Edgescan Connector Guide

How to set up and use the Edgescan connector in RiskSense.

Edgescan Connector Overview

The RiskSense platform provides an API-based connector integration with Edgescan that allows users to ingest their Edgescan findings into RiskSense to gain visibility of their overall risk due to vulnerabilities in their applications and network, enabling a simplified and efficient way to manage those vulnerabilities.

RiskSense users can configure the connector to pull scan data from Edgescan on a periodic basis. Data from Edgescan is ingested as Applications/Application Findings and Hosts/Host Findings in RiskSense.

About Edgescan

Edgescan is a cloud-based continuous vulnerability management and penetration testing solution. It is a highly accurate security-as-a-service (SaaS) solution that helps clients discover and manage application and network vulnerabilities (full-stack information security) on an ongoing basis.

Edgescan Setup

  • Setting up the connector requires an active subscription to Edgescan.
  • Integrate both network and applications into the Edgescan platform once. The RiskSense connector pulls this data and categorizes it into Applications/Hosts and their corresponding findings.

Configuring the Edgescan Connector

Navigate to the Automation > Integrations page in RiskSense.

Edgescan Connector Guide - Integrations Page

Using the search bar in the Integrations page’s upper-right corner, type Edgescan to find the connector.

Edgescan Connector Guide - Search for Edgescan

Click Configuration in the Edgescan connector card.

Edgescan Connector Guide - Configuration Button Location

Complete the following required fields.

  • Name: Connector name.
  • URL: Edgescan instance URL.
  • API Key: Edgescan instance API key.
    • To generate a token, open the Edgescan user interface and navigate to the Config > General
    • Enter a descriptive label in the text box at the bottom of the table and click Create. A window appears, showing the generated token.
    • Copy this token and store it in a safe place. This token is required when accessing the Edgescan API. Once the window is closed, the token will never be displayed again.

Edgescan Connector Guide - Authentication Token

  • Network: RiskSense network name.

Edgescan Connector Guide - Connector Configuration

Once the fields have been filled out, click Test Credentials to ensure the connector can connect to the Edgescan instance.

Additional connector configurations, such as Schedule and Connector-Specific Options can be set up, as well. Once connector configuration is complete, click the Save button.

Edgescan Connector Guide - Additional Connector Settings

When the connector is set up, a new entry for it appears at the top of the Integrations page. This connector runs once the initial setup is complete. Check the connector’s status by click the History button.

Edgescan Connector Guide - History Button Location

Edgescan Connector Guide - Connector History

In the Upload Center (navigate to the Settings (Settings Menu - Gear - Small) > Upload page), files pulled from Edgescan are parsed, aggregated, and filtered for displaying data on the Applications/Hosts pages.

Edgescan Connector Guide - Connector Files Pulled

Edgescan Data Mapping in RiskSense

An Edgescan scan file’s data is ingested into RiskSense’s Hosts and Applications pages along with their corresponding findings.

The Scanner Name associated with these scans is based on the asset type, as shown below.

  • For Applications and Application Findings: EDGESCANAPP
  • For Hosts and Host Findings: EDGESCANNET

Scanner name can be used as a filter on the Application/Application Findings and Host/Host Findings pages.

Applications

Application data extracted from the scan file is available on the Applications page.

Edgescan Connector Guide - Applications Page View

Edgescan assets are added as connector tags with the prefix asset name <Asset in Edgescan>, and individual applications are mapped to the Name field with the corresponding application URL. All other asset-level tags, such as Authenticated, PCI Enabled, and other tag categories, are added as connector tags in RiskSense. These tags are filterable.

In the Application Detail pane under the Sources section, the scanner is listed as EDGESCANAPP. The page can be filtered using this information.

Application Findings

View all Edgescan application findings on the Application Findings page in RiskSense.

Edgescan Connector Guide - Application Findings Page View

RiskSense separates assets at a higher level, delivering a clear picture of applications and hosts associated with that particular asset. Distinguishing between Edgescan network- and application-level findings, each asset is also mapped as finding tags in RiskSense with the prefix layer <Layer in Edgescan>. These tags can be used to filter data, as well.

Hosts

Network data extracted from the Edgescan file is available on the Hosts page.

Edgescan Connector Guide - Hosts Page View

Edgescan assets are added as connector tags with the following prefix asset name: <Asset in Edgescan>. Individual hosts are mapped to the Host Name. CIDR-based host assets are categorized based on their individual IP Address with their vulnerabilities.

All other asset-level tags, such as Authenticated, PCI Enabled, and other tag categories, are added as connector tags in RiskSense. These tags are filterable.

In the Host Detail pane under the Sources section, the scanner is listed as EDGESCANNET. The page can be filtered using this information.

Host Findings

All Edgescan findings are available on the Host Findings page in RiskSense.

Edgescan Connector Guide - Host Findings Page View

Since RiskSense separates assets at higher level, it provides a clear picture of applications and hosts associated with that particular asset.

Distinguishing between Edgescan network- and application-level findings, each asset is also mapped as finding tags in RiskSense with the prefix layer <Layer in Edgescan>. These tags can be used to filter data, as well.

Edgescan Data Mapping in RiskSense

The table below maps Edgescan fields to RiskSense fields.

Section RiskSense Field Edgescan Field Filter Display Value
Applications Name Asset name Name
Address Location URL associated with each asset URL
Tags > Connector Name of asset and all associated asset tags

Tag

  • Filter value for asset can be prefixed with Asset Name, followed by value
  • Filter value for label can be prefixed with Label, followed by value
Application Findings Title Name of each vulnerability Title
URL Location URL
WebApplication Asset name WebApplication
ID Definition ID Scanner Plugin
Finding Tags Layer

Tag

  • Filter value for asset can be prefixed with Asset Name, followed by value
Asset Tags Asset name and all associated asset tags

Web Application Tag

  • Filter value for asset can be prefixed with Asset Name, followed by value
  • Filter value for label can be prefixed with Label, followed by value
Description Description N/A
Severity (1-10) Risk (1-5)

Severity and Severity Group

Here’s the mapping between Edgescan and RiskSense, respectively:

5  → 10

4 → 8.9

3 → 6.9

2 → 3.9

1 → 0
Possible Solution Remediation N/A
Detailed Information Request/Response N/A
Hosts Host Name Location of each host (includes CIDR and IP) Host Name
IP Address Location IP Address
Total Findings associated with each individual host No
Host Findings Title Name of each vulnerability Title
Host Name Location (includes CIDR) URL
WebApplication Asset name WebApplication
ID Definition ID Scanner Plugin
Criticality

Criticality

(asset.priority scale to 50%, rounding up and applied to ALL hostnames)
Criticality and Criticality State
Finding Tags Layer

Tag

  • Filter value can be prefixed with Layer, followed by value
  • Filter value for label can be prefixed with Label, followed by value
Asset Tags Name of asset and all associated asset tags

Asset Tag

  • Filter value for asset can be prefixed with Asset Name, followed by value
  • Filter value for label can be prefixed by Label, followed by value
Description Description N/A
Severity (1-10) Risk (1-5)

Severity and Severity Group

Here’s the mapping between Edgescan and RiskSense, respectively:

5  → 10

4 → 8.9

3 → 6.9

2 → 3.9

1 → 0
Possible Solution Remediation N/A

Useful Filters

This section describes some high-level filters that are useful to better visualize Edgescan data.

Application Filters

Filter Fields Description
Scanner Name Added a new scanner name (EDGESCAN) for applications.
Scanner Type Added a new scanner type (DAST) for applications.
Tags
  • The filter value for asset can be prefixed with Asset Name, followed by value to filter findings based on the asset.
  • Added all asset-level tags, like PCI Enabled , Authenticated, etc., to filter findings based on category.

Application Findings Filters

Filter Fields Description
Finding Type Added a new finding type (DAST) for application findings.
Tag
  • The filter value can be prefixed with Layer, followed by value to filter findings based on the layer.
  • The filter value for label can be prefixed with Label, followed by value to filter findings based on associated labels.
Web Application Tag
  • The filter value for asset can be prefixed with Asset Name, followed by value to filter findings based on the asset.
  • Added all asset-level tags, like PCI Enabled , Authenticated, etc., to filter findings based on category.