All Collections
Connectors
Application Security (SCA/SAST/DAST)
Acunetix 360 Connector (new revision)
Acunetix 360 Connector (new revision)

Learn all about integrating Acunetix 360 into the Vulcan Platform

Updated over a week ago

Am I reading the right user guide?

Certain connectors have more than one user guide. It depends on the environment's setup and on the connector's available releases (new vs. older revisions).

To access the user guide that is relevant to your environment, simply click on the "How to connect" button located on the connector's setup page. By doing so, you will be directed to the user guide that aligns with your specific environment, ensuring relevancy and accuracy.

Overview

About Acunetix 360

Acunetix 360 is a DAST tool that uses unique technologies, including IAST, to verify and confirm vulnerabilities. This shows you which vulnerabilities are real and not false positives. During independent benchmarks, Acunetix achieved one of the lowest false-positive rates on the market.

Why integrate Acunetix 360 into the Vulcan platform?

The Acunetix 360 Connector by Vulcan integrates with the Acunetix platform to pull and ingest Website assets and their vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.

Connector Details

Supported products

Acunetix 360

Category

Application Security

Ingested asset type(s)

Websites

Integration type

UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)

Connector Setup

Prerequisites and user permissions

Generating Acunetix User ID and Token

First, you must grant the Vulcan Platform access to your Acunetix 360 instance by issuing a user token. Then, you authenticate to the Acunetix 360 API by providing a user ID and authentication token, which you can find on Acunetix 360 account page.

For instructions on how to generate an API Token, see here.

Configuring the Acunetix 360 Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Acunetix 360 icon.

  4. Set up the Connector as follows:

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Acunetix 360 instance, then click Create (or Save Changes).

  6. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  7. Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.

  8. To confirm the sync is complete, navigate to the Connectors page. Once the Acunetix 360 icon shows Connected, the sync is complete.

Acunetix 360 in the Vulcan Platform

Viewing Acunetix 360 vulnerabilities in the Vulcan Platform

To view vulnerabilities by Connector/Source:

  1. Go to the Vulnerabilities page.

  2. Use the Search or Filter input box to select the Vulnerability Source or Connector filter.

    See the complete list of available vulnerability filters.

  3. Select Acunetix 360 from the vulnerability source/Connector list to filter results.

  4. Click on any vulnerability for more vulnerability details.

Viewing Acunetix 360 assets in the Vulcan Platform

To view assets by Connector/Source:

  1. Go to the Assets page.

  2. Click on the relevant asset type tab.

  3. Use the Search or filter input box to select Connector from the drop-down selection.

  4. Select Acunetix 360 from the Asset source/Connector list to filter results and view all synced assets.
    See the complete list of available asset filters per asset type

Taking Action on vulnerabilities and assets detected by Acunetix 360

To take remediation action on vulnerabilities and assets detected by Acunetix 360:

  1. Go to Vulnerabilities / Assets Page.

  2. Click on the Search and Filter input box and select Connector from the drop-down selection.

  3. Locate the Acunetix 360 option to view all synced vulnerabilities/assets.

  4. Select the relevant Vulnerability/Asset.

  5. Click Take Action.

Automating remediation actions on vulnerabilities detected by Acunetix 360

Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the Acunetix 360 Connector.

Learn all about Automation Playbooks in the Vulcan Cyber Platform.

From Acunetix 360 to the Vulcan Platform - Data Mapping

The Vulcan Platform integrates with Acunetix 360 through API to pull relevant vulnerability and asset data and map it into the Vulcan Platform pages and fields.

Website fields mapping

Acunetix 360 field

Vulcan field

Id

Uniqueness criteria

Name

Asset Name

Websites

Asset type

RootUrl

Address

Tags

Asset Tags - Vendor’s tags

Groups, IsVerified

Asset Tags - Additional

UpdatedAt

Last scan

CreatedAt

Creation date

Id, Url

Vulnerability instance uniqueness criteria

FirstSeenDate

Vulnerability instance first seen

LastSeenDate

Vulnerability instance Last seen

Severity

Vulnerability instance score

Title

Unique Vulnerability uniqueness criteria

Title

Vulnerability title

Summary

Vulnerability description

State

Vulnerability status

Classification.Cwe

CWE

Id, Url

Assets-Vulnerability instance connection (info tooltip)

Acunetix 360 {{ Title }}

Fix - Title

Remedy

Fix - Description

RemedyReferences

Fix - References

Vulnerability status mapping

Acunetix 360 Status

Vulcan Status

Fixed (Unconfirmed)
Fixed (Can't Retest)
Present
Revived

Vulnerable

Fixed (Confirmed)

Fixed

False Positive

Ignored - false positive

AcceptedRisk

Ignored risk acknowledged

Vulnerability score mapping

Acunetix 360 score

Vulcan score

Critical

10

High

7

Medium

5

Low

3

BestPractice

1

Information

0

Status Update Mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any added).

The table below lists how the status update mechanism works in the Acunetix 360 connector for the vulnerabilities and assets in the Vulcan Platform.

Update type

Mechanism

Archiving Assets

  • By X days according to last seen - if the Asset hasn’t been seen for X days, the Vulcan Platform archives it.

  • If it wasn't fetched on the last sync - If the asset isn't identified on the Connector's next sync, the Vulcan Platform archives it.

Change of vulnerability instances status from "Vulnerable" to "Fixed"

  • By status: "Fixed (Confirmed)" in the Connector.

  • Nondelta- If the vulnerability isn't fetched again on the Connector’s sync, the Vulcan Platform changes its status to "Fixed".

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).

API Endpoints in Use

API version: 1.0

API

Use in Vulcan

Permissions required

https://online.acunetix360.com/api/1.0/websites/list

Fetch websites

-

https://online.acunetix360.com/api/1.0/issues/allissues

Fetch issues

-

Related Articles
Acunetix 360 Connector (previous revision)
Snyk Connector (new revision)
BlackDuck Connector (new revision)
Rapid7 Insight VM Connector (default new revision)
Tanium Connector (new revision)
Did this answer your question?