Integrations
It is possible to send Cyberwatch data to a third party system using Integrations.
Creation of Integration
- Click on Administration
- Click on Integrations
- Click on Add
-
Complete the fields of the integration creation form:
- Integration protocol: Protocol of the integration, available protocols are:
- HTTP hook to send HTTP rest requests
- SMTP hook to send emails using SMTP configured in Administration > SMTP
- Name of the integration: Integration name that will be displayed in the integration choice lists
- Location of the integration hook: Location where it will be possible to find the integration. The available locations are:
- Inventory: corresponds to the Inventory.
- Server details - Detection: corresponds to a server page on the “Vulnerabilities” tab.
- Server details - Patching: corresponds to a server page on the “Patch management” tab.
- Vulnerability details: corresponds to a specific vulnerability page in the Vulnerability Encyclopedia.
- Integration protocol: Protocol of the integration, available protocols are:
-
For HTTP hook integrations:
- URL of the request: URL to which the data will be sent.
-
Headers of the request: Headers of the request in the form of a dictionary, example:
{ "Accept-Charset": "utf-8", "Accept-Encoding": "gzip", "Authorization": "Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==", "Content-Type": "application/json", "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20100101 Firefox/12.0" }
- Body of the request: Body of the request containing the data to send. Keywords are used to add the selected data to Cyberwatch:
#SERVER_NAME#
: Name of the selected server.#SERVER_NAMES#
: Name of selected servers.#CVE_ANNOUNCEMENT#
: CVE code of the selected CVE.#CVE_ANNOUNCEMENTS#
: CVE codes of selected CVEs.#PRODUCT#
: Name of the selected package/application.#PRODUCTS#
: Name of selected packages/applications.
- HTTP method of the request: Choice of the HTTP method with which the request will be sent.
- Use a self-signed certificate for this request: Used to connect to a self-signed server. Warning: Connecting to a self-signed server poses a risk that a third party can intercept traffic to the server via this certificate.
- Use the proxy configuration for this request: Allows to use the proxy configured in Cyberwatch.
-
For SMTP hook integrations:
- Recipient’s email address.
- Subject of the email.
- Content of the email: The message containing the data to send. Available keywords are the same as the one described in Body of the request for HTTP hook integrations.
- Save
If the fields have been correctly filled in, the integration will appear in the list of integrations.
Edit an Integration
- Click on Administration
- Click on Integrations
- Click on the edit button (pencil icon) corresponding to the integration to edit
- Modify the desired fields in the form. The fields are completed with the values of the edited integration
- Save
Delete an Integration
- Click on Administration
- Click on Integrations
- Click on the delete button (trash icon) corresponding to the integration to delete
- Confirm
Test an Integration
- Click on Administration
- Click on Integrations
- Click on the test button (arrow icon) corresponding to the integration to test
- Check that a modal containing the state of the response appears, attesting to the connection with the server.
Use an Integration
The integrations can be used at different locations depending on the choice made in the creation/edition form:
Inventory
- Click on Inventory
- Select the assets to send
- Click on the button
Bulk actions
- Click on the name of the integration in the drop-down menu
- Check the status of the response in the modal at the top right
Server details - Detection
- Click on Inventory
- Click on the name of the asset from which send the data
- Click on the
Vulnerabilities
tab - Select the vulnerabilities to send
- Click on the arrow to the right of the
Ignore and comment
button - Click on the name of the integration in the drop-down menu
- Check the status of the response in the modal at the top right
Server details - Patching
- Click on Inventory
- Click on the name of the asset from which send the data
- Click on the
Patch management
tab - Select the packages/applications/vulnerabilities to send
- Click on the arrow to the right of the
Schedule selected fixes
button (or theSend the selection
button in case of an asset on “scan only” mode) - Click on the name of the integration in the drop-down menu
- Check the status of the response in the modal at the top right
Vulnerability details
- Click on Vulnerability Encyclopedia
- Click on a CVE reference to access the details of this CVE
- Select the assets to send
- Click on the arrow to the right of the
Ignore and comment
button - Click on the name of the integration in the drop-down menu
- Check the status of the response in the modal at the top right