Connector Guides
      Back to home
      1. RiskSense Knowledge Base
      2. Integrations, Connectors, and Uploads
      3. Connector Guides

      Aqua Security Connector Guide

      How to set up the Aqua Security connector in RiskSense.

      Aqua Security’s Container Security Platform Overview

      Aqua Security’s container security platform Aqua provides automated and manual scanning capabilities for container images stored on supported image registries. The RiskSense platform supports creating an Aqua Security connector, which automatically pulls vulnerability data and metadata of container images scanned on Aqua’s platform for ingestion into RiskSense. Pulled Aqua data can be viewed on the Applications page.

      Setting up Aqua Security Integrations

      Scan data must exist in the Aqua platform for RiskSense to ingest it. Specifically, at least one registry integration must be made in Aqua and at least one image repository must be added and scanned.

      Configuring a Registry Integration

      Log into the Aqua platform.

      AquaSec Guide - Login Screen

      In the Aqua user interface (UI), navigate to System > Integrations.

      AquaSec Guide - Integrations Menu Location

      Once on the Integrations page, select Image Registries. Then, click Add Registry.

      AquaSec Guide - Add Registry Button Location

      Next, enter the Registry Name and select the Registry Type from the drop-down list. Fill out any additional details required as determined by the registry type.

      AquaSec Guide - Create New Registry

      After configuring all necessary details of the registry setup, click Test Connection to validate the provided credentials. If no errors are encountered, click Save to add the image registry to Aqua.

      AquaSec Guide - Test Connection and Save

      The configured registry should now appear in the list of registries on the System > Image Repositories page.

      AquaSec Guide - New Registry

      Pulling a Repository

      Click Images in the UI sidebar.

      AquaSec Guide - Images Menu Location

      Click Add images to open a pop-up screen called Registry Search. Select one of the configured registries, enter a repository name, and click Search.

      AquaSec Guide - Registry Search

      Select one of the repositories on the left, then select the specific tags for the image repository. Click Add to add the images to Aqua.

      AquaSec Guide - Add Image

      Once the images are added, the registry shows up in the list view with all select tags underneath it. The UI indicates that the images were added successfully and that all the added tags have been queued to be scanned.

      AquaSec Guide - Images Added Successfully

      Configuring the Aqua Security Connector in RiskSense

      Log into the RiskSense platform.

      AquaSec Guide - RiskSense Login Screen

      Navigate to Automation > Integrations.

      AquaSec Guide - Integrations Menu Location in RiskSense

      Using the search bar in the upper-right corner of the Integrations page, type Aqua to find the connector.

      AquaSec Guide - Searching for Connector

      Locate the Aqua Security card on the page and click Configuration.

      AquaSec Guide - Configuration Button Location

      Enter the URL for the Aqua instance, credentials for the API-privileged user, and choose an existing network for the Aqua data to be associated with in the RiskSense platform. Click Test Credentials to verify the credentials are correct and have access to make API calls to the Aqua Security instance.

      AquaSec Guide - Connector Setup

      Configure the desired schedule for the connector to retrieve results from the Aqua instance, optionally turn on Enable auto URBA (Update Remediation by Assessment) and click Save to create the connector.

      AquaSec Guide - Connector Specific Options

      As soon as the connector is created, it will begin pulling data from the Aqua Security platform. The connector’s card will also show the next scheduled time and date results will be fetched from Aqua.

      AquaSec Guide - Configured Connector

      Aqua Security Data Mapping in RiskSense

      Container image scan data retrieved from Aqua is stored in RiskSense using the Application and Application Finding models. The primary metadata and identifier of a container image and its vulnerability data were used to represent applications and findings in the platform.

      AquaSec Guide - Data Mapping in RiskSense

      Application Findings Page

      Container image findings are identified using the image’s metadata (as described above). In addition, all vulnerabilities reported by Aqua are with respect to a resource (such as an executable or a binary) that is part of the image and is known to be vulnerable. Data about a finding’s vulnerable resource can be found in the Container Resource Information section of a container finding’s detail pane.

      CVE data is frequently given as it pertains to a container image vulnerability. CVE and other vulnerability data can now be found in the Application Finding Detail pane under the Vulnerability section. RiskSense uses CVE data to provide users with information about associated threats. Threat data is now also displayed in a container finding’s detail pane.

      AquaSec Guide - Application Findings Page Detail

      AquaSec Guide - Application Findings Page Detail 2

      RiskSense Mapping of AquaSec Data

      Section RiskSense Field Aqua Field
      Applications Address Registry Name + Repository + Tag
      Name Repository + Tag
      Location Vulnerable Resource Identifier
      Application Findings Title Title
      Description Description
      Severity Aqua Score
      Solution Fix Version, Solution
      Vulnerabilities Title
      Resource Detail Name Resource Name
      Path Resource Path
      Type Resource Type
      CPE Resource CPE
      Version Resource Version
      Hash Resource Hash
      Arch Arch
      Licenses Licenses