Am I reading the correct user guide?
Am I reading the correct user guide?
Some connectors on the Vulcan help center offer multiple user guides tailored to different setups and versions.
Click on 'How to connect' on the Connector's setup page to open the right guide for your setup and version, ensuring accuracy and relevance.
Overview
About Clone Systems
Clone Systems offers cybersecurity services to businesses worldwide. Their services encompass vulnerability assessment, threat monitoring, attack prevention, and security training. They utilize top-notch hardware and proprietary technology to deliver these services at a fixed cost without capital investment.
Why integrate Clone Systems into the Vulcan platform?
The Clone Systems Connector by Vulcan integrates with the Clone Systems platform to pull and ingest assets type Website and vulnerability data into your Vulcan Platform. Clone system-targeted domains are mapped into the Websites category among their detected vulnerabilities. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.
Clone Systems Details
Supported products | Vulnerability Assessment |
Category | Vulnerability Assessment |
Ingested asset type(s) | Websites |
Integration type | UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction) |
Supported version and type | SaaS (latest) |
Connector Setup
Prerequisites and user permissions
Before you begin configuring the Connector, make sure you have the following:
Admin user permissions in Clone Systems
Generating API Key, User Token, and API URL
Go to Clone Systems and log in using an Admin user.
Go to My Settings.
Click to generate an Access Token.
Copy the User Token, API Key, and API URL to somewhere safe.
Configuring the Clone Systems Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the Clone Systems icon.
Set up the Connector as follows:
Enter the API Key, Token, and URL you generated earlier.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Clone Systems instance, then click Create (or Save Changes).
The Advanced Configuration drop-down allows you to set the Connector's sync time. By default, all days are selected.
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.
To confirm the sync is complete, navigate to the Connectors page. Once the Clone Systems icon shows Connected, the sync is complete.
Clone Systenms in the Vulcan Platform
Viewing Clone Systems vulnerabilities in the Vulcan Platform
To view vulnerabilities by Connector:
Go to the Vulnerabilities page.
Click on Filter and set the condition to Vulnerability > Connector is Clone Systems.
You can add more filters to narrow down your search further.
See the complete list of available vulnerability filters.Click on a vulnerability for more vulnerability details.
Viewing Clone Systems assets in the Vulcan Platform
Viewing assets by Connector for users with the new platform view (Asset Hub):
Go to the Assets page.
Click on "Filter " and specify the condition as "Assets > Connector is Clone Systems".
Viewing assets by Connector for users with the older platform view:
Go to the Assets page.
Choose the relevant asset type tab (Websites).
Click on "Filter" and specify the condition as "Assets > Connector is Clone Systems"
You can add more filters to narrow down your search further.
See the complete list of available asset filters.
Click on any asset for more asset details.
Taking Action on vulnerabilities and assets detected by Clone Systems
To take remediation action on vulnerabilities and assets detected by Clone Systems:
Go to the Vulnerabilities pr Assets Page.
Use the Filter to filter vulnerabilities by the Clone Systems connector and display all synced vulnerabilities/assets along with their associated assets/vulnerabilities.
Select the relevant Vulnerabilities/assets out of the results list.
Click on Take Action to proceed with remediation or further actions.
Automating remediation actions on vulnerabilities detected by Clone Systemns
Use Vulcan Playbooks to create automation and remediate vulnerabilities at scale.
From Clone Systems to the Vulcan Platform - Data Mapping
The Vulcan Platform integrates with Clone Systems through API to pull relevant vulnerabilities and website assets data and map it into the Vulcan Platform pages and fields.
Website fields mapping
Clone Systems UI field | Clone Systems API field | Vulcan field |
- | each | Asset Uniqueness criteria |
Host name |
| Website Name (name) |
URL / IP | - | Website address |
first scan date | - | website first Seen (first_seen) |
last scan date | - | Website Last report (last_seen) |
Target name |
| Website Tags - Additional (tags) |
url | - | Website Component - URLS (url) |
- |
| Vulnerability instance uniqueness criteria |
first scan date |
| Vulnerability instance First seen (first_seen) |
last scan date |
| Vulnerability instance Last seen (last_seen) |
Port |
| Vulnerability instance port(port) |
Protocol |
| Vulnerability instance port(protocol) |
- |
| Unique Vulnerability uniqueness criteria |
Vulnerability summary |
| Vulnerability title (title) |
CVSS Score |
| Vulnerability score (cvss_score) |
Summary | After the “ | Vulnerability description (description) |
Impact | Impact - After the “impact=” in the Affected software / os - Impact - After the “ | Vulnerability details(added_data) |
cve number |
| CVE/S (report_item_cve) |
- | After “ | Solution uniqueness criteria |
Fix from Clone Systems | After “ | Fix - Title (title) |
Solution | After “ | Fix - Description(description) |
References | - | Fix - References (reference + reference_link) |
- | All the other | Fix details (added_data) |
Vulnerability status mapping
The connection/instance is archived when it is not received in sync.
Vulnerability score mapping
Clone Systems score | Vulcan score |
Critical | 10 |
High | 7 |
Medium | 5 |
Low | 3 |
- | 0 |
Status Update Mechanisms
Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any are added).
The table below lists how the status update mechanism works in the Clone Systems connector for the vulnerabilities and assets in the Vulcan Platform.
Update type in Vulcan | Mechanism (When?) |
The asset is archived | - Asset not found on the Connector's last sync - Asset not seen for X days according to "Last Seen" |
The vulnerability instance status changes to "Fixed" | - If the vulnerability no longer appears in the scan findings. |
Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).
Support and Expected Behaviour
Support and expected behavior remarks on some Clone Systems ingested vs. un-ingested fields:
Duplicate Assets
Assets are mapped from two different API calls: "GetTargets" and "GetResults."
Assets from the "GetTargets" call are mapped from the hosts list, which is separated by commas (",").
Some assets may not appear in the hosts list, but are still connected. These are mapped from the "GetResults" call.
Organization Tags
For each asset, we map its organization as a tag. Since assets are received from two different API calls, we handle them as follows:
If the asset is received from the "GetTargets" call, we retrieve its organization by making a "GetUserFromTargets" call using the asset’s owner. The response provides the organization information.
If the asset is received from the "GetResults" call, we retrieve its organization by making a "GetUserFromResult" call using the asset’s owner. The response provides the organization information.
API Endpoints in Use
API version: 4.7.3
API | Use in Vulcan | Permissions required |
{{{ api_url }}}/v1/targets | Assets, Target name tag | - |
{{{ api_url }}}/v1/results | Assets, Vulnerability Instance, Unique Vulnerability, Solution | - |
{{{ api_url }}}/v1/scans | Target name tag | - |
{{{ api_url }}}/v1/users | Organization name tags | Admin |
Data Validation
This section shows how to validate and compare Vulcan and the Clone Systems platform data.
Asset Count
Ensure the asset counts between Clone Systems and Vulcan align, noting potential discrepancies and reasons.
Asset Sources from Clone Systems: There are two ways assets can be fetched from Clone Systems:
The total number of assets in Vulcan should be the union of the assets from both "Targets" and "Results." If there are discrepancies, they may be due to IP duplications or differences in how targets are handled.
Assets from "Targets"
In Clone Systems, go to Options -> Targets.
For each target listed on this page, check the "Hosts" column. Split the hosts by comma (
,).The union of all separated hosts will represent the number of assets from Targets.
Note: Be cautious of duplicated IPs in this list.
Assets from "Results"
There may be hosts that do not appear in the target list but are detected because they have vulnerabilities.
Go to Results -> Vulnerabilities.
Click Advanced and ensure the "Low" severity is selected (it’s off by default). Also, check the date range to ensure it is correct.
Click Search.
From the "Hosts" column, count the number of unique hosts. This represents the number of assets from Results.
Validation if Asset is Not Present in Vulcan:
Archive by Date: Check the
last_seendate field in Vulcan.Archive by Status: If an asset isn’t present, consider deletion based on its status.
Loader/Checkbox: Ensure any filters or settings, like checkboxes, are applied correctly.
Vulnerability Count
Ensure the vulnerability counts between Clone Systems and Vulcan align, noting potential discrepancies and reasons.
Fetching Vulnerabilities from Clone Systems:
In the Clone Systems UI, go to Results -> Vulnerabilities.
Click Advanced and ensure the "Low" severity is selected (it’s off by default). Also, check that the date range is set correctly.
Click Search.
Count the number of unique entries in the Vulnerability Summary column. This count represents the number of vulnerabilities in the Vulcan platform.
Validation if Vulnerability is Not Present in Vulcan:
No Asset Has This Vulnerability: Check if the vulnerability is tied to an asset in Vulcan.
Asset-Vulnerability Mapping: Validate if the asset-vulnerability relationship is established correctly in Vulcan.
Vulnerability Instance Count
Ensure the vulnerability instance counts between Clone Systems and Vulcan align.
Fetching Vulnerability Instances in Clone Systems:
In the vendor UI, go to Results -> Vulnerabilities.
Click Advanced and ensure the "Low" severity is selected (it’s off by default). Also, check the date range to ensure it is correct.
Click Search.
The number shown next to "You have X Vulnerabilities" is the correct number of vulnerability instances.
Validating in Vulcan:
In Vulcan, go to the Vulnerabilities tab.
Ensure that the Vulnerability Instance Mode is turned on.
Compare the number of vulnerability instances from Clone Systems with those in Vulcan.
Validation if Connection Not Present in Vulcan:
If the connection moves to a fixed status, you will be able to see it in the Fixed screen in Vulcan.