WhiteHat Sentinel
WhiteHat Sentinel by Synopsys is an application security tool that identifies vulnerabilities across your web applications. You can bring attack vector, dynamic code, and site data from WhiteHat Sentinel into Brinqa to centralize your applications attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with WhiteHat Sentinel and how to obtain that information from WhiteHat Sentinel. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select WhiteHat Sentinel from the Connector drop-down list. You must provide the following information to authenticate WhiteHat Sentinel with Brinqa:
-
Service URL: The WhiteHat Sentinel service URL. The default URL is
https://sentinel.whitehatsec.com. -
API Key: The access key associated with the WhiteHat Sentinel account, which must have permissions to log in to the API server and return data.
Generate a WhiteHat Sentinel API key
For the WhiteHat Sentinel connector to access the WhiteHat Sentinel API, you must provide an API key. You can access an existing API key or generate a new one. To obtain an API key, follow these steps:
-
Log in to your organization's WhiteHat Sentinel account.
-
Click My Profile and then the API Key tab.
-
Type your password in the Verify password field and click Authenticate.
The API key displays. If this is your first time requesting an API key, a new key is generated. Click Regenerate API key if you want to replace your existing key.
If you do not have the permissions to create an API key, contact your WhiteHat Sentinel administrator. For additional information, see WhiteHat Sentinel documentation.
Additional settings
The WhiteHat Sentinel connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 4.
Types of data to retrieve
The WhiteHat Sentinel connector can retrieve the following types of data from the WhiteHat Sentinel API:
Table 1: Data retrieved from WhiteHat Sentinel
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Application | Yes | Application |
| Attack Vector | No | Not mapped |
| Dynamic Code Finding | Yes | Dynamic Code Finding |
| Dynamic Code Finding Definition | Yes | Dynamic Code Finding Definition |
| Issue | Yes | Static Code Finding |
| Site | Yes | Site |
For detailed steps on how to view the data retrieved from WhiteHat Sentinel in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Application
Table 2: Application attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| CLIENT_RATING_METHOD | Local variable |
| DATE_CREATED | sourceCreatedDate |
| INDUSTRY | Local variable |
| LAST_SCANNED | lastScanned |
| LANGUAGE | languages |
| NAME | name |
| ORG | Local variable |
| OWNER | Local variable |
| PACKAGE_NAME | Local variable |
| PHASE | Local variable |
| PLATFORM | Local variable |
| PRE_SCAN_STATUS | Local variable |
| SCAN_STATUS | Local variable |
| SE | Local variable |
| STATUS | status |
| SUB_ID | Local variable |
| SYS_ID | uid |
| TAGS | tags |
| TYPE | category, assetType |
Dynamic Code Finding
Table 3: Dynamic Code Finding attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| accepted | Local variable |
| category | categories |
| cvssBaseScore | Use CVSS calculator |
| cvssBaseVector | Use CVSS calculator |
| cvssEnvScore | Use CVSS calculator |
| cvssEnvVector | Use CVSS calculator |
| customRisk | Local variable |
| definitionID | type |
| directRemediationAvailable | patchAvailable |
| firstFound | firstFound |
| impact | Local variable |
| isAccessible | Local variable |
| lastClosed | lastFixed |
| lastFound | lastFound |
| lastModified | sourceLastModified |
| lastRetested | Local variable |
| likelihood | Local variable |
| manual | Local variable |
| outOfScoreReasons | Local variable |
| request | request |
| reason | Local variable |
| response | response |
| retestStatus | status |
| risk | Local variable |
| severity | severity, severityScore |
| siteID | targets, Local variable |
| siteName | Local variable |
| status | status, statusCategory |
| subID | Local variable |
| tags | tags |
| threat | Local variable |
| unreachable | Local variable |
| url | url |
| verificationStatus | status |
| sysID | uid |
Dynamic Code Finding Definition
Table 4: Dynamic Code Finding Definition attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| cvssV3Score | cvssV3BaseScore |
| cvssV3Vector | cvssV3Vector |
| description | description |
| name | name |
| retired | Local variable |
| risk | Local variable |
| solution | recommendation |
| sysID | uid |
| title | Local variable |
Issue
Table 5: Issue attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| APP_ID | targets |
| CATEGORY | categories |
| CUSTOM_RISK | Local variable |
| CVE | cveIds, cveRecords |
| CVSS_BASE_SCORE | calculator |
| CVSS_BASE_VECTOR | calculator |
| CVSS_ENV_SCORE | calculator |
| CVSS_ENV_VECTOR | calculator |
| DAST_CLASSES | Local variable |
| DEFINITION_ID | type, Local variable |
| DESCRIPTION | description |
| FILE_NAME | name |
| FIRST_FOUND | firstFound |
| IMPACT | Local variable |
| LAST_FOUND | lastFound |
| LAST_MODIFIED | sourceLastModified |
| LIKELIHOOD | Local variable |
| RISK | Local variable |
| SCORE | Local variable |
| SOLUTION | Local variable |
| STATUS | status |
| SYS_ID | uid |
| TAGS | tags |
| THREAT | Local variable |
Site
Table 6: Site attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| applianceID | Local variable |
| associatedHostname | Local variable |
| categories | categories |
| clientID | Local variable |
| hostname | hostname |
| industry | Local variable |
| name | name |
| notes | Local variable |
| organization | Local variable |
| speed | Local variable |
| status | status |
| sysID | uid |
| usesSatellite | Local variable |
| weight | Local variable |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models (UDM). They only exist on the source data model (SDM).
Use CVSS calculator indicates that the CVSS (Common Vulnerability Scoring System) vectors and scores aren't directly mapped to a specific attribute on the UDM. Instead, a specialized library calculates the CVSS scores from the provided CVSS vector strings.
Operation options
The WhiteHat Sentinel connector supports the following operation options. See connector operation options for information about how to apply them.
Table 7: WhiteHat Sentinel connector operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| Attack Vector | status | accepted, certified, closed, open | A comma-separated list of attack vector statuses. Retrieve attack vector information based on the specific status as determined by WhiteHat Sentinel. | Key: status Value: accepted. This key and value combination only retrieves attack vector information with a status of accepted. |
| Dynamic Code Finding | status | accepted, closed, invalid, mitigated, out_of_scope | A comma-separated list of finding statuses. Retrieve findings based on the specified status as determined by WhiteHat Sentinel. | Key: status Value: mitigated,accepted. This key and value combination only retrieves findings with a status of accepted or mitigated. |
| Issue | status | closed, discovered, false, open | A comma-separated list of issue statuses. Retrieve issue information based on the specific status as determined by WhiteHat Sentinel. | Key: status Value: open,discovered. This key and value combination only retrieves issues with a status of open or discovered. |
The option keys and values are case-sensitive as they are shown in this documentation.
APIs
The WhiteHat Sentinel connector uses the WhiteHat Sentinel API v1 and v2. Specifically, it uses the following endpoints:
Table 8: WhiteHat Sentinel API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Application | GET /api/assets |
| Attack Vector | GET /api/findings |
GET /api/vuln/{findingId}/attack_vector | |
| Dynamic Code Finding | GET /api/findings |
GET /api/vuln/{findingId}/attack_vector | |
| Dynamic Code Finding Definition | GET /api/vulnerabilityClasses |
| Issue | GET /api/source_vuln |
GET /api/vulnerabilityClasses | |
| Site | GET /api/v2/sites |
Changelog
The WhiteHat Sentinel connector has undergone the following changes:
Table 9: WhiteHat Sentinel connector changelog
| Version | Description |
|---|---|
| 3.0.3 | No change. |
| 3.0.2 | - Changed the MANUAL attribute type on the Dynamic Code Finding object from string to boolean. - Changed the SOURCE_SEVERITY attribute type on the Dynamic Code Finding object from string to integer. |
| 3.0.1 | No change. |
| 3.0.0 | Initial Integration+ release. |