Target Audience | Hands-On Vulnerability Managers and Champions |
About
What's the Rationale Behind This Best Practice?
The Vulcan ConnectX/Report Connector provides a streamlined and flexible method to upload penetration test reports to the Vulcan Platform. This best practice is grounded in the following key rationales:
Expanded Compatibility: The Vulcan Report Connector supports various file formats, including CSV, ZIP, XLS, and XLSX. This ensures compatibility with a wide range of Security Application Testing (SAST), Dynamic Application Security Testing (DAST), and Vulnerability assessment tools, even those not directly supported by existing Vulcan Connectors.
Targeted Mapping: The Connector facilitates precise mapping of headers in your penetration test files to the corresponding fields in the Vulcan Platform. This ensures accurate and meaningful integration of your security findings, enhancing the overall effectiveness of vulnerability management.
Why upload a penetration test to the Vulcan Platform?
Uploading penetration test reports through the Vulcan Report Connector offers several benefits:
Gain a holistic view of your organization's security posture by incorporating penetration test findings alongside other vulnerability assessment data.
Identify and address vulnerabilities and affected assets efficiently using the Magic Search Advanced Filters.
Merge uploaded assets with existing assets based on predefined criteria for the environment, fostering a more unified and comprehensive asset inventory.
Open remediation tickets on vulnerabilities directly through the Vulcan Platform
Upload as many Pen test reports as you wish and keep your data in one place.
Track and monitor remediation progress in Vulcan Analytics.
What's the Goal of This Best Practice?
This best practice empowers Vulnerability Managers to integrate their penetration test results into the Vulcan Platform seamlessly. By doing so, Vulnerability Managers can learn how to:
Utilize the Vulcan Report Connector to upload Penetration Test reports to consolidate security data from diverse sources into the Vulcan Platform, creating centralized security data and a view of an organization's threat landscape.
Identify Pen-Test Vulnerabilities in the Vulcan Platform.
Enable informed decision-making by leveraging mapped data and business context (SLA Policies), allowing a deeper understanding of vulnerabilities, their severity, and appropriate mitigation strategies.
Open remediation campaigns on Pen test vulnerabilities and assign them to asset owners.
Track and monitor the remediation progress of penetration test vulnerabilities through Vulcan Analytics.
Best Practice Workflow
Preparing the Penetration Test File
Supported file formats: CSV, ZIP, XLS, and XLSX
Max file size: 200 Mb
File structure: The first row must contain headers.Ensure that your file includes the fields (Column headers) as specified for each asset type. You do not need to match your column headers with Vulcan headers initially, as you will have the opportunity to map and align the fields accurately in a later step on the Connector's setup page.
Mandatory Column Headers: Ensure the presence of required headers such as Application/Asset Name, Severity (numeric), Vulnerability Name, Vulnerability Description, Vulnerability Details, and Test Date.
Optional Column Header: Include mitigation/solution information if available.
Fields Mapping Options are available here.
If you intend to leverage the Asset Ownership feature using Dynamic Properties, it is strongly recommended to include an "Ownership" column in your file. Populate this column with the asset owner's information in the following format:
techowner:samjones@company.com. You can later map this field to the Asset Tag in Vulcan. Following the synchronization process, you can convert these tags into Dynamic Properties and utilize them as Asset Ownership tags when assigning Remediation Tickets to specific email addresses.Make sure the Vulnerability Severity field is numeric ("Critical" = 10, "High" = 9, "Medium" = 5, "Low" = 3). For your reference, see How to Convert Severity into Numerics in Excel.
Date fields must be in the date format: DD/MM/YYYY. For example,
20/03/2023.
File Example:
Uploading the Penetration Test File
Follow these steps to upload your Penetration Test report using the Vulcan Report Connector:
Navigate to Connectors > Add a Connector
Click the Vulcan Report/ConnectX Icon.
Name Your Vulcan Connector: Provide an indicative name, such as "Penetration Test - December 23" to easily identify the report's purpose.
Upload Your File: Browse or drag and drop your penetration test file (CSV, XLS, XLSX).
Map Fields Configuration: Select your file's Data Type and map headers to respective Vulcan fields. Usually, Penetration Tests are type Host (Vulnerability Assessment) or Websites (DAST)
Example:
Notes:
You can map the Vulcan fields 'Asset - Details' and 'Vulnerability - Details' to multiple headers for enhanced specificity in data representation.
When associating a risk score with the Vulcan field "Vulnerabilities - Technical Severity," the mapped risk score reflects the rating of a unique vulnerability within the Vulcan Platform. The vulnerability instance's score is calculated after the file is loaded. This score is influenced by various risk-affecting factors configured in the Vulcan Platform, including Asset tags and impact. The comprehensive evaluation ensures a nuanced understanding of the vulnerability's severity based on the entire context and configuration within the platform. Read here about vulnerability instance risk calculation and how it works.
Set Inactive Assets: Set the Inactive Assets to 1 Year (to ensure assets won't be archived).
Click Create: Confirm the configuration to finalize the upload.
For your reference, you can find the complete Vulcan Report Connector Guide here.
Managing and Remediating Penetration Test Vulnerabilities and Assets
Asset Filtering and Identification
After the sync, you can filter your assets and vulnerabilities by Source/Connector on the Assets page / Vulnerabilities Page using the Magic Filter and filter by source to identify Vulcan Report ingested assets.
Asset Ownership and Action
Uploading the Excel with asset ownership data allows you to Take Action on Vulnerabilities by Asset Owner through the Vulcan Platform. Alternatively, you can create Asset ownership tags using the Dynamic Properties feature in the Vulcan Platform.
Remediation Prioritization
Once the Vulnerabilities are in the Vulcan Platform, their SLA is updated according to their severity. This allows you to Open remediation tickets based on your SLA Policy.
Remediation Tracking
Once you start opening Remediaiton Campaigns on vulnerabilities, you can begin to Track and monitor the remediation progress of Vulnerabilities through the Vulcan Campaign.
Reporting and Analytics
You can Track and Monitor Pen Test Remediation Progress through Vulcan Analytics > Application Security Report or by any other available report using the Source Filter (filter by report name).
FAQ
How can I convert technical severity to numerics in Excel?
You can use the following excel macro to convert technical severity to numerics:
Sub ConvertSeverityToNumber()
Dim ws As Worksheet
Dim lastRow As Long
Dim severityRange As Range
Dim cell As Range
' Define the severity mappings
Dim severityMap As Object
Set severityMap = CreateObject("Scripting.Dictionary")
severityMap("Critical") = 10
severityMap("High") = 9
severityMap("Medium") = 5
severityMap("Low") = 3
' Set the worksheet where the data is located
Set ws = ThisWorkbook.Worksheets("Sheet1") ' Replace "Sheet1" with your actual sheet name
' Find the last row in the "Severity" column
lastRow = ws.Cells(ws.Rows.Count, "D").End(xlUp).Row ' Assuming "Severity" is in column D
' Set the range for the "Severity" column
Set severityRange = ws.Range("D2:D" & lastRow) ' Assuming the data starts from row 2
' Loop through each cell in the range and convert the text to numerical values
For Each cell In severityRange
If severityMap.Exists(cell.Value) Then
cell.Value = severityMap(cell.Value)
End If
Next cell
End Sub