Skip to main content
Clone Systems Connector
Updated over 2 weeks ago

Am I reading the correct user guide?

Some connectors on the Vulcan help center offer multiple user guides tailored to different setups and versions.

Click on 'How to connect' on the Connector's setup page to open the right guide for your setup and version, ensuring accuracy and relevance.


Overview

About Clone Systems

Clone Systems offers cybersecurity services to businesses worldwide. Their services encompass vulnerability assessment, threat monitoring, attack prevention, and security training. They utilize top-notch hardware and proprietary technology to deliver these services at a fixed cost without capital investment.

Why integrate Clone Systems into the Vulcan platform?

The Clone Systems Connector by Vulcan integrates with the Clone Systems platform to pull and ingest assets type Website and vulnerability data into your Vulcan Platform. Clone system-targeted domains are mapped into the Websites category among their detected vulnerabilities. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority.

Clone Systems Details

Supported products

Vulnerability Assessment
PCI Compliance Scanning

Category

Vulnerability Assessment

Ingested asset type(s)

Websites

Integration type

UNI directional (data is transferred from the Connector to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)


Connector Setup

Prerequisites and user permissions

Before you begin configuring the Connector, make sure you have the following:

Generating API Key, User Token, and API URL

  1. Go to Clone Systems and log in using an Admin user.

  2. Go to My Settings.

  3. Click to generate an Access Token.

  4. Copy the User Token, API Key, and API URL to somewhere safe.

Configuring the Clone Systems Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Clone Systems icon.

  4. Set up the Connector as follows:

    • Enter the API Key, Token, and URL you generated earlier.

  5. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Clone Systems instance, then click Create (or Save Changes).

  6. The Advanced Configuration drop-down allows you to set the Connector's sync time. By default, all days are selected.

  7. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  8. Allow some time for the sync to complete. Then, you can review the sync status under Log on the Connector's setup page.

  9. To confirm the sync is complete, navigate to the Connectors page. Once the Clone Systems icon shows Connected, the sync is complete.


Clone Systenms in the Vulcan Platform

Viewing Clone Systems vulnerabilities in the Vulcan Platform

To view vulnerabilities by Connector:

  1. Go to the Vulnerabilities page.

  2. Click on Filter and set the condition to Vulnerability > Connector is Clone Systems.

Viewing Clone Systems assets in the Vulcan Platform

Viewing assets by Connector for users with the new platform view (Asset Hub):

  1. Go to the Assets page.

  2. Click on "Filter " and specify the condition as "Assets > Connector is Clone Systems".

Viewing assets by Connector for users with the older platform view:

  1. Go to the Assets page.

  2. Choose the relevant asset type tab (Websites).

  3. Click on "Filter" and specify the condition as "Assets > Connector is Clone Systems"

You can add more filters to narrow down your search further.
See the complete list of available asset filters.

Click on any asset for more asset details.

Taking Action on vulnerabilities and assets detected by Clone Systems

To take remediation action on vulnerabilities and assets detected by Clone Systems:

  1. Go to the Vulnerabilities pr Assets Page.

  2. Use the Filter to filter vulnerabilities by the Clone Systems connector and display all synced vulnerabilities/assets along with their associated assets/vulnerabilities.

  3. Select the relevant Vulnerabilities/assets out of the results list.

  4. Click on Take Action to proceed with remediation or further actions.

Automating remediation actions on vulnerabilities detected by Clone Systemns

Use Vulcan Playbooks to create automation and remediate vulnerabilities at scale.


From Clone Systems to the Vulcan Platform - Data Mapping

The Vulcan Platform integrates with Clone Systems through API to pull relevant vulnerabilities and website assets data and map it into the Vulcan Platform pages and fields.

Website fields mapping

Clone Systems UI field

Clone Systems API field

Vulcan field

-

each host from hosts list

Asset Uniqueness criteria

Host name

host

Website Name (name)

URL / IP

-

Website address

first scan date

-

website first Seen (first_seen)

last scan date

-

Website Last report (last_seen)

Target name
Organization

name of the target

name of organization

Website Tags - Additional (tags)

url

-

Website Component - URLS (url)

-

id

Vulnerability instance uniqueness criteria

first scan date

creation_time

Vulnerability instance First seen (first_seen)

last scan date

Vulnerability instance Last seen (last_seen)

Port

port

Vulnerability instance port(port)

Protocol

port

Vulnerability instance port(protocol)

-

result.name

Unique Vulnerability uniqueness criteria

Vulnerability summary

result.name

Vulnerability title (title)

CVSS Score

nvt.cvss_base

Vulnerability score (cvss_score)

Summary

After the “summary=” in the nvt.tags

Vulnerability description (description)

Impact
Affected software / os

Impact - After the “impact=” in the nvt.tags

Affected software / os - Impact - After the “affected=” in the nvt.tags

Vulnerability details(added_data)

cve number

nvt.cve

CVE/S (report_item_cve)

-

After “solution=” the unique criteria of the solution

Solution uniqueness criteria

Fix from Clone Systems

After “solution=

Fix - Title (title)

Solution

After “solution=

Fix - Description(description)

References

-

Fix - References (reference + reference_link)

-

All the other nvt data

Fix details (added_data)

Vulnerability status mapping

The connection/instance is archived when it is not received in sync.

Vulnerability score mapping

Clone Systems score

Vulcan score

Critical

10

High

7

Medium

5

Low

3

-

0

Status Update Mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any are added).

The table below lists how the status update mechanism works in the Clone Systems connector for the vulnerabilities and assets in the Vulcan Platform.

Update type in Vulcan

Mechanism (When?)

The asset is archived

- Asset not found on the Connector's last sync

- Asset not seen for X days according to "Last Seen"

The vulnerability instance status changes to "Fixed"

- If the vulnerability no longer appears in the scan findings.

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only on the next scheduled connector sync (the next day).

Support and Expected Behaviour

Support and expected behavior remarks on some Clone Systems ingested vs. un-ingested fields:

Duplicate Assets

Assets are mapped from two different API calls: "GetTargets" and "GetResults."

  • Assets from the "GetTargets" call are mapped from the hosts list, which is separated by commas (",").

  • Some assets may not appear in the hosts list, but are still connected. These are mapped from the "GetResults" call.

Organization Tags

For each asset, we map its organization as a tag. Since assets are received from two different API calls, we handle them as follows:

  • If the asset is received from the "GetTargets" call, we retrieve its organization by making a "GetUserFromTargets" call using the asset’s owner. The response provides the organization information.

  • If the asset is received from the "GetResults" call, we retrieve its organization by making a "GetUserFromResult" call using the asset’s owner. The response provides the organization information.

API Endpoints in Use

API version: 4.7.3

API

Use in Vulcan

Permissions required

{{{ api_url }}}/v1/targets

Assets, Target name tag

-

{{{ api_url }}}/v1/results

Assets, Vulnerability Instance, Unique Vulnerability, Solution

-

{{{ api_url }}}/v1/scans

Target name tag

-

{{{ api_url }}}/v1/users

Organization name tags

Admin


Data Validation

This section shows how to validate and compare Vulcan and the Clone Systems platform data.

Asset Count

Ensure the asset counts between Clone Systems and Vulcan align, noting potential discrepancies and reasons.

Asset Sources from Clone Systems: There are two ways assets can be fetched from Clone Systems:

The total number of assets in Vulcan should be the union of the assets from both "Targets" and "Results." If there are discrepancies, they may be due to IP duplications or differences in how targets are handled.

Assets from "Targets"

  1. In Clone Systems, go to Options -> Targets.

  2. For each target listed on this page, check the "Hosts" column. Split the hosts by comma (,).

  3. The union of all separated hosts will represent the number of assets from Targets.

    Note: Be cautious of duplicated IPs in this list.

Assets from "Results"

There may be hosts that do not appear in the target list but are detected because they have vulnerabilities.

  1. Go to Results -> Vulnerabilities.

  2. Click Advanced and ensure the "Low" severity is selected (it’s off by default). Also, check the date range to ensure it is correct.

  3. Click Search.

  4. From the "Hosts" column, count the number of unique hosts. This represents the number of assets from Results.

Validation if Asset is Not Present in Vulcan:

  • Archive by Date: Check the last_seen date field in Vulcan.

  • Archive by Status: If an asset isn’t present, consider deletion based on its status.

  • Loader/Checkbox: Ensure any filters or settings, like checkboxes, are applied correctly.

Vulnerability Count

Ensure the vulnerability counts between Clone Systems and Vulcan align, noting potential discrepancies and reasons.

Fetching Vulnerabilities from Clone Systems:

  1. In the Clone Systems UI, go to Results -> Vulnerabilities.

  2. Click Advanced and ensure the "Low" severity is selected (it’s off by default). Also, check that the date range is set correctly.

  3. Click Search.

  4. Count the number of unique entries in the Vulnerability Summary column. This count represents the number of vulnerabilities in the Vulcan platform.

Validation if Vulnerability is Not Present in Vulcan:

  • No Asset Has This Vulnerability: Check if the vulnerability is tied to an asset in Vulcan.

  • Asset-Vulnerability Mapping: Validate if the asset-vulnerability relationship is established correctly in Vulcan.

Vulnerability Instance Count

Ensure the vulnerability instance counts between Clone Systems and Vulcan align.

Fetching Vulnerability Instances in Clone Systems:

  1. In the vendor UI, go to Results -> Vulnerabilities.

  2. Click Advanced and ensure the "Low" severity is selected (it’s off by default). Also, check the date range to ensure it is correct.

  3. Click Search.

  4. The number shown next to "You have X Vulnerabilities" is the correct number of vulnerability instances.

Validating in Vulcan:

  1. In Vulcan, go to the Vulnerabilities tab.

  2. Ensure that the Vulnerability Instance Mode is turned on.

  3. Compare the number of vulnerability instances from Clone Systems with those in Vulcan.

Validation if Connection Not Present in Vulcan:

  • If the connection moves to a fixed status, you will be able to see it in the Fixed screen in Vulcan.

Did this answer your question?