Am I reading the correct user guide?
Am I reading the correct user guide?
Some connectors on the Vulcan help center offer multiple user guides tailored to different setups and versions.
To open the correct user guide for your setup and version, go to the connector's setup page and click How to connect.
Connector details
About X
<information on the vendor product/solution + link to vendor>
Support scope
Supported products |
|
Category |
|
Ingestion type | <Assets only> |
Ingested asset type(s) |
|
Integration type | UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction) |
Supported version and type | SaaS (latest) |
Connector Setup
Prerequisites and user permissions
Before you begin configuring the Connector, make sure you have the following:
<CONNECTOR X SOMETHING / X permissions>
Credentials [API/Token/Username and pass]
Generating credentials/API token
Go to XCONNECTOR Platform
.....
....
Configuring the <X> connector
Login to the Vulcan ExposureOS platform and go to Connectors > Add a Connector
Click on the X CONNECTOR icon.
Set up the Connector as follows:
If a gateway is required, refer to the Vulcan Gateway guide to configure the gateway before proceeding. If not, continue following the steps in this guide.
Select the region of your Rapid7 account.
Enter the API Key you generated earlier.
Data pulling configuration:
This configuration has dynamic settings tailored to the specific connector and integration type. Below are the configurations relevant to this connector.
Asset Retention: Configure the retention period for inactive assets based on their last seen date. If an asset has not been detected or updated in a scan within the specified days, it will be automatically removed from the Vulcan ExposureOS platform. This ensures your asset inventory stays current and relevant.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your <CONNECTORX> instance.
Notes:
A successful connectivity test confirms that the platform can connect to the <X> instance. However, it does not guarantee that the synchronization process will succeed, as additional syncing or processing issues may arise.
Example:
If the connectivity test fails, an error message with details about the issue will appear. Click the arrow next to the error message for more information about the exact error.
Example:
Connector scheduling: Set the connector's sync time and days. By default, all days are selected.
Click Create to start syncing the new connector, or Save Changes if editing an existing connector.
Allow some time for the sync to complete. Then, you can review the sync status on the Connectors main page or under Connector sync logs on the connector's specific setup page.
To confirm the sync is complete, navigate to the Connectors page. The sync is complete once the <X Connector> icon shows Connected.
Example:
<X> in the Vulcan platform
Viewing findings
To view findings (instances) ingested by the <X Connector>:
Go to the Findings page.
Click on Filter and set the condition to Vulnerability > Source > is > <X>.
Example:
You can also:
Filter by Business Group and add more filters to narrow your search further.
Filter by Connector-specific parameters (also known as Native Parameters) if available.
Click on a finding for more details.
Viewing vulnerabilities
To view vulnerabilities ingested by the <X Connector>:
Go to the Vulnerabilities page.
Click on Filter and set the condition to Vulnerability > Source > is > <X>.
Example:
You can also:
Filter by Business Group and add more filters to narrow your search further.
Filter by Connector-specific parameters (also known as Native Parameters) if available.
Click on a vulnerability for more details.
Viewing assets
To view assets ingested by the <X Connector>:
Go to the Assets page.
Click on Filter and set the condition to Asset > Source > is > <X>.
Example:
You can also:
Filter by Business Group and add more filters to narrow your search further.
Filter by Connector-specific parameters (also known as Native Parameters) if available.
Click on an asset for more details.
Taking action on vulnerabilities and assets
To take remediation action on vulnerabilities and assets ingested by <X> :
Go to the Vulnerabilities or Assets Page.
Use the Filter to view the assets/vulnerabilities by source. You can always filter by Business Group and add more filters to narrow your search.
Select the relevant vulnerabilities/assets from the results list.
Click on Take Action to proceed with remediation or further actions.
Example:
Automating remediation actions on vulnerabilities
Use Vulcan Playbooks to create automation and remediate vulnerabilities at scale.
Data Mapping
The Vulcan Platform integrates with X through an API that pulls relevant vulnerability and asset data and maps it to the platform's pages and fields. The vulnerabilities and/or assets data is ingested from the vendor platform and mapped into the Vulcan ExposureOs platform.
<Host/Website/Image/Cloud/CodeProject> data mapping
Asset data
X field | Vulcan field |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Unique vulnerability data
X field | Vulcan field |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Finding data (asset-instance connection)
X field | Vulcan field |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Vulnerability status mapping
Findings (instances) ingested from connectors are mapped into the Vulcan platform by status.
X status | Vulcan status |
| Vulnerable |
| Fixed |
| Acknowledged |
The statuses are mapped into the Findings page > Show <status> view:
Vulnerability score mapping
Risk scores ingested from connectors are converted into numeric scores and mapped into the Vulcan platform risk score field, which eventually impacts the contextualized risk calculation.
X score | Vulcan score |
| 10 |
| 7 |
| 5 |
| 3 |
| 0 |
The scores are mapped into the Score field of the Vulnerability details:
Status update Mechanisms
Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones.
The table below lists how the status update mechanism works in the <X Connector> for the vulnerabilities and assets in the Vulcan Platform.
Status change | When? |
The asset is archived | - <Asset not found on the connector's last sync> - <Asset not seen for X days according to "Last Seen"> - <Asset status on the connector's side indicates irrelevancy> - <Asset status changes to one of the selected statuses defined in the Asset Retention configuration.> |
The vulnerability instance status changes to "Fixed" | - <If the vulnerability no longer appears in the scan findings> - <Vulnerability status on the connector's side changes to <status>> - <Vulnerability status on the connector's side indicates irrelevancy (e.g., "INACTIVE")> |
Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).
Support limitations and expected behavior
This section outlines any irregularities, expected behaviors, or limitations related to integrating the Vulcan Cyber ExposureOS platform and <X>. It also highlights details about ingested and non-ingested data to clarify data handling and functionality within this integration.
xxx
xxxx
API endpoints in use
API version: x.x.x
API | Use in Vulcan | Permissions required |
|
|
|
|
|
|
|
|
|
|
|
|
Data Validation
This section shows how to validate and compare data between Vulcan ExposureOS and the <X> platform.
Matching Asset Count
Objective: Ensure X reports the same as/aligns with the number of assets displayed in Vulcan.
In <X>:
..
....
....
<Screen>
In Vulcan:
..
....
....
<Screen>
Validations if an asset is not present in Vulcan:
Archive by date: Ensure the asset is not archived in Vulcan based on an outdated last-seen date.
Archive by status: If the asset is no longer present or valid, confirm that it was removed or deleted.
Data pulling configuration: Verify that the relevant data-pulling configurations are correctly set on the connectors setup page. Make sure to click Save Changes if you modify the connector's setup.
Matching vulnerabilities count
Objective: Ensure the number of unique vulnerabilities in <X> matches/aligns with those in Vulcan.
In <X>:
..
....
....
<Screen>
In Vulcan:
..
....
....
<Screen>
Validations if vulnerability is not present in Vulcan:
No asset has this vulnerability: Check if the vulnerability is tied to an asset in <X> that exists in Vulcan.
Asset-vulnerability mapping: Ensure correct mapping between the asset and its vulnerabilities.
Matching findings (instances) count
Objective: Verify that the number of findings (asset-vulnerability instances) in <X> aligns with Vulcan.
In <X>:
..
....
....
<Screen>
In Vulcan:
..
....
....
<Screen>
Possible discrepancies:
The numbers displayed in <X> might not always match the API response used by Vulcan.
Users should rely on API-driven data for accurate comparisons.
Validations if a connection is not present in Vulcan:
If a finding transitions to fixed, it will appear on Vulcan’s Fixed screen.
Note that other statuses are mapped to different status tabs on Vulcan.If the finding does not exist for a supported asset or is missing from the <X> response, it will not show in Vulcan.
If the finding does not exist for a supported asset or is missing from the <X> response, it will not show in Vulcan.