v3_score_rating(See Vulnerability Score Mapping) | Asset-Vulnerability connection Score |
status (See Vulnerability Status Mapping) | Asset-Vulnerability connection Status |
file_name file_location | Asset-Vulnerability connection Info tooltip (from Assets screen) |
sast_file_location | Asset-Vulnerability connection codebase - Source (SAST) |
sast_file_name | Asset-Vulnerability connection codebase - Location (SAST) |
solution | Solution uniqueness criteria |
Fix for class_readable or class or dast_classes.collection.name | Solution Title |
solution | Solution Description |
Website fields mapping
WhiteHat field | Vulcan field |
id | Asset uniqueness criteria |
label | Asset Name |
whitehat_id organization description groups allowed_hosts.hostname asset_owner_name wsi_global_rank wsi_score scan_status asset_phase client_id | Asset Details |
website | Asset type |
allowed_hosts.hostname | Asset Address |
first_completed_scan.timestamp | Asset Created date |
last_completed_scan.timestamp | Asset Last seen date |
Tags | Asset Tags - Vendor’s tags |
class_readable or class or dast_classes.collection.name | Vulnerability uniqueness criteria |
class_readable or class or dast_classes.collection.name | Vulnerability Title |
description | Vulnerability Description |
impact risk cvss_v3_score_rating reason codebase | Vulnerability Details |
cvss_v3_score or cvss_v3_score_rating (See Vulnerability Score Mapping) | Vulnerability CVSS |
cvss_v3_vector | Vulnerability CVSS attack vector |
Asset id + id + vulnerability id | Asset-Vulnerability connection uniqueness criteria |
URL | Asset-Vulnerability connection Pages |
opened | Asset-Vulnerability connection First seen |
modified | Asset-Vulnerability connection Last seen |
status (See Vulnerability Status Mapping) | Asset-Vulnerability connection Status |
solution | Solution uniqueness criteria |
Fix for class_readable or class or dast_classes.collection.name | Solution Title |
solution | Solution Description |
Vulnerability status mapping
WhiteHat Status | Vulcan Status |
Any status other than "closed", "out of scope", accepted", "invalid" and "mitigated". | Vulnerable |
closed | Fixed |
out of scope | Ignored - false positive |
accepted, invalid, mitigated | Ignored risk acknowledged |
Vulnerability score mapping
WhiteHat score | Vulcan score |
Critical | 10 |
High | 7 |
Medium | 5 |
Low | 3 |
Information | 0 |
Status Update Mechanisms
Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any added).
The table below lists how the status update mechanism works in the WhiteHat connector for the vulnerabilities and assets in the Vulcan Platform.
Update type | Mechanism |
Archiving Assets | By delta - when the asset isn't fetched on the next connector's sync. |
Change of vulnerability instances status from "Vulnerable" to "Fixed" | By status "Closed" received from the connector. By delta - when the vulnerability isn't fetched on the next connector's sync. |
Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).
API Endpoints in Use
API version: 1.0
API Release date: Nov 11, 2022
API | Use in Vulcan | Permissions required |
/site | assets (website) | None |
/application | assets (code project) | None |
/vuln/stats | used to run the /vuln endpoint | None |
/source_vuln | vulnerabilities, solutions, asset-vulnerability connections (code project) | None |
/vuln | vulnerabilities, solutions, asset-vulnerability connections (website) | None |
Data Validation
This section provides insight into how the data from WhiteHat is represented when ingested into the Vulcan Platform.
Note: For accurate test results, ensure that tests are conducted while logged into WhiteHat's UI with the same user configured in Vulcan to eliminate permission and scoping issues.
Note: Due to time differences in synchronization, a 100% match in numbers might not always be achieved. This document acknowledges and considers this aspect during validation.
Matching Unique Vulnerabilities
Goal: Match the vulnerabilities count in WhiteHat with Vulcan.
In WhiteHat:
Click on "Findings" on the upper menu to see all vulnerabilities connections.
Note: This view shows all vulnerabilities connections and not unique vulnerabilities. To match counts with Vulcan’s unique vulns, you need to apply filters (see next step).
Filter by status to see only open and mitigated vulns.
Export findings as CSV and remove duplications by Class (vuln name).
Matching Assets
Goal: Match the assets count in WhiteHat with Vulcan.
In WhiteHat:
Click on the "Assets" tab.
Note that WhiteHat's view includes both asset types: Websites and Code Projects.
In Vulcan:
WhiteHat’s applications are mapped into Code Projects.
WhiteHat’s Sites are mapped into Websites.
Matching Vulnerability Instances
Goal: Match connections between a vulnerability and an asset in WhiteHat with Vulcan.
In WhiteHat:
In the assets view, each asset has its Vulns count.
In Vulcan:
For websites, this number matches the unique vulnerability count of each asset in Vulcan.
For applications (code projects), this number will be higher than the count in Vulcan.
Matching Code Project Vulnerability and Asset-Vulnerability Connections Numbers
In WhiteHat:
In the
/source_vulnendpoint, each asset-vulnerability connection contains traces and steps detailing the file_location and file_name where the vulnerability was found.
In Vulcan:
Vulcan defines a code project’s asset-vulnerability connection by its file_location and file_name. A single asset-vulnerability connection in WhiteHat with multiple steps may show in Vulcan as multiple, distinct, asset-vulnerability connections.
Matching Vulnerability Instances' Status
Goal: Check that different statuses of vulnerability instances are translated properly to Vulcan.
Vulcan Status | WhiteHat Status |
Vulnerable | Any status, other than those detailed below, will be considered Vulnerable |
Fixed | Closed |
Ignored - false positive | Out of scope |
Ignored risk acknowledged | Accepted, invalid, mitigated |