Connecting External Vulnerability Scanning Solutions
Overview
Through the Connected Accounts menu within your the platform sidebar, users are able to save and set-up a selection of Vulnerability Scanning Solutions.
Please see https://rootshellsecurity.atlassian.net/wiki/spaces/PK/pages/1312423937 for a full comprehensive list.
Within the platform, under the Connected Accounts page you can choose from multiple scanning platforms that will integrate with the platform. the platform will use the API configuration(s) defined within Connected Accounts to retrieve scan results from the defined scanning solution(s).
NOTE: By default, once external scanning solutions are defined, the platform does not automatically retrieve scan results. Further configuration is required to either define auto-import tasks or manual importing of results. See https://rootshellsecurity.atlassian.net/wiki/spaces/PK/pages/1304264726for more information.
Step 1. From within Connected Accounts, select the Scanner Management button for one of the supported Vulnerability Scanning Solutions
Step 2. Select the blue + icon to define a new scanner to integrate with the platform
Step 3. The Create/Edit External Scanner modal is displayed where you can provide configuration details for scanner integration
Step 4. Depending on the supported Vulnerability Scanning Solution you chose in Step 1, you will be required to enter different configuration details as provided below.
Access Controls for the Platform
It may be necessary to configure access controls to permit access to the platform. This is necessary so that the platform can establish an inbound connection to your scanning solution(s) and retrieve scan results.
The platform uses a predetermined set of public IP addresses from which connections to any of your scanning platforms are established. Awareness of these platform public IP addresses allows you to define more granular Source-based access policies/rules on your Internet firewall(s) or other associated access controls.
Please refer to this article for details of the the platform’s public IP addresses:
https://rootshellsecurity.atlassian.net/wiki/spaces/PK/pages/1383825409
Tenable Nessus Professional
When integrating the platform with one or more Internet-facing ‘standalone' Nessus Professional scanners, the following information must be supplied to the platform to enable scan results to be retrieved from the Nessus Professional scanner(s). The platform will communicate with each scanner’s Nessus Professional API to retrieve scan results.
The guidance in this section assumes you have at least one Internet-facing Nessus Professional Scanner deployed. If you have deployed one or more standalone Nessus Professional Scanners on your internal network(s), and you want to integrate these scanners with the platform, please refer to article
IMPORTANT NOTE: A ‘standalone' Nessus Professional Scanner is operated and administered independently of Tenable Security’s centralised management platforms such as Tenable.SC or Tenable.IO. Nessus scanning engines that are deployed, linked and controlled via Tenable.IO or Tenable.SC are not supported with this scanner integration method; please refer to Tenable.IO WAS & and Tenable.IO VM section further down in this article.
All fields below are mandatory:
Name - a meaningful name/ID of the scanner within your platform tenant
Type - leave this defined as Nessus Professional Vulnerability Scanner
Host - this must be the full URL to the Nessus Professional Web Console. The full protocol and TCP port definition must also be include in the URL - e.g. <https://<scanner_ip>:8834>
Access Key - taken/copied from the Nessus Web Console
Secret Key - taken/copied from the Nessus Web Console
Select Create Scanner once all information has been populated.
The platform will then perform a check with the defined scanner to establish if the supplied configuration is valid.
For valid configurations the platform will display a green banner and return to the previous Nessus Vulnerability Scanners window.
Should the platform return a red banner during the configuration checks, this indicates an error with communicating/validating the scanner configuration. Please check your Host definition and API credentials are correct and then select Create Scanner again.
Please ensure you select Save Changes to commit the scanner configuration and making the scanner available within your the platform tenant for importing results.
You will need to repeat the above steps for each additional Nessus Professional scanner that you wish to integrate with the platform.
Tenable.IO WAS & Tenable.IO VM
The platform will communicate with Tenable Security’s cloud-based API to retrieve scan results from your Tenable.IO WAS and/or Tenable.IO VM platforms
When integrating the platform with Tenable.IO WAS and/or Tenable.IO VM, you must first configure appropriate API credentials and API permissions within your Tenable.IO platform(s). This API configuration is beyond the scope of this article. Please refer to and https://docs.tenable.com/tenableio/Content/Settings/AccessGroups.htm
NOTE: If you intend on integrating both your Tenable.IO VM and Tenable.IO WAS platforms with the platform, you are must define separate Tenable.IO scanners within the platform . For example, you will need to define an external Tenable.IO WAS scanner to retrieve your web application scanning results, and define another external Tenable.IO VM scanner to retrieve your vulnerability assessment scanning results. This is necessary since the Tenable.IO API differs between their VM and WAS platforms.
All fields below are mandatory:
Name - a meaningful name/ID of the scanner within your platform tenant.
Type - leave this defined as Tenable.IO WAS or Tenable.IO VM
Access Key - taken/copied from the Tenable.IO platform
Secret Key - taken/copied from the Tenable.IO platform
Select Create Scanner once all information has been populated.
The platform will then perform a check with the defined scanner to establish if the configuration supplied is valid.
For valid configurations the platform will display a green banner and return to the previous Nessus Vulnerability Scanners window.
Should the platform return a red banner during the configuration checks, this indicates an error with communicating/validating the scanner configuration. Please check your Host definition API credentials are correct and then select Create Scanner again.
Please ensure you select Save Changes to commit the scanner configuration and make it available within your platform tenant.
Burpsuite Enterprise
The platform will communicate with your Burpsuite Enterprise Manager API to retrieve web application scan results.
When integrating the platform with your Burpsuite Enterprise platform you must first configure appropriate API credentials and API permissions within your Burpsuite Enterprise platform. Whilst the Burpsuite Enterprise API configuration is beyond the scope of this article, further information on the Burpsuite Enterprise API can be found here
All fields below are mandatory:
Name - a meaningful name/ID of the scanner within your platform tenant.
Type - this field is pre-defined and cannot be changed
Host - the full URL of your Burpsuite Enterprise platform (e.g. https://mybse.mycompany.com)
Secret Key - taken/copied from relevant API-enable user account within your Burpsuite Enterprise platform
Select Create Scanner once all information has been populated.
For valid configurations the platform will display a green banner and return to the previous Burpsuite Enterprise Scanners window.
Should the platform return a red banner during the configuration checks, this indicates an error with communicating/validating the API configuration. Please check your Host definition and API credentials are correct and then select Create Scanner again.
Qualys VM
The platform will communicate with the Qualys API to retrieve scan results from your Qualys instance/platform.
When integrating the platform with the Qualys API, you must first configure appropriate API credentials and API permissions within your Qualys platform. Whilst the Qualys API configuration is beyond the scope of this article, further information on the Qualys API can be found here
All fields below are mandatory:
Name - a meaningful name/ID of your Qualys instance within your platform tenant.
Type - this field is pre-defined and cannot be changed
Username - the username of the API-enabled user from your Qualys instance
Password - the password of the API-enabled user from your Qualys instance
Region - the region in which you Qualys instance is hosted.
Select Create Scanner once all information has been populated.
For valid configurations the platform will display a green banner and return to the previous Qualys Scanner window.
Should the platform return a red banner during the configuration checks, this indicates an error with communicating/validating the API configuration. Please check your username, password and region details are correct and then select Create Scanner again.
Rapid7 InsightVM Security Console
When integrating the platform with an Internet-facing instance of Rapid7’s InsightVM Security Console the following information must be supplied to the platform to enable scan results to be retrieved from the InsightVM Security Console. The platform will communicate with the InsightVM Security Console API to retrieve scan results.
All fields below are mandatory:
Name - a meaningful name/ID of the InsightVM Security Console within your platform tenant
Type - leave this pre-defined as Rapid7
Host - this must be the full URL to the InsightVM Security Console. The full protocol and TCP port definition must also be include in the URL - e.g. <https://<scanner_ip>:3780>
Username - the username for your InsightVM Security Console account
Password - the password for your InsightVM Security Console account
Select Create Scanner once all information has been populated.
The platform will then perform a check with the defined InsightVM Security Console to establish if the supplied configuration is valid.
For valid configurations the platform will display a green banner and return to the previous Rapid 7 Scanners window.
Should the platform return a red banner during the configuration checks, this indicates an error with communicating/validating the InsightVM Security Console configuration. Please check your Host definition and username/password credentials are correct and then select Create Scanner again.
Please ensure you select Save Changes to commit the scanner configuration and making the InsightVM Security Console available within your the platform tenant for importing results.
Importing Results into the platform
When accessing either the quick importer or manual importing process, see for further details, you will now be able to select the scanners that you have setup as the importing type and select the scan you wish to import.