Veracode (Application Security Testing).Tenable (Enterprise Vulnerability Management).
BURP SUITE SCAN SOFTWARE
Parasoft (automated software testing, AppSec).Hex-Rays (IDA Pro, Hex-Rays Decompiler).E-SPIN Ecosystem World Solution Portfolio Overview.With the field extractor results it is quite simple to obtain a variety of information.įurthermore the SOC team can use the provided data to correlate them with real time analysis and improve their efficiency on attack classification. Since the scanner results are already on the Splunk interface, it is possible to configure the field extractor functionality and map the main fields like vulnerability, severity, url, etc. The vulnerabilities found during scanning will be available in form of events in Splunk. While the analysts perform their normal web application security assessments, the plugin will silently obtain the results produced by the scanner and send them to Splunk, in such way the SOC team can use this information to improve their correlation work.
When loaded successfully, you should see the following output: Using ActiveEvent Next in the Extender Tab > Extensions > Add, choose Ruby as an extension type and specify the path to this plugin. This syntax will load Burp Suite and inform through this parameters the Splunk IP address, TCP port (default is 8088) and API token value.Īs soon as Burp starts, go to Extender Tab > Options > Ruby Environment and specify the path to your JRuby jar file. The previous steps will generate a token that should be used as a command line argument in Burp: java -XX:MaxPermSize=1G -jar burp.jar 127.0.0.1 8088 'xxx-yyy-api-key' Follow the necessary steps to generate the token. This action can be achieved by accessing Splunk's HTTP Event Collector through the web management interface by clicking in Menu> Data Input> Http Event Collector > New Token. Configuring ActiveEventĪctiveEvent has to connect to Splunk in order to convert vulnerabilities in forms of events. The core idea is that the log management team can immediately benefit from the results produced by the penetration testing team for its daily activities. The plugin allows both the SOC and penetration test teams to do better data fusion by integrating their processes (web application security testing and log management). This plugin allows both the SOC and penetration test teams to integrate their process of web application security assessment and Log management to extract useful information. As soon as the scanner reports new vulnerabilities, the plugin parses the results, transforms and sends them in form of events directly into the Splunk management interface using the Http Event Collector functionality. The pluginĪctiveEvent is a Burp Suite plugin that continuously monitors Burp scanner for new security issues. To merge the best of both worlds, we developed a Burp extension named ActiveEvent to facilitate the integration of web application vulnerability management with SOC operations.
Burp provides to their users the possibility to extend its functionalities through the Burp Extender API. It is widely used by Security Operation Centre (SOC) teams to provide advanced security event monitoring, threat analytics, incident response and cyber threat management.īurp Suite is a must-have web application attack proxy tool used by security analysts around the world to perform penetration testing against web applications. Splunk is a fully featured, powerful platform for collecting, searching, monitoring and analyzing machine data.
0 kommentar(er)
