Overview
About CyCognito
The CyCognito platform discovers and tests all assets discoverable via the internet. This process finds previously unknown assets unmonitored and exposed to attack. The platform continuously monitors and tests all assets associated with an organization.
Why integrate CyCognito into the Vulcan platform?
The CyCognito Connector by Vulcan integrates with the CyCognito platform to pull and ingest asset types host and website, and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.
CyCognito Connector Details
Supported products | |
Category | Application Security - DAST |
Ingested asset type(s) |
|
Integration type | UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction) |
Supported version and type | SaaS (latest) |
Connector Setup
Prerequisites and user permissions
Before you begin configuring the Connector, make sure you have the following:
Generating CyCognito API KEY
Go to CyCognito Platform > Workflow & Integration
Click on API Key Management
Input a key name and click Create.
Copy the resulting API key to use later when setting up the connector in Vulcan.
Configuring the CyCognito Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the CyCognito icon.
Set up the Connector as follows:
Enter the API Key you generated earlier.
Select the asset types you want to ingest into the Vulcan Platform.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your CyCognito instance, then click Create (or Save Changes).
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
(Optional) select the asset status change in CyCognito that should immediately archive the asset in Vulcan. The options are: "
normal", "new", and "changed".
See Support and Expected Behaviour.Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.
To confirm the sync is complete, navigate to the Connectors page. Once the CyCognito icon shows Connected, the sync is complete.
CyCognito in the Vulcan Platform
Viewing CyCognito vulnerabilities in the Vulcan Platform
To view vulnerabilities by Connector/Source:
Go to the Vulnerabilities page.
Use the Search or Filter input box to select the Vulnerability Source or Connector filter.
Select CyCognito from the vulnerability source/Connector list to filter results.
Click on any vulnerability for more vulnerability details.
Viewing CyCognito assets in the Vulcan Platform
To view assets by Connector/Source:
Go to the Assets page.
Click on the relevant asset type tab.
Use the Search or filter input box to select Connector from the drop-down selection.
Select CyCognito from the Asset source/Connector list to filter results and view all synced assets.
See the complete list of available asset filters per asset type
Taking Action on vulnerabilities and assets detected by CyCognito
To take remediation action on vulnerabilities and assets detected by CyCognito:
Go to the Vulnerabilities / Assets Page.
Click on the Search and Filter input box and select Connector from the drop-down selection.
Locate the CyCognito option to view all synced vulnerabilities/assets.
Select the relevant vulnerabilities from the results list.
Click Take Action.
Automating remediation actions on vulnerabilities detected by CyCognito
Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the CyCognito Connector.
From CyCognito to the Vulcan Platform - Data Mapping
The Vulcan Platform integrates with CyCognito through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform pages and fields.
Websites - Web Application fields mapping
CyCognito field | Vulcan field | Value Example |
Asset Id | Asset Uniqueness criteria |
|
Webapp Address | Asset Name | 
|
Website | Asset type |
|
Homepage URL | Asset Address | 
|
Security Score Security Grade Hosting Discoverability Attractiveness Technical Owner Organizations | Asset details | 
|
Tags | Asset Tags - Vendor’s tags | 
|
Organizations Asset type | Asset Tags - Additional |
|
Last Seen | Asset Last scan | 
|
Status | Asset Status | 
|
First Seen | Asset Creation date |
|
Asset Id + id + issue_id | Vulnerability instance uniqueness criteria |
|
first_detected | Vulnerability instance first seen | 
|
evidence.final-url | Asset's vulnerable pages | 
|
last_detected | Vulnerability instance Last seen |
|
vulnerable | Vulnerability instance status |
|
severity_score | Vulnerability instance score |
|
summary | Vulnerability instance description |
|
investigation_status evidence | Vulnerability instance Asset connection (info tooltip) |
|
issue_id | Unique Vulnerability uniqueness criteria |
|
title | Unique Vulnerability title | 
|
summary | Unique Vulnerability description | 
|
issue_type base_severity_score | Unique Vulnerability details |
|
enhanced_severity_score | Unique Vulnerability CVSS |
|
issue_id | Unique Vulnerability CVE/S |
|
remediation_steps | Solution uniqueness criteria |
|
Fix for Cycognito Vulnerability | Solution Title |
|
remediation_method + | Solution Description |  |
Websites - Domain fields mapping
CyCognito field | Vulcan field | Value Example |
Asset Id | Asset Uniqueness criteria |
|
Domain | Asset Name | 
|
Website | Asset type |
|
Domain | Asset Address |
|
Security Score Security Grade Hosting Discoverability Attractiveness Technical Owner Organizations | Asset details | 
|
tags | Asset Tags - Vendor’s tags | 
|
Organizations Asset type | Asset Tags - Additional | 
|
Last Seen | Asset Last scan | 
|
Status | Asset Status | 
|
First Seen | Asset Creation date |
|
Asset Id + id + issue_id | Vulnerability instance uniqueness criteria |
|
first_detected | Vulnerability instance first seen | 
|
last_detected | Vulnerability instance Last seen |
|
vulnerable | Vulnerability instance status |
|
severity_score | Vulnerability instance score |
|
investigation_status evidence | Vulnerability instance Asset connection (info tooltip) |
|
issue_id | Unique Vulnerability uniqueness criteria |
|
title | Unique Vulnerability title | 
|
summary | Unique Vulnerability description | 
|
issue_type | Unique Vulnerability details |
|
enhanced_severity_score | Unique Vulnerability CVSS |
|
issue_id | Unique Vulnerability CVE/S |
|
platforms | Unique Vulnerability affected packages |
|
remediation_steps | Solution uniqueness criteria |
|
Fix for Cycognito Vulnerability | Solution Title | 
|
remediation_method + | Solution Description |
|
Hosts - IP Address
CyCognito field | Vulcan field | Value Example |
Asset Id | Asset Uniqueness criteria |
|
IP | Asset Name | 
|
Security Score Security Grade Hosting Discoverability Attractiveness Technical Owner Organizations Location Environments IP Ranges Open TCP Ports | Asset details | 
|
Host | Asset type |
|
IP | Asset IP |
|
Platforms | Asset OS |
|
First Seen | Asset Created date |
|
Last Seen | Asset Last seen date | 
|
status | Asset Status | 
|
Tags | Asset Tags - Vendor’s tags | 
|
Organizations Asset type | Asset Tags - Additional | 
|
Asset Id + id + issue_id | Vulnerability instance uniqueness criteria |
|
first_detected | Vulnerability instance first seen | 
|
last_detected | Vulnerability instance Last seen |
|
vulnerable | Vulnerability instance status |
|
port | Vulnerability instance port |
|
issue_status investigation_status evidence port | Vulnerability instance Asset connection (info tooltip) |
|
issue_id | Unique Vulnerability uniqueness criteria |
|
title | Unique Vulnerability title | 
|
summary | Unique Vulnerability description | 
|
issue_type | Unique Vulnerability details |
|
enhanced_severity_score | Unique Vulnerability CVSS |
|
issue_id | Unique Vulnerability CVE/S |
|
remediation_steps | Solution uniqueness criteria |
|
Fix for Cycognito Vulnerability | Solution Title | 
|
remediation_method + | Solution Description |
|
Vulnerability status mapping
CyCognito Status | Vulcan Status |
| Vulnerable |
resolved | Fixed |
Vulnerability score mapping
CVSS3 Based
CyCognito score | Vulcan score |
0-10 | 0-10 |
Status Update Mechanisms
Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any added).
The table below shows how the status update mechanism works in the CyCognito connector for the vulnerabilities and assets in the Vulcan Platform.
Update type in Vulcan | Mechanism (When?) |
The asset is archived | - Asset not found on the connector's last sync - Asset status on the connector's side is " |
The vulnerability instance status changes to "Fixed" | - If the vulnerability no longer appears in the scan findings. |
Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).
Support and Expected Behaviour
Support and expected behavior remarks on some CyCognito ingested vs. un-ingested fields:
CyCognito asset types are ingested based on user input, with available options including
Domains,IP Addresses, andWeb Applications.
Certificatesare currently not supported.Asset archiving is determined by both status and user input, with possible options being
normal,new,changed,removed, orN/A. The default selection isremoved.Issues (vulnerabilities) with an investigation_status set to archived or resolved are excluded from the ingestion process. Issues with an investigation_status set to
investigated,uninvestigated, orinvestigatingare ingested and treated as vulnerable.When calculating vulnerability instances, potential discrepancies between CyCognito and Vulcan should be considered:
Vulcan exclusively incorporates vulnerability instances directly linked to an asset. CyCognito, on the other hand, includes vulnerability instances not only for the asset itself but also for linked assets.
If a domain is linked to an IP address, each possessing distinct vulnerability instances:
In Vulcan, two separate assets will be displayed, each with its own vulnerability instance.
In CyCognito, both assets will be assigned, but they will share the same two vulnerability instances.
API Endpoints in Use
API version: 1.0
API | Use in Vulcan |
| Generate asset report |
| Generate asset report |
| Generate asset report |
| Get reports, Assets |
| Unique vulnerabilities, vulnerability instances, solutions |
| Unique vulnerabilities, vulnerability instances, solutions |
| Unique vulnerabilities, vulnerability instances, solutions |
Data Validation
This "Data Validation" aims to validate and compare assets and asset-vulnerability connections between CyCognito and the Vulcan Cyber Platform, ensuring consistency in the data between the two platforms.
Matching Assets - WebApp
In CyCognito:
Go to Assets List.
In Asset Type, choose "Web App."
Hovering over the number will show the exact count (e.g., 3682).
In Vulcan:
Go to Assets > Websites.
Filter assets by:
Connector = CyCognito
Tag = AssetType: WebApp
Matching Assets - Domain Data
In CyCognito:
Go to Assets List.
In Asset Type, choose "Domain."
Hovering over the number will show the exact count (e.g., 2920).
In Vulcan:
Go to Assets > Websites.
Filter assets by:
Connector = CyCognito
Tag = AssetType: Domain
Matching Assets - IP Data
In CyCognito:
Go to Assets List.
In Asset Type, choose "IP Address."
Hovering over the number will show the exact count (e.g., 3575).
In Vulcan:
Go to Assets > Hosts.
Filter assets by:
Connector = CyCognito
Matching Assets-Vulnerability Connection
In CyCognito:
Click on a asset in CyCognito. In the right pane, the related issues appear.
Click on the “explore further issues in list” link to get the exact issues count.
You will be moved to the issues screen that is automatcly filtered for the selected asset.
In Vulcan:
Go to Assets > Hosts.
Click on an CyCognito asset to view the linked vulnerabilities.
