Edgescan Connector Guide
Summary: How to set up and use the Edgescan connector in Ivanti Neurons.
Edgescan Connector Overview
The Ivanti Neurons platform provides an API-based connector integration with Edgescan that allows users to ingest their Edgescan findings into Ivanti Neurons to gain visibility of their overall risk due to vulnerabilities in their applications and network, enabling a simplified and efficient way to manage those vulnerabilities.
Ivanti Neurons users can configure the connector to pull scan data from Edgescan on a periodic basis. Data from Edgescan is ingested as Applications/Application Findings and Hosts/Host Findings in Ivanti Neurons.
About Edgescan
Edgescan is a cloud-based continuous vulnerability management and penetration testing solution. It is a highly accurate security-as-a-service (SaaS) solution that helps clients discover and manage application and network vulnerabilities (full-stack information security) on an ongoing basis.
Edgescan Setup
-
Setting up the connector requires an active subscription to Edgescan.
-
Integrate both network and applications into the Edgescan platform once. The Ivanti Neurons connector pulls this data and categorizes it into Applications/Hosts and their corresponding findings.
Configuring the Edgescan Connector
Navigate to the Automate > Integrations page in Ivanti Neurons.
Using the search bar in the Integrations page’s upper-right corner, type Edgescan to find the connector.
Click Configuration in the Edgescan connector card.
Complete the following required fields.
-
Name: Connector name.
-
URL: Edgescan instance URL.
-
API Key: Edgescan instance API key.
-
To generate a token, open the Edgescan user interface and navigate to the Config > General
-
Enter a descriptive label in the text box at the bottom of the table and click Create. A window appears, showing the generated token.
-
Copy this token and store it in a safe place. This token is required when accessing the Edgescan API. Once the window is closed, the token will never be displayed again.
-
-
Network: Ivanti Neurons network name.
Once the fields have been filled out, click Test Credentials to ensure the connector can connect to the Edgescan instance.
Additional connector configurations, such as Schedule and Connector-Specific Options can be set up, as well. Once connector configuration is complete, click the Save button.
When the connector is set up, a new entry for it appears at the top of the Integrations page. This connector runs once the initial setup is complete. Check the connector’s status by click the History button.
In the Upload Center (navigate to the Settings (
) > Upload page), files pulled from Edgescan are parsed, aggregated, and filtered for displaying data on the Applications/Hosts pages.
Edgescan Data Mapping in Ivanti Neurons
An Edgescan scan file’s data is ingested into Ivanti Neurons’ Hosts and Applications pages along with their corresponding findings.
The Scanner Name associated with these scans is based on the asset type, as shown below.
-
For Applications and Application Findings: EDGESCANAPP
-
For Hosts and Host Findings: EDGESCANNET
Scanner name can be used as a filter on the Application/Application Findings and Host/Host Findings pages.
Applications
Application data extracted from the scan file is available on the Applications page.
Edgescan assets are added as connector tags with the prefix asset name <Asset in Edgescan>, and individual applications are mapped to the Name field with the corresponding application URL. All other asset-level tags, such as Authenticated, PCI Enabled, and other tag categories, are added as connector tags in Ivanti Neurons. These tags are filterable.
In the Application Detail pane under the Sources section, the scanner is listed as EDGESCANAPP. The page can be filtered using this information.
Application Findings
View all Edgescan application findings on the Application Findings page in Ivanti Neurons.
Ivanti Neurons separates assets at a higher level, delivering a clear picture of applications and hosts associated with that particular asset. Distinguishing between Edgescan network- and application-level findings, each asset is also mapped as finding tags in Ivanti Neurons with the prefix layer <Layer in Edgescan>. These tags can be used to filter data, as well.
Hosts
Network data extracted from the Edgescan file is available on the Hosts page.
Edgescan assets are added as connector tags with the following prefix asset name: <Asset in Edgescan>. Individual hosts are mapped to the Host Name. CIDR-based host assets are categorized based on their individual IP Address with their vulnerabilities.
All other asset-level tags, such as Authenticated, PCI Enabled, and other tag categories, are added as connector tags in Ivanti Neurons. These tags are filterable.
In the Host Detail pane under the Sources section, the scanner is listed as EDGESCANNET. The page can be filtered using this information.
Host Findings
All Edgescan findings are available on the Host Findings page in Ivanti Neurons.
Since Ivanti Neurons separates assets at higher level, it provides a clear picture of applications and hosts associated with that particular asset.
Distinguishing between Edgescan network- and application-level findings, each asset is also mapped as finding tags in Ivanti Neurons with the prefix layer <Layer in Edgescan>. These tags can be used to filter data, as well.
Edgescan Data Mapping in Ivanti Neurons
The table below maps Edgescan fields to Ivanti Neurons fields.
|
Section |
Ivanti Neurons Field |
Edgescan Field |
Filter Display Value |
|---|---|---|---|
|
Applications |
Name |
Asset name |
Name |
|
Address |
Location URL associated with each asset |
URL |
|
|
Tags > Connector |
Name of asset and all associated asset tags |
Tag
|
|
|
Application Findings |
Title |
Name of each vulnerability |
Title |
|
URL |
Location |
URL |
|
|
WebApplication |
Asset name |
WebApplication |
|
|
ID |
Definition ID |
Scanner Plugin |
|
|
Finding Tags |
Layer |
Tag
|
|
|
Asset Tags |
Asset name and all associated asset tags |
Web Application Tag
|
|
|
Description |
Description |
N/A |
|
|
Severity (1-10) |
Risk (1-5) |
Severity and Severity Group Here’s the mapping between Edgescan and Ivanti Neurons, respectively: 5 → 10 4 → 8.9 3 → 6.9 2 → 3.9 1 → 0 |
|
|
Possible Solution |
Remediation |
N/A |
|
|
Detailed Information |
Request/Response |
N/A |
|
|
Hosts |
Host Name |
Location of each host (includes CIDR and IP) |
Host Name |
|
IP Address |
Location |
IP Address |
|
|
Total |
Findings associated with each individual host |
No |
|
|
Host Findings |
Title |
Name of each vulnerability |
Title |
|
Host Name |
Location (includes CIDR) |
URL |
|
|
WebApplication |
Asset name |
WebApplication |
|
|
ID |
Definition ID |
Scanner Plugin |
|
|
Criticality |
Criticality (asset.priority scale to 50%, rounding up and applied to ALL hostnames) |
Criticality and Criticality State |
|
|
Finding Tags |
Layer |
Tag
|
|
|
Asset Tags |
Name of asset and all associated asset tags |
Asset Tag
|
|
|
Description |
Description |
N/A |
|
|
Severity (1-10) |
Risk (1-5) |
Severity and Severity Group Here’s the mapping between Edgescan and Ivanti Neurons, respectively: 5 → 10 4 → 8.9 3 → 6.9 2 → 3.9 1 → 0 |
|
|
Possible Solution |
Remediation |
N/A |
Useful Filters
This section describes some high-level filters that are useful to better visualize Edgescan data.
Application Filters
|
Filter Fields |
Description |
|---|---|
|
Scanner Name |
Added a new scanner name (EDGESCAN) for applications. |
|
Scanner Type |
Added a new scanner type (DAST) for applications. |
|
Tags |
|
Application Findings Filters
|
Filter Fields |
Description |
|---|---|
|
Finding Type |
Added a new finding type (DAST) for application findings. |
|
Tag |
|
|
Web Application Tag |
|