Skip to main content

Invicti

Invicti is a dynamic application security testing (DAST) and interactive application security testing (IAST) scanning tool. You can bring website and application issues from Invicti into Brinqa to construct a comprehensive and unified view of your attack surface and strengthen your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Invicti and how to obtain that information from Invicti. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Invicti from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Invicti with Brinqa:

  • API URL: The Invicti API URL. The default URL is https://www.netsparkercloud.com.

  • User ID and API token: The user ID and API token associated with the Invicti account, which must have permissions to log in to the API server and return data.

Generate an Invicti API token

For the Invicti connector to use the Invicti Enterprise API, you must provide an API token.

To view the API token for an existing user, follow these steps:

  1. Log in to your Invicti Enterprise account.

  2. Click your name on the upper-right corner of the page and navigate to API Settings.

  3. Enter your password and click Submit.

    Your Invicti User ID and token display. Copy the API token and save it in a secure location.

To generate a new API token, follow these steps:

  1. Log in to your Invicti Enterprise account.

  2. Click your name in the upper-right corner of the page and navigate to API Settings.

  3. Enter your password and click Submit.

  4. Click Reset API Token. A new window appears.

  5. Click Reset API Token.

    The new Invicti API token displays. Copy the API token and save it in a secure location.

note

If you do not have the permissions to view or create an API token, contact your Invicti administrator. For additional information, see Invicti documentation.

Additional settings

The Invicti connector contains additional options for specific configuration:

  • Page size: The maximum number of records to get per API request. The default setting is 200. It is not recommended to go over 200.

  • Parallel requests: The maximum number of parallel API requests. The default setting is 4.

  • Max retries: The maximum number of times that the integration attempts to connect to the Invicti API before giving up and reporting a failure. The default setting is 10

  • Skip certificate verification: Select this option to allow for untrusted certificates.

Types of data to retrieve

The Invicti connector can retrieve the following types of data from the Invicti API:

Table 1: Data retrieved from Invicti

Connector ObjectRequiredMaps to Data Model
IssueYesDynamic Code Finding
Issue DefinitionYesDynamic Code Finding Definition
ScanNoNot mapped
WebsiteYesSite
info

The Invicti connector does not currently support operation options for the types of data it retrieves.

For detailed steps on how to view the data retrieved from Invicti in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes.

Issue

Table 2: Issue attribute mappings

Source Field NameMaps to Attribute
content.requestContentrequest
content.responseContentresponse
issue.assigneeNameLocal variable (assignee)
issue.certaintyLocal variable (certainty)
issue.firstSeenDatelastSeen
issue.getStatestatus(normalized), statusCategory
issue.iduid
issue.isAddressedLocal variable (isAddressed)
issue.isDetectedBySharkLocal variable (isDetectedByShark)
issue.isPresentLocal variable (isPresent)
issue.isRetestLocal variable (isRetest)
issue.tagstags
issue.isTodoLocal variable (isTodo)
issue.lastScanIdfirstSeen
issue.lastScanIdLocal variable (lastScanId)
issue.severityseverity(normalized), sourceSeverity, severityScore
issue.typetype
issue.updatedDatesourceLastModified
issue.urlurl
issue.websiteIdtargets
issue.websiteNameLocal variable (websiteName)
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models (UDM). They only exist on the source data model (SDM).

Issue Definition

Table 3: Issue Definition attribute mappings

Source Field NameMaps to Attribute
classification.asvs40Local variable
classification.capecLocal variable
classification.hipaaLocal variable
classification.disaStigLocal variable
classification.iso27001Local variable
classification.nistsp80053Local variable
classification.pci32Local variable
classification.wascLocal variable
classification.owasp2013owaspCategories
classification.owasp2017owaspCategories
classification.owaspApiTop10owaspCategories
classification.owaspTopTen2021owaspCategories
vulnerabilityType.actionsrecommendation
vulnerabilityType.remedyrecommendation
vulnerabilityType.classification.cwecweIds, weaknesses
vulnerabilityType.cvss31VectorStringUse CVSS Calculator
vulnerabilityType.cvss31VectorUse CVSS Calculator
vulnerabilityType.cvssVectorStringUse CVSS Calculator
vulnerabilityType.cvssVectorUse CVSS Calculator
vulnerabilityType.descriptionname
vulnerabilityType.externalReferencesreferences
vulnerabilityType.remedyReferencesreferences
vulnerabilityType.impactdescription
vulnerabilityType.proofOfConceptresults
vulnerabilityType.severityseverity(normalized), sourceSeverity, severityScore
vulnerabilityType.summarysummary
vulnerabilityType.typecategories
vulnerabilityType.typeuid
vulnerabilityType.skillsLocal variable
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models (UDM). They only exist on the source data model (SDM).

Use CVSS calculator indicates that the CVSS (Common Vulnerability Scoring System) vectors and scores aren't directly mapped to a specific attribute on the UDM. Instead, a specialized library calculates the CVSS scores from the provided CVSS vector strings.

Website

Table 4: Website attribute mappings

Source Field NameMaps to Attribute
categoriescategories
website.agentModeLocal variable
website.createdAtsourceCreatedDate
website.groups.nameLocal variable
website.iduid
website.isVerifiedLocal variable
website.licenseTypeLocal variable
website.namename, description
website.rootUrldescription, url
website.tagstags
website.technicalContactEmailLocal variable
website.updatedAtsourceLastModified
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models (UDM). They only exist on the source data model (SDM).

APIs

The Invicti connector uses the Invicti Enterprise API v1. Specifically, it uses the following endpoints:

Table 5: Invicti API Endpoints

Connector ObjectAPI Endpoints
IssueGET /api/1.0/issues/allissues
GET /api/1.0/issues/getvulnerabilitycontent/{issueId}
Issue DefinitionGET /api/1.0/vulnerability/list
ScanGET /api/1.0/scans/list
WebsiteGET /api/1.0/websites/list

Changelog

The Invicti connector has undergone the following changes:

3.0.5

  • Code clean up and general maintenance.

3.0.4

  • Fixed an issue where the Issue object sync was failing.

3.0.3

  • Fixed data type mismatches for the following attributes:

    • IS_VERIFIED
    • SOURCE_CREATED_DATE
    • SOURCE_LAST_MODIFIED
    • SOURCE_SEVERITY

3.0.2

  • Enhanced the STATUS_CATEGORY attribute in the Activity object to retrieve all values from the source.

3.0.1

  • Aligned the severity number retrieved from the source with the risk rating in the Brinqa Platform.

3.0.0

Last updated on