Introduction

The platform will communicate with your Burpsuite Enterprise Manager API to retrieve web application scan results.

When integrating the platform with your Burpsuite Enterprise platform you must first configure appropriate API credentials and API permissions within your Burpsuite Enterprise platform. Whilst the Burpsuite Enterprise API configuration is beyond the scope of this article, further information on the Burpsuite Enterprise API can be found here

NOTE: Since all web application scan results performed by Burpsuite Enterprise are centrally stored on the Burpsuite Enterprise Manager, the Platform only needs to connect to the API via the Burpsuite Enterprise Manager and not each Burpsuite Enterprise Scan Agent

Configuring Burpsuite Enterprise Integration

Choose the appropriate Connected Accounts entry:

If your Burpsuite Enterprise Manager is hosted internally on your network behind ne or more firewalls, please ensure appropriate rules and Address Translation (if applicable) is in place to permit the Platform to communicate with the Burpsuite Enterprise Manager API.

Please refer to this article here

All fields below are mandatory:

Name - a meaningful name/ID of the scanner within your platform tenant.
Type - this field is pre-defined and cannot be changed
Host - the full URL of your Burpsuite Enterprise platform (e.g. https://mybse.mycompany.com)
Secret Key - taken/copied from relevant API-enable user account within your Burpsuite Enterprise platform
Scanner Frequency - this defines how often the Platform should check with the Burpsuite Enterprise Manager for new scan data. Default is every 30 minutes

Select Create Scanner once all information has been populated.

S-RM Platform Knowledgebase > Integrating Burpsuite Enterprise > image-20220525-094100.png

S-RM Platform Knowledgebase > Integrating Burpsuite Enterprise > image-20220525-094134.png

For valid configurations the platform will display a green banner and return to the previous Burpsuite Enterprise Scanners window.

Should the platform return a red banner during the configuration checks, this indicates an error with communicating/validating the API configuration. Please check your Host definition and API credentials are correct and then select Create Scanner again.

Importing Scan Results from Burpsuite Enterprise

Once an integration has been setup, the instances will be available to import scan results from. Scan results can be imported manually via a Phase, where the Platform will make an ad-hoc API call to the Burpsuite Enterprise Manager to retrieve available scans: Alternatively, a Project can be created that can be configured to automatically import scan results from the Burpsuite Enterprise Manager.