Sentinel Import Wizard
Purpose
You can start this application-specific wizard on the Wizards tab when you’ve selected an application in the navigation area.
Instead of using the Sentinel Import Wizard, you can also use Vulnerability Management for more advanced configuration.
The Sentinel Import Wizard automatically reads vulnerability reports of the WhiteHat Sentinel Scanner from WhiteHat Security Inc. Then the wizard creates a set of blacklist rules based on the vulnerable entry points and variables listed in the report. This provides instant protection for a vulnerable web application.
If you use the product CodeSecure (www.armorize.com) to scan your web applications, use the Vulnerability description Import Wizard
ATTENTION
The Sentinel Import Wizard wasn’t designed to guarantee long-time protection of vulnerable applications. If analysis revealed some attack vectors, fix these problems as soon as possible. Use the rules created by the Sentinel Import Wizard only for interim protection.
For more information regarding Wizards, see Using Wizards to Configure Applications.
Prerequisites
In order to be able to use the wizard, you must have access to a vulnerability report provided by the WhiteHat Sentinel Scanner from WhiteHat Security Inc.
Also vWAF must have access to a current baseline rules file (see Basic Principals of Use and Configuring and Updating Baseline Protection).
Attributes
Attribute | Meaning |
---|---|
Document Root |
The vulnerability report contains the full paths to individual files. In order to create generic rules for your web application, vWAF must remove those parts of the paths that won't be part of a request. Therefore, you must specify your document root path, here. Example: On a web server, a web application is stored under the path /company/application1/ . The URL to access this web application is www.myapplication1.com . So you must specify /company/application1/ as your document root. If, for example, your vulnerability report lists a file /company/application1/forms/form1.html , this is then stripped to /forms/form1.html . |
Username |
Here you must enter your Sentinel username. |
Password |
Here you must enter your Sentinel password. |
Site |
Here you must enter your Sentinel Site ID (String or Integer). If you don't enter any Site ID, vWAF downloads vulnerability reports for all of your sites that Sentinel analyzes. |
Handlers configured by the Sentinel Import Wizard
The Sentinel Import Wizard configures different handlers, including the Invalid Request Handler, based on the vulnerabilities listed in the vulnerability report file, and on the corresponding rules given by the rules file.