About
The Vulcan Platform integrates with various security tools and systems through connectors, allowing for the synchronization and ingestion of relevant data. Below is a breakdown of asset types ingested into the Vulcan Platform.
Hosts (VCP-Host)
Assets Categorized as Hosts
Hosts refer to a wide range of devices and systems that are connected to a network and are capable of receiving, processing, or transmitting data.
Assets Type Host | Description |
Computers and Laptops | Personal computers and laptops are common hosts in both home and corporate networks. These devices run operating systems such as Windows, macOS, or Linux. |
Servers | Servers are powerful computers designed to provide services or resources to other devices on the network. Examples include web servers, file servers, and database servers. |
Virtual Machines (VMs) | VMs are software-based emulations of physical computers that run on a host machine. Each VM acts as an independent host with its own operating system and applications. Examples include virtual servers created using hypervisors like VMware, Hyper-V, or VirtualBox. |
Cloud Instances | Cloud instances are virtual servers or computing resources provided by cloud service providers (e.g., Amazon Web Services, Microsoft Azure, Google Cloud). Users can deploy and manage virtual servers, storage, and networking resources in the cloud. |
Routers and Switches | Network devices like routers and switches can also be considered hosts. Routers connect different networks, while switches manage local network traffic. |
Smartphones and Tablets | Mobile devices with network connectivity, such as smartphones and tablets, are hosts in a network. They can communicate with other devices and access network resources. |
Network-Attached Storage (NAS) | NAS devices are hosts that provide centralized storage accessible over a network. They are commonly used for file sharing and backup purposes. |
Printers and Scanners | Network-connected printers and scanners are hosts that can be vulnerable to cyber threats. They are often overlooked but should be secured to prevent unauthorized access. |
Internet of Things (IoT) Devices | IoT devices, like smart thermostats, cameras, and appliances, are hosts that connect to a network. Their security is crucial to prevent unauthorized access or exploitation. |
Connectors Supporting Host Assets and their Unique Identifier
Connector | Unique Identifier |
Tenable |
|
Qualys |
|
Azure |
|
Crowdstrike |
|
microsofttvm |
|
Prismacloud |
|
Rapid7 |
|
microsoftdfc |
|
RedHat Insights |
|
Sentinelone |
|
Wiz |
|
Tenablesc | if |
BitSight |
|
Jamf |
|
Intune |
|
prisma_cspm |
|
Gcp |
|
Lacework |
|
aqua_cwpp |
|
Axonius |
|
Tanium |
|
AWS |
|
Outpost24 |
|
Orca |
or
or
|
Cycognito |
|
Google SCC |
|
ServicenNow |
|
Tenable Nessus File |
|
Code Project (VCP-App)
Assets categorized as Code Project
Code projects typically refer to initiatives involving the creation, development, and maintenance of software code.
A Code Project can be any undertaking that involves writing, testing, and managing source code to achieve a specific goal or set of goals.
Code Projects can range from small scripts and utilities to large-scale applications, libraries, or frameworks.
Connectors Supporting Code Project Assets and their Unique Identifier
A unique identifier for a code project is typically referred to as a
repository identifierorrepository URL. This identifier is a unique address or label associated with a specific code repository, making it easy for developers and tools to access and interact with the project.The choice of repository identifier depends on the platform or version control system used for hosting the code.
Usual scanners for these projects include Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Infrastructure as Code (IAC) scanners.
Connector | Unique Identifier |
Github_Dependabot |
|
Snyk |
|
Github_Code_Scanning |
|
Whitesource |
|
Sonarqube |
|
fortifysast |
|
Checkmarxcxsast |
|
Blackduck |
|
Sonarcloud |
|
Sonatype |
|
Veracode_Sca |
|
Veracode_SAST |
|
Whitehat |
|
Shiftleft_Sca |
|
Shifteft_sast |
|
GitLab |
|
Websites (VCP-App)
Assets categorized as Websites
Websites refer to web-based applications or services accessible through the internet.
In cybersecurity, websites play a crucial role as potential targets for various cyber threats. Websites are vulnerable to attacks such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and other security risks.
To assess and enhance the security of websites, various scanning techniques are employed, including Dynamic Application Security Testing (DAST) and Interactive Application Security Testing (IAST).
In IAST tools, the main domain name indicates a website
In DAST tools, the Base URL indicates the website, and the children's URL is the application.
Connectors Supporting Website Assets and their Unique Identifier
Usual scanners for these projects include Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Infrastructure as Code (IAC) scanners.
Connector | Unique Identifier |
Risk Recon |
|
Tenablewas | deprecated |
Qualyswas |
|
security_scorecard |
|
Bugcrowd |
|
fortifydast |
|
Hackerone |
|
Burpsuite |
|
Detectify |
|
Netsparker |
|
Whitehat |
|
acunetix360 |
|
Acunetix_Premium |
|
Purplemet |
|
Cycognito |
|
Images(VCP-Host)
Assets Categorized as Images
In the context of software development, particularly in the realm of containerization and microservices architecture, the terms "images," "containers," and "registries" are commonly used.
Assets Type Image | Description |
Image | An image is a lightweight, standalone, and executable package that includes everything needed to run a piece of software, including the code, runtime, libraries, and system tools. In containerization, images serve as the blueprint for containers. Images are typically created from a set of instructions specified in a Dockerfile or a similar configuration file. |
Container | A container is a running instance of a Docker image or another container image. Containers provide a consistent and isolated environment for executing applications. They encapsulate an application and its dependencies, ensuring that it can run consistently across various environments. Containers are lightweight, portable, and can be easily moved between different host systems. |
Registry | A registry is a centralized storage system for container images. It serves as a repository where developers can push and pull container images. Registries play a crucial role in sharing and distributing containerized applications. Popular container registries include Docker Hub, Google Container Registry, Amazon Elastic Container Registry (ECR), and others. |
Connectors Supporting Image Assets and their Unique Identifier
Connector | Unique Identifier |
Snyk |
|
Wiz | If the asset exists in asset inventory report - name and provider id. |
Lacework |
|
Aqua CWPP | for |
Google SCC |
|
Cloud Resources(VCP-CSPM)
Assets Categorized as Cloud Resources
Cloud resources refer to the various computing services and infrastructure components that are provided by cloud service providers (CSPs) to users over the Internet. These resources are hosted and managed in data centers operated by the cloud provider. Cloud computing offers a flexible and scalable model where users can access and utilize these resources on-demand, paying only for the resources they consume.
Asset Type Cloud Resource | Description |
Storage Resources | These are cloud-based solutions that offer scalable and secure data storage options. Users can store, back up, and retrieve any amount of data at any time, from anywhere on the internet, making it an essential component for data management and disaster recovery. |
Networking Resources | These include virtual networks, dedicated connections, and other networking services that enable communication between cloud services, users, and other internet-connected devices. They provide the backbone for cloud environments, ensuring data can be transferred securely and efficiently. |
Database Resources | Cloud databases are managed database services hosted in the cloud, designed to store and manage data. They offer high availability, scalability, and convenience, allowing users to focus on application development without worrying about database management tasks. |
Identity and Access Management (IAM) | This refers to the framework of policies and technologies ensuring that the right users have the appropriate access to technology resources. IAM systems can be used to initiate, capture, record, and manage user identities and their related access permissions automatically. |
Compute Resources | These are cloud-based processing power services, which include virtual machines (VMs), containers, and serverless computing. They allow users to run applications and workloads in the cloud, providing scalable computing capacity that eliminates the need for physical hardware investments. |
Connectors Supporting Cloud Resource Assets and their Unique Identifier
Connector | Unique Identifier | Supported Cloud Resources |
Microsoft Defender For Cloud | id | Storage Solutions: - microsoft.storage - storageaccounts - microsoft.classicstorage - storageaccounts Database Services: - microsoft.documentdb - databaseaccounts - Microsoft.Sql - servers - microsoft.dbforpostgresql - servers - microsoft.azurearcdata - sqlserverinstances Compute Services: - microsoft.compute - virtualmachines - Microsoft.Compute - virtualMachineScaleSets - microsoft.compute - virtualmachinescalesets Networking Solutions: - microsoft.network - virtualnetworkgateways - microsoft.network - applicationgateways - Microsoft.Network - virtualNetworks Other Services: - Microsoft.OperationalInsights - workspaces - microsoft.eventhub - namespaces - microsoft.cache - redis - Microsoft.HybridCompute - machines - microsoft.search - searchservices - Microsoft.ContainerRegistry - registries - microsoft.appconfiguration - configurationstores - microsoft.logic - workflows - microsoft.servicebus - namespaces - microsoft.keyvault - vaults - microsoft.containerservice - managedclusters - microsoft.streamanalytics - streamingjobs - microsoft.databricks - workspaces - microsoft.machinelearningservices - workspaces - microsoft.automation - automationaccounts - Microsoft.ContainerService - managedClusters - microsoft.operationalinsights - workspaces - microsoft.apimanagement - service - microsoft.synapse - workspaces - microsoft.web - sites - microsoft.dbformysql - servers - microsoft.eventgrid - topics - microsoft.sql - servers Security and Management: - SqlServerVulnerability - ServerVulnerabilityTvm - GeneralVulnerability - Key Vault Kubernetes and Containers: - Kubernetes Service - microsoft.containerregistry - registries Miscellaneous: - subscription - identities - SQL Database - Azure Resource - Virtual Machine Scale Set - None |
Prisma CSPM |
| Cloud Services and Resources: - dnsRecord, Serverless, ecs, compute#disk, Serverless, DaemonSet, cluster, Serverless, vpc, Serverless, container, inlinePolicy, Serverless, bucket, Serverless, None, Serverless, autoScalingGroup, Serverless, Container, Serverless, role, hostedContainer, None, Serverless, customerManagedPolicy AWS Resources: - rds/AmazonAuroraMySQL/instance, rds/PostgreSQL/instance, rds/Oracle/instance, rds/AmazonAuroraPostgreSQL/instance, rds/AmazonAuroraPostgreSQL/cluster, elastiCache/Redis/instance, elastiCache/Memcached/instance, rds/MariaDB/instance, rds/MySQL/instance, rds/AmazonDocDB/cluster, rds/MSSQLServer/instance, rds/AmazonDocDB/instance, elasticFileSystem
Microsoft Azure Resources: - Microsoft.Compute/disks, Microsoft.Web/sites/functions, Microsoft.DBforMySQL/flexibleServers, Microsoft.DBforPostgreSQL/flexibleServers, Microsoft.Network/publicIPAddresses, Microsoft.Compute/virtualMachineScaleSets/virtualMachines, Microsoft.Storage/storageAccounts/blobServices/containers, Microsoft.DocumentDB/databaseAccounts, Microsoft.AzureActiveDirectory/User, Microsoft.ContainerRegistry/registries, Microsoft.Network/virtualNetworks, Microsoft.Subscription, Microsoft.Storage/storageAccounts, microsoft.synapse/workspaces, Microsoft.Compute/virtualMachineScaleSets, microsoft.app/containerapps/containers, sql#instance, microsoft.app/containerapps/revisions, Microsoft.ContainerService/ManagedClusters, microsoft.kusto/clusters
Linode Resources: - linode/networking/firewall, linode/nodebalancer, linode/instance, linode/databases/mysql, linode/domain, linode/user, linode/objectsotragebucket, linode/lke/cluster
Miscellaneous: - IAM Credentials Report, KubernetesCluster, publicRepository, account, User, volume, hostedContainer, elasticMapReduceSyntheticInstanceGroup, elasticIP, storage#bucket, useraccount#instance, region, compute#instanceGroup, KubernetesCluster, serviceaccount#serviceAgent, loadBalancerv2/application, cognito-identity#identitypool, spotinstSyntheticInstanceGroup, Deployment, KubernetesCluster, containerRegistry, group, Microsoft.AzureActiveDirectory/tenants, user, service, rootUser, repository, loadBalancerv1, Other, workspaces#workspace, IAM Policy, Managed Storage Bucket, hostedContainer, ServicePrincipal/Application, compute#address, compute#forwardingRule, serviceaccount#instance, securityGroup, Microsoft.Cache/Redis, run#revision, compute#network, project#instance, codebuild#project, ami, container#instance, keypair, encryptionKey, backupvault, compute#backendService, elasticSearchService, lightsail#Instance, cloudSearch#domain
AWS Specific: - sqs, redshift, redis#instance, compute#unmanagedInstanceGroup, Microsoft.Compute/availabilitySets, sns |
Lacework |
| Compute and Networking: - ec2:instance, ec2:vpc, ec2:subnet, ec2:internet-gateway, ec2:route-table, ec2:network-interface, ec2:prefix-list, ec2:key-pair, ec2:security-group, ec2:dhcp-options
Load Balancing and Networking: - elbv2:loadbalancer, elbv2:listener, elbv2:target-group, elbv2:listener-rule
Database Services: - rds:db-parameter-group, rds:db-snapshot, neptune:db-cluster, neptune:db-cluster-endpoint, neptune:db-instance, neptune:db-cluster-snapshot, neptune:db-parameter-group, neptune:db-subnet-group, docdb:db-cluster-snapshot, dms:replication-subnet-group, dms:endpoint
Storage and Content Delivery: - s3:bucket, cloudfront:distribution, ec2:snapshot, firehose:delivery-stream, ec2:volume
Automation and Management: - cloudformation:stack, cloudformation:stack-set, autoscaling:auto-scaling-group, autoscaling:policy, autoscaling:launchConfiguration, lambda:function, config:delivery-channel, config:configuration-recorder
Security, Identity, and Compliance: - iam:user, iam:role, iam:instance-profile, acm:certificate, guardduty:detector, guardduty:publishing-destination, securityhub:hub, securityhub:enabled-standard, secretsmanager:secret, kms:key, kms:alias
Monitoring and Governance: - cloudwatch:alarm, cloudtrail:trail, logs:log-group, events:rule, events:event-bus
Application Integration: - sns:subscription, sns:topic, sqs:queue, appsync:type, appsync:resolver, appsync:data-source
API Gateway and Networking: - apigateway:rest-api, apigateway:gateway-response, apigateway:resource, apigateway:stage, apigateway:model, apigateway:deployment
Other Services: - ecs:cluster, organizations:parent-accounts, organizations:account, organizations:organization, organizations:organizational-units, organizations:policy, organizations:delegated-administrator, athena:work-group, athena:data-catalog, account, group_owner, user, region, None |
Aqua CWPP |
| - |
Aqua CSP |
or
|
|
Orca |
or
or
| AWS Services: - Autoscaling: autoscaling:auto-scaling-group, autoscaling:policy - EC2: ec2:instance, ec2:vpc, ec2:subnet, ec2:internet-gateway, ec2:route-table, ec2:key-pair, ec2:security-group, ec2:prefix-list, ec2:flow-log - RDS: rds:db-parameter-group, rds:db-security-group, rds:db-snapshot - Lambda, CloudFormation, CloudTrail, CloudFront, S3, DynamoDB, ElasticCache, EKS, CodeBuild, CodeCommit, CodeDeploy, CloudWatch, IAM, GuardDuty, KMS, SecretsManager, SNS, SQS, Glue, Athena, Neptune, DocumentDB, Kinesis, API Gateway, WAFv2, FSx, Backup, Step Functions, Elastic Beanstalk, Transient Gateway, Lake Formation, KeySpaces, Sagemaker
Azure Services: - Azure: AzureExternalAppRoleAssignment, AzurePublicIp, AzureVnetRouteTable, AzureRunbook, AzureApplicationGatewayRule, AzureNetworkInterface, AzureRoleAssignment, AzureActivityLogAlerts, AzureCacheForRedis, AzureSubscriptionDiagnosticSetting, AzureKeyVaultSecret, AzureResourceLock, AzureSnapshot, AzureSqlDatabase, AzureAksNodePool, AzureVirtualNetworkGateway, AzurePurviewAccount, AzureNetworkWatcher, AzurePostgresFlexibleServer, AzureBackEndPool, AzureVNet, AzureWebAppService, AzureDisk, AzureNetworkSecurityGroup, AzureNetworkSecurityGroupRule, AzureContainerAppEnvironment, AzureWebApplicationFirewall, AzureBatchAccount, AzureMySqlDbServer, AzureSqlDbServer, AzureSynapseWorkspace, AzureKeyVault, AzureServiceAsset, AzureEventGridTopic, AzureOpenAiModel, AzureCdnOrigin, AzureStorageQueue, AzureBastionHost, AzureContainerRegistry, AzureDiagnosticSetting, AzureApiManagement, AzureEventHubNamespace, AzureLogAnalyticsWorkspace, AzureSqlVm, AzureDataFactory, AzureContainerInstance, AzureApplicationGateway, AzureMicrosoftDefenderForCloudSecurityAlert, AzureAksCluster, AzureApiManagementApi, AzureFunctionApp, AzureEventHub, AzureServicePrincipal, AzureAutomationAccount, AzureStorageAccount, AzureStorageFileShare, AzureStorageTable, AzureLoadBalancer, AzureLoadBalancerRule, AzureVirtualNetworkGatewayConnection, AzureSubnet, AzureCosmosDb, AzureServiceBus, AzureApiGatewayV2Endpoint, AzureNetworkFlowLog
GCP Services: - GCP: GcpMonitoringAlertPolicy, GcpLoadBalancerBackendBucket, GcpRedisInstance, GcpLoggingSink, GcpIamServiceAccountKey, GcpVpcSubnet, GcpBigqueryDataset, GcpLoadBalancerBackendService, GcpVmDisk, GcpBigqueryTable, GcpSqlInstance, GcpVpc, GcpCertificate, GcpSslPolicy, GcpVpcFirewallRule, GcpGarRepository, GcpCloudRunRevision, GcpFilestoreInstance, GcpGkeCluster, GcpKmsKey, GcpDnsManagedZone, GcpIamRole, GcpIamPolicy, GcpIamServiceAccount, GcpPubSubSubscription, GcpPubSubSchema, GcpPubSubTopic, GcpSecretManagerSecret, GcpCloudRunService, GcpLoadBalancerForwardingRule, GcpFirestoreDatabase, GcpScheduleSnapshot, GcpUser, GcpLoadBalancer
Kubernetes Services: - Kubernetes: K8sServiceAccount, K8sClusterRole, K8sStatefulSet, K8sPersistentVolumeClaim, K8sNetworkPolicy, K8sService, K8sRole, K8sContainerSpec, K8sDeployment, K8sPod, K8sDaemonSet, K8sPodSpec, K8sNode, K8sDeployment, K8sNamespace, K8sEndpoint, K8sConfigMap
Other Services: - NewDomain, CloudServiceAsset, CloudAccount, function, Domain, NewIP, storage, AwsServiceAsset, AwsOriginAccessControl, AwsCertificate, AwsUser, AwsGroup, AwsSubnet, AwsResourcePolicy, AwsIamGroup, AwsIamRole, AwsIamManagedPolicy, AwsIamAccountSummary, AwsIamUserSshPublicKey, AwsSecurityHub, AwsNeptuneInstance, AwsSagemakerNotebookInstance, AwsEfsFileSystem, AwsServiceCatalogPortfolio, AwsLogsLogGroup, AwsApiGatewayStage, AwsCodePipelinePipeline, AwsSecretsManagerSecret, CloudManagedEndpoint, AwsWorkSpace, IP
|
Google SCC |
|
|
AWS |
| Subnet |