Skip to main content
CONNECTOR TEMPLATE

DRAFT ONLY! DO NOT PUBLISH OR EDIT.

Updated over 3 months ago

Am I reading the correct user guide?

Some connectors on the Vulcan help center offer multiple user guides tailored to different setups and versions.

To open the correct user guide for your setup and version, go to the connector's setup page and click How to connect.


Connector details

About X

<information on the vendor product/solution + link to vendor>

Support scope

Supported products

Category

Ingestion type

<Assets only>
<Assets and vulnerabilities>

Ingested asset type(s)

Integration type

UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)

Connector Setup

Prerequisites and user permissions

Before you begin configuring the Connector, make sure you have the following:

  • <CONNECTOR X SOMETHING / X permissions>

  • Credentials [API/Token/Username and pass]

Generating credentials/API token

  1. Go to XCONNECTOR Platform

  2. .....

  3. ....

Configuring the <X> connector

  1. Login to the Vulcan ExposureOS platform and go to Connectors > Add a Connector

  2. Click on the X CONNECTOR icon.

  3. Set up the Connector as follows:

    1. If a gateway is required, refer to the Vulcan Gateway guide to configure the gateway before proceeding. If not, continue following the steps in this guide.

    2. Select the region of your Rapid7 account.

    3. Enter the API Key you generated earlier.

  4. Data pulling configuration:

    This configuration has dynamic settings tailored to the specific connector and integration type. Below are the configurations relevant to this connector.

    • Asset Retention: Configure the retention period for inactive assets based on their last seen date. If an asset has not been detected or updated in a scan within the specified days, it will be automatically removed from the Vulcan ExposureOS platform. This ensures your asset inventory stays current and relevant.

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your <CONNECTORX> instance.

    Notes:

    • A successful connectivity test confirms that the platform can connect to the <X> instance. However, it does not guarantee that the synchronization process will succeed, as additional syncing or processing issues may arise.

      Example:

    • If the connectivity test fails, an error message with details about the issue will appear. Click the arrow next to the error message for more information about the exact error.

      Example:

  6. Connector scheduling: Set the connector's sync time and days. By default, all days are selected.

  7. Click Create to start syncing the new connector, or Save Changes if editing an existing connector.

  8. Allow some time for the sync to complete. Then, you can review the sync status on the Connectors main page or under Connector sync logs on the connector's specific setup page.

  9. To confirm the sync is complete, navigate to the Connectors page. The sync is complete once the <X Connector> icon shows Connected.
    Example:


<X> in the Vulcan platform

Viewing findings

To view findings (instances) ingested by the <X Connector>:

  1. Go to the Findings page.

  2. Click on Filter and set the condition to Vulnerability > Source > is > <X>.

    Example:

You can also:

Viewing vulnerabilities

To view vulnerabilities ingested by the <X Connector>:

  1. Go to the Vulnerabilities page.

  2. Click on Filter and set the condition to Vulnerability > Source > is > <X>.

    Example:

You can also:

Viewing assets

To view assets ingested by the <X Connector>:

  1. Go to the Assets page.

  2. Click on Filter and set the condition to Asset > Source > is > <X>.

    Example:

You can also:

Taking action on vulnerabilities and assets

To take remediation action on vulnerabilities and assets ingested by <X> :

  1. Go to the Vulnerabilities or Assets Page.

  2. Use the Filter to view the assets/vulnerabilities by source. You can always filter by Business Group and add more filters to narrow your search.

  3. Select the relevant vulnerabilities/assets from the results list.

  4. Click on Take Action to proceed with remediation or further actions.

    Example:

Automating remediation actions on vulnerabilities

Use Vulcan Playbooks to create automation and remediate vulnerabilities at scale.


Data Mapping

The Vulcan Platform integrates with X through an API that pulls relevant vulnerability and asset data and maps it to the platform's pages and fields. The vulnerabilities and/or assets data is ingested from the vendor platform and mapped into the Vulcan ExposureOs platform.

<Host/Website/Image/Cloud/CodeProject> data mapping

Asset data

X field

Vulcan field

Unique vulnerability data

X field

Vulcan field

Finding data (asset-instance connection)

X field

Vulcan field

Vulnerability status mapping

Findings (instances) ingested from connectors are mapped into the Vulcan platform by status.

X status

Vulcan status

Vulnerable

Fixed

Acknowledged

The statuses are mapped into the Findings page > Show <status> view:


Vulnerability score mapping

Risk scores ingested from connectors are converted into numeric scores and mapped into the Vulcan platform risk score field, which eventually impacts the contextualized risk calculation

X score

Vulcan score

10

7

5

3

0

The scores are mapped into the Score field of the Vulnerability details:

Status update Mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones.

The table below lists how the status update mechanism works in the <X Connector> for the vulnerabilities and assets in the Vulcan Platform.

Status change

When?

The asset is archived

- <Asset not found on the connector's last sync>

- <Asset not seen for X days according to "Last Seen">

- <Asset status on the connector's side indicates irrelevancy>

- <Asset status changes to one of the selected statuses defined in the Asset Retention configuration.>

The vulnerability instance status changes to "Fixed"

- <If the vulnerability no longer appears in the scan findings>

- <Vulnerability status on the connector's side changes to <status>>

- <Vulnerability status on the connector's side indicates irrelevancy (e.g., "INACTIVE")>

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).

Support limitations and expected behavior

This section outlines any irregularities, expected behaviors, or limitations related to integrating the Vulcan Cyber ExposureOS platform and <X>. It also highlights details about ingested and non-ingested data to clarify data handling and functionality within this integration.

  • xxx

  • xxxx

API endpoints in use

API version: x.x.x

API

Use in Vulcan

Permissions required


Data Validation

This section shows how to validate and compare data between Vulcan ExposureOS and the <X> platform.

Matching Asset Count

Objective: Ensure X reports the same as/aligns with the number of assets displayed in Vulcan.

In <X>:

  1. ..

  2. ....

  3. ....

    <Screen>


In Vulcan:

  1. ..

  2. ....

  3. ....

    <Screen>

Validations if an asset is not present in Vulcan:

  • Archive by date: Ensure the asset is not archived in Vulcan based on an outdated last-seen date.

  • Archive by status: If the asset is no longer present or valid, confirm that it was removed or deleted.

  • Data pulling configuration: Verify that the relevant data-pulling configurations are correctly set on the connectors setup page. Make sure to click Save Changes if you modify the connector's setup.

Matching vulnerabilities count

Objective: Ensure the number of unique vulnerabilities in <X> matches/aligns with those in Vulcan.

In <X>:

  1. ..

  2. ....

  3. ....

    <Screen>


In Vulcan:

  1. ..

  2. ....

  3. ....

    <Screen>


Validations if vulnerability is not present in Vulcan:

  • No asset has this vulnerability: Check if the vulnerability is tied to an asset in <X> that exists in Vulcan.

  • Asset-vulnerability mapping: Ensure correct mapping between the asset and its vulnerabilities.

Matching findings (instances) count

Objective: Verify that the number of findings (asset-vulnerability instances) in <X> aligns with Vulcan.

In <X>:

  1. ..

  2. ....

  3. ....

    <Screen>


In Vulcan:

  1. ..

  2. ....

  3. ....

    <Screen>

Possible discrepancies:

  • The numbers displayed in <X> might not always match the API response used by Vulcan.

  • Users should rely on API-driven data for accurate comparisons.

Validations if a connection is not present in Vulcan:

  • If a finding transitions to fixed, it will appear on Vulcan’s Fixed screen.
    Note that other statuses are mapped to different status tabs on Vulcan.

  • If the finding does not exist for a supported asset or is missing from the <X> response, it will not show in Vulcan.

  • If the finding does not exist for a supported asset or is missing from the <X> response, it will not show in Vulcan.

Did this answer your question?