Acunetix 360 Connector (new revision)

Learn all about integrating Acunetix 360 into the Vulcan Platform

Updated over a week ago

Am I reading the right user guide?

Certain connectors have more than one user guide. It depends on the environment's setup and on the connector's available releases (new vs. older revisions).

To access the user guide that is relevant to your environment, simply click on the "How to connect" button located on the connector's setup page. By doing so, you will be directed to the user guide that aligns with your specific environment, ensuring relevancy and accuracy.


About Acunetix 360

Acunetix 360 is a DAST tool that uses unique technologies, including IAST, to verify and confirm vulnerabilities. This shows you which vulnerabilities are real and not false positives. During independent benchmarks, Acunetix achieved one of the lowest false-positive rates on the market.

Why integrate Acunetix 360 into the Vulcan platform?

The Acunetix 360 Connector by Vulcan integrates with the Acunetix platform to pull and ingest Website assets and their vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.

Connector Details

Supported products


Application Security

Ingested asset type(s)


Integration type

UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)

Connector Setup

Prerequisites and user permissions

Generating Acunetix User ID and Token

First, you must grant the Vulcan Platform access to your Acunetix 360 instance by issuing a user token. Then, you authenticate to the Acunetix 360 API by providing a user ID and authentication token, which you can find on Acunetix 360 account page.

For instructions on how to generate an API Token, see here.

Configuring the Acunetix 360 Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Acunetix 360 icon.

  4. Set up the Connector as follows:

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Acunetix 360 instance, then click Create (or Save Changes).

  6. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  7. Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.

  8. To confirm the sync is complete, navigate to the Connectors page. Once the Acunetix 360 icon shows Connected, the sync is complete.

Acunetix 360 in the Vulcan Platform

Viewing Acunetix 360 vulnerabilities in the Vulcan Platform

To view vulnerabilities by Connector/Source:

  1. Go to the Vulnerabilities page.

  2. Use the Search or Filter input box to select the Vulnerability Source or Connector filter.

  3. Select Acunetix 360 from the vulnerability source/Connector list to filter results.

  4. Click on any vulnerability for more vulnerability details.

Viewing Acunetix 360 assets in the Vulcan Platform

To view assets by Connector/Source:

  1. Go to the Assets page.

  2. Click on the relevant asset type tab.

  3. Use the Search or filter input box to select Connector from the drop-down selection.

  4. Select Acunetix 360 from the Asset source/Connector list to filter results and view all synced assets.
    See the complete list of available asset filters per asset type

Taking Action on vulnerabilities and assets detected by Acunetix 360

To take remediation action on vulnerabilities and assets detected by Acunetix 360:

  1. Go to Vulnerabilities / Assets Page.

  2. Click on the Search and Filter input box and select Connector from the drop-down selection.

  3. Locate the Acunetix 360 option to view all synced vulnerabilities/assets.

  4. Select the relevant Vulnerability/Asset.

Automating remediation actions on vulnerabilities detected by Acunetix 360

Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the Acunetix 360 Connector.

From Acunetix 360 to the Vulcan Platform - Data Mapping

The Vulcan Platform integrates with Acunetix 360 through API to pull relevant vulnerability and asset data and map it into the Vulcan Platform pages and fields.

Website fields mapping

Acunetix 360 field

Vulcan field


Uniqueness criteria


Asset Name


Asset type




Asset Tags - Vendor’s tags

Groups, IsVerified

Asset Tags - Additional


Last scan


Creation date

Id, Url

Vulnerability instance uniqueness criteria


Vulnerability instance first seen


Vulnerability instance Last seen


Vulnerability instance score


Unique Vulnerability uniqueness criteria


Vulnerability title


Vulnerability description


Vulnerability status



Id, Url

Assets-Vulnerability instance connection (info tooltip)

Acunetix 360 {{ Title }}

Fix - Title


Fix - Description


Fix - References

Vulnerability status mapping

Acunetix 360 Status

Vulcan Status

Fixed (Unconfirmed)
Fixed (Can't Retest)


Fixed (Confirmed)


False Positive

Ignored - false positive


Ignored risk acknowledged

Vulnerability score mapping

Acunetix 360 score

Vulcan score













Status Update Mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any added).

The table below lists how the status update mechanism works in the Acunetix 360 connector for the vulnerabilities and assets in the Vulcan Platform.

Update type


Archiving Assets

  • By X days according to last seen - if the Asset hasn’t been seen for X days, the Vulcan Platform archives it.

  • If it wasn't fetched on the last sync - If the asset isn't identified on the Connector's next sync, the Vulcan Platform archives it.

Change of vulnerability instances status from "Vulnerable" to "Fixed"

  • By status: "Fixed (Confirmed)" in the Connector.

  • Nondelta- If the vulnerability isn't fetched again on the Connector’s sync, the Vulcan Platform changes its status to "Fixed".

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).

API Endpoints in Use

API version: 1.0

Did this answer your question?