Edgescan Connector Guide

Summary: How to set up and use the Edgescan connector in Ivanti Neurons.

Edgescan Connector Overview

The Ivanti Neurons platform provides an API-based connector integration with Edgescan that allows users to ingest their Edgescan findings into Ivanti Neurons to gain visibility of their overall risk due to vulnerabilities in their applications and network, enabling a simplified and efficient way to manage those vulnerabilities.

Ivanti Neurons users can configure the connector to pull scan data from Edgescan on a periodic basis. Data from Edgescan is ingested as Applications/Application Findings and Hosts/Host Findings in Ivanti Neurons.

About Edgescan

Edgescan is a cloud-based continuous vulnerability management and penetration testing solution. It is a highly accurate security-as-a-service (SaaS) solution that helps clients discover and manage application and network vulnerabilities (full-stack information security) on an ongoing basis.

Edgescan Setup

  • Setting up the connector requires an active subscription to Edgescan.

  • Integrate both network and applications into the Edgescan platform once. The Ivanti Neurons connector pulls this data and categorizes it into Applications/Hosts and their corresponding findings.

Configuring the Edgescan Connector

Navigate to the Automate > Integrations page in Ivanti Neurons.

Navigation - Automation - Integrations

Using the search bar in the Integrations page’s upper-right corner, type Edgescan to find the connector.

Edgescan Connector Guide - Search for Edgescan

Click Configuration in the Edgescan connector card.

Edgescan Connector Guide - Configuration Button Location

Complete the following required fields.

  • Name: Connector name.

  • URL: Edgescan instance URL.

  • API Key: Edgescan instance API key.

    • To generate a token, open the Edgescan user interface and navigate to the Config > General

    • Enter a descriptive label in the text box at the bottom of the table and click Create. A window appears, showing the generated token.

    • Copy this token and store it in a safe place. This token is required when accessing the Edgescan API. Once the window is closed, the token will never be displayed again.

Edgescan Connector Guide - Authentication Token

  • Network: Ivanti Neurons network name.

Edgescan Connector Guide - Connector Configuration

Once the fields have been filled out, click Test Credentials to ensure the connector can connect to the Edgescan instance.

Additional connector configurations, such as Schedule and Connector-Specific Options can be set up, as well. Once connector configuration is complete, click the Save button.

Edgescan Connector Guide - Additional Connector Settings

When the connector is set up, a new entry for it appears at the top of the Integrations page. This connector runs once the initial setup is complete. Check the connector’s status by click the History button.

Edgescan Connector Guide - History Button Location

Edgescan Connector Guide - Connector History

In the Upload Center (navigate to the Settings (Settings Menu - Gear - Small) > Upload page), files pulled from Edgescan are parsed, aggregated, and filtered for displaying data on the Applications/Hosts pages.

Edgescan Connector Guide - Connector Files Pulled

Edgescan Data Mapping in Ivanti Neurons

An Edgescan scan file’s data is ingested into Ivanti Neurons’ Hosts and Applications pages along with their corresponding findings.

The Scanner Name associated with these scans is based on the asset type, as shown below.

  • For Applications and Application Findings: EDGESCANAPP

  • For Hosts and Host Findings: EDGESCANNET

Scanner name can be used as a filter on the Application/Application Findings and Host/Host Findings pages.

Applications

Application data extracted from the scan file is available on the Applications page.

Edgescan Connector Guide - Applications Page View

Edgescan assets are added as connector tags with the prefix asset name <Asset in Edgescan>, and individual applications are mapped to the Name field with the corresponding application URL. All other asset-level tags, such as Authenticated, PCI Enabled, and other tag categories, are added as connector tags in Ivanti Neurons. These tags are filterable.

In the Application Detail pane under the Sources section, the scanner is listed as EDGESCANAPP. The page can be filtered using this information.

Application Findings

View all Edgescan application findings on the Application Findings page in Ivanti Neurons.

Edgescan Connector Guide - Application Findings Page View

Ivanti Neurons separates assets at a higher level, delivering a clear picture of applications and hosts associated with that particular asset. Distinguishing between Edgescan network- and application-level findings, each asset is also mapped as finding tags in Ivanti Neurons with the prefix layer <Layer in Edgescan>. These tags can be used to filter data, as well.

Hosts

Network data extracted from the Edgescan file is available on the Hosts page.

Edgescan Connector Guide - Hosts Page View

Edgescan assets are added as connector tags with the following prefix asset name: <Asset in Edgescan>. Individual hosts are mapped to the Host Name. CIDR-based host assets are categorized based on their individual IP Address with their vulnerabilities.

All other asset-level tags, such as Authenticated, PCI Enabled, and other tag categories, are added as connector tags in Ivanti Neurons. These tags are filterable.

In the Host Detail pane under the Sources section, the scanner is listed as EDGESCANNET. The page can be filtered using this information.

Host Findings

All Edgescan findings are available on the Host Findings page in Ivanti Neurons.

Edgescan Connector Guide - Host Findings Page View

Since Ivanti Neurons separates assets at higher level, it provides a clear picture of applications and hosts associated with that particular asset.

Distinguishing between Edgescan network- and application-level findings, each asset is also mapped as finding tags in Ivanti Neurons with the prefix layer <Layer in Edgescan>. These tags can be used to filter data, as well.

Edgescan Data Mapping in Ivanti Neurons

The table below maps Edgescan fields to Ivanti Neurons fields.

Section

Ivanti Neurons Field

Edgescan Field

Filter Display Value

Applications

Name

Asset name

Name

Address

Location URL associated with each asset

URL

Tags > Connector

Name of asset and all associated asset tags

Tag

  • Filter value for asset can be prefixed with Asset Name, followed by value

  • Filter value for label can be prefixed with Label, followed by value

Application Findings

Title

Name of each vulnerability

Title

URL

Location

URL

WebApplication

Asset name

WebApplication

ID

Definition ID

Scanner Plugin

Finding Tags

Layer

Tag

  • Filter value for asset can be prefixed with Asset Name, followed by value

Asset Tags

Asset name and all associated asset tags

Web Application Tag

  • Filter value for asset can be prefixed with Asset Name, followed by value

  • Filter value for label can be prefixed with Label, followed by value

Description

Description

N/A

Severity (1-10)

Risk (1-5)

Severity and Severity Group

Here’s the mapping between Edgescan and Ivanti Neurons, respectively:

5  → 10

4 → 8.9

3 → 6.9

2 → 3.9

1 → 0

Possible Solution

Remediation

N/A

Detailed Information

Request/Response

N/A

Hosts

Host Name

Location of each host (includes CIDR and IP)

Host Name

IP Address

Location

IP Address

Total

Findings associated with each individual host

No

Host Findings

Title

Name of each vulnerability

Title

Host Name

Location (includes CIDR)

URL

WebApplication

Asset name

WebApplication

ID

Definition ID

Scanner Plugin

Criticality

Criticality

(asset.priority scale to 50%, rounding up and applied to ALL hostnames)

Criticality and Criticality State

Finding Tags

Layer

Tag

  • Filter value can be prefixed with Layer, followed by value

  • Filter value for label can be prefixed with Label, followed by value

Asset Tags

Name of asset and all associated asset tags

Asset Tag

  • Filter value for asset can be prefixed with Asset Name, followed by value

  • Filter value for label can be prefixed by Label, followed by value

Description

Description

N/A

Severity (1-10)

Risk (1-5)

Severity and Severity Group

Here’s the mapping between Edgescan and Ivanti Neurons, respectively:

5  → 10

4 → 8.9

3 → 6.9

2 → 3.9

1 → 0

Possible Solution

Remediation

N/A

Useful Filters

This section describes some high-level filters that are useful to better visualize Edgescan data.

Application Filters

Filter Fields

Description

Scanner Name

Added a new scanner name (EDGESCAN) for applications.

Scanner Type

Added a new scanner type (DAST) for applications.

Tags

  • The filter value for asset can be prefixed with Asset Name, followed by value to filter findings based on the asset.

  • Added all asset-level tags, like PCI Enabled , Authenticated, etc., to filter findings based on category.

Application Findings Filters

Filter Fields

Description

Finding Type

Added a new finding type (DAST) for application findings.

Tag

  • The filter value can be prefixed with Layer, followed by value to filter findings based on the layer.

  • The filter value for label can be prefixed with Label, followed by value to filter findings based on associated labels.

Web Application Tag

  • The filter value for asset can be prefixed with Asset Name, followed by value to filter findings based on the asset.

  • Added all asset-level tags, like PCI Enabled , Authenticated, etc., to filter findings based on category.