HCL AppScan on Cloud (ASPM) Connector Guide

Summary: How to set up and use the HCL AppScan on Cloud (ASPM) connector in Ivanti Neurons.

Overview

HCL AppScan on Cloud (ASPM) is a SaaS solution for all application security testing needs. It consolidates all HCL Security’s testing capabilities into a single service that provides a uniform experience for all technologies.

The Ivanti Neurons platform provides an API-based connector that integrates with HCL ASPM, allowing customers to bring in their DAST, SAST and Open Source (OSS) findings. It allows customers to gain visibility into their overall risk due to vulnerabilities in their source code and web applications, thereby enabling a simpler, more efficient way to manage those vulnerabilities.

User Prerequisites/HCL ASPM Setup

HCL ASPM is a cloud-based solution. Access to the cloud instance with scanning capabilities is a prerequisite.

The user must have view access to applications, scans, and their corresponding issues. Any role above Application Manager (the default role in HCL ASPM) is sufficient for pulling data. Refer to this following link for more information.

Steps to Generate Key ID and Key Secret from ASPM Instance

The Key ID and Key Secret are used for API authentication.

Log in to the HCL ASPM cloud instance, click on the left hamburger menu, and navigate to the Settings page.

HCL Connector - Settings Menu Location

On the Settings page, click Generate to obtain a new Key and Secret for accessing the API endpoints.

HCL Connector - Generate Button Location

Once successfully generated, make sure to copy these values, as you will be unable to retrieve them later.

HCL Connector - Key ID and Key Secret

HCL ASPM Connector API Calls

The following API calls are performed during a connector run to pull vulnerabilities from HCl ASPM into Ivanti Neurons.

API Type

Endpoint

Authentication

https://cloud.appscan.com/api/V2/Account/ApiKeyLogin

List Applications

https://cloud.appscan.com/api/V2/Apps

Get List of Issues associated with each Application

https://cloud.appscan.com/api/v2/Issues/Application/<app-id>

Get Issue details for each Issue

https://cloud.appscan.com/api/v2/Issues/{issue-id}/Artifacts

Get Issue advisory for each Issue

https://cloud.appscan.com/api/v2/Issues/{issue-id}/Advisory?locale=en-US

Get Issue fix recommendation for each Issue

https://cloud.appscan.com/api/v2/Issues/{issue-id}/FixRecommendation?locale=en-US

Configuring the HCL ASPM Connector in Ivanti Neurons

Navigate to the Automate > Integrations page.

Navigation - Automation - Integrations

Using the search bar in the upper-right corner of the Integrations page, type AppScan on Cloud to find the connector. Locate the HCL ASPM card on the page and click Configuration.

HCL Connector - Configuration Button Location

In the new window under Connection, complete the required fields, as described below.

  • Connector Name: The connector’s name.

  • Access Key: Use the Key Id retrieved earlier.

  • Secret Key: Use the Key Secret retrieved earlier.

  • URL: The URL to access the HCL ASPM cloud instance. The instance URL would be https://cloud.appscan.com/ASPMUI/serviceui/home

  • SSL: Optional SSL of the instance in base64 format.

HCL Connector - Connector Window

Click Test Credentials to verify the credentials are correct and have access to make API calls to the HCL ASPM. Configure the desired schedule for the connector to retrieve results from the HCL ASPM instance and optionally turn on Enable auto URBA (Update Remediation by Assessment).

HCL Connector - Connector Specific Options

Click the Save button to save the connector’s configuration and create the connector. Once saved, the connector is now visible on the Integrations page under Currently Configured Integrations.

HCL Connector - Configured Integration

Clicking the History button displays the connector details for each pull. The Sync button allows users to perform an on-demand sync. The Edit button allows the user to edit the connector configuration. The Delete button allows the user to delete the connector.

Once files have been processed on the Uploads page, the user can view the ingested data by navigating to the Applications and Application Findings pages.

Mapping HCL ASPM fields in Ivanti Neurons

This table shows the high-level mapping of HCL ASPM fields in Ivanti Neurons. HCL ASPM connector pulls DAST, SAST, and OSS findings.

Ivanti Neurons Fields

HCL ASPM Fields - DAST / SAST / OSS

Scanner Severity

Severity

Scanner Plugin

Id

Application Name

Name

Plugin Source Status

Status

Plugin Details → FixGroup

FixGroupId (Not applicable for DAST findings)

Ivanti Neurons Tags

The following HCL ASPM fields are converted into Ivanti Neurons tags. These tags are used for searches, playbook automation, and better visualization in Dashboards.

Application Tags

  • Asset GroupName

  • Risk Rating

  • Business Impact

  • Hosts

  • URL

  • Business Owner

Application Findings Tags

  • Scan Name

  • Scanner

  • Domain

Common Fields in Ivanti Neurons

Here are the default values for the following Ivanti Neurons fields as defined for HCL ASPM:

  • Scanner Name: HCL ASPM

  • Finding Type: SAST, DAST, or OSS (open source), depending on the type of data