Skip to content

Commit 09908fa

Browse files
synack-akozynetssynack-akozynets
authored
Improved readme file for Synack task
1 parent b096f93 commit 09908fa

1 file changed

Lines changed: 33 additions & 19 deletions

File tree

tasks/connectors/synack/readme.md

Lines changed: 33 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,31 @@
1-
## Running the Synack task
1+
## Support
2+
For help or any questions related to Synack toolkit task, please contact Synack support at help@synack.com
23

3-
This toolkit brings in data from Synack
4+
## About the Synack task
45

5-
To run this task you need the following information from Synack:
6+
This toolkit task fetches Exploitable Vulnerabilities from Synack platform and ingests them into Kenna.
7+
In Kenna, the Vulnerabilities will be added to an Asset. It will either create new Assets, or map to an existing one if there is a match.
68

7-
1. Synack API Url. Just the domain name, no prefixes. For example, api.synack.com.
8-
2. Synack API token
9+
It is recommended to use the option **asset_defined_in_tag** (enabled by default). It allows you to:
10+
- filter the list of Synack Exploitable Vulnerabilities that would be ingested into Kenna
11+
- put the Vulnerabilities in the desired Assets in Kenna
12+
13+
To run this task you need the following information
14+
### From Synack
15+
- Synack API Url. Just the domain name, no prefixes. For example, api.synack.com
16+
- Synack API token
17+
18+
### From Kenna
19+
- Kenna Connector ID
20+
- Kenna API key
921

1022
## Command Line
1123

12-
See the main Toolkit for instructions on running tasks. For this task, if you leave off the Kenna API Key and Kenna Connector ID, the task will create a json file in the default or specified output directory. You can review the file before attempting to upload to the Kenna directly.
24+
See the main Toolkit readme for [general instructions](https://github.com/KennaSecurity/toolkit/blob/master/README.md) on running Kenna toolkit tasks.
25+
26+
For this task, if you leave off the Kenna API Key and Kenna Connector ID, the task will create a json file in the default or specified output directory. You can review the file before attempting to upload to Kenna directly.
1327

14-
Recommended Steps:
28+
### Recommended Steps:
1529

1630
1. Run with Synack keys only to ensure you are able to get data properly from Synack
1731
1. Review output for expected data
@@ -20,15 +34,15 @@ Recommended Steps:
2034
1. Click on the name of the connector to get the connector id
2135
1. Run the task with Synack keys and Kenna key/connector id
2236

23-
Complete list of Options:
24-
25-
| Option | Required | Description | default |
26-
|----------------------|----------|----------------------------------------------------------------------------------------------------------------------|-----------------------|
27-
| synack_api_host | false | Synack API hostname without prefixes. | api.synack.com |
28-
| synack_api_token | true | Synack API token | n/a |
29-
| kenna_api_key | false | Kenna API Key for use with connector option | n/a |
30-
| kenna_api_host | false | Kenna API Hostname | api.kennasecurity.com |
31-
| kenna_connector_id | false | If set, we'll try to upload to this connector | n/a |
32-
| kenna_batch_size | false | Maximum number of vulnerabilities to upload to Kenna in each batch. Increasing this value could improve performance. | 1000 |
33-
| output_directory | false | If set, will write a file upon completion. Path is relative to #{$basedir} | output/synack |
34-
| asset_defined_in_tag | false | If set to false, we will only fetch from Synack vulnerbilities that have tag starting with "kenna::". The Kenna asset for vulnerability is defined by the tag "kenna::\<asset locator type\>::\<asset locator value\>". For example, if your Synack vulnerability has a tag "kenna::url::https\:\/\/www\.cisco\.com" it will be added to asset with locator type URL set to https\:\/\/www\.cisco\.com <br/><br/> If set to false - the assets will be created from Synack vulnerability's vulnerability location field. | true |
37+
### Complete list of Options:
38+
39+
| Option | Required | Description | default |
40+
|----------------------|----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|
41+
| synack_api_host | false | Synack API hostname without prefixes. | api.synack.com |
42+
| synack_api_token | true | Synack API token | n/a |
43+
| kenna_api_key | false | Kenna API Key for use with connector option | n/a |
44+
| kenna_api_host | false | Kenna API Hostname | api.kennasecurity.com |
45+
| kenna_connector_id | false | If set, we'll try to upload to this connector | n/a |
46+
| kenna_batch_size | false | Maximum number of vulnerabilities to upload to Kenna in each batch. Increasing this value could improve performance. | 1000 |
47+
| output_directory | false | If set, will write a file upon completion. Path is relative to #{$basedir} | output/synack |
48+
| asset_defined_in_tag | false | If set to true, we will only fetch from Synack vulnerbilities that have tag starting with "kenna::".<br/>The Kenna asset for vulnerability is defined by the tag "kenna::\<asset locator type\>::\<asset locator value\>".<br/>For example, if your Synack vulnerability has a tag "kenna::url::https\:\/\/www\.cisco\.com" it will be added to asset with locator type URL set to https\:\/\/www\.cisco\.com <br/><br/>If set to false - the assets will be created from Synack vulnerability's vulnerability location field. | true |

0 commit comments

Comments
 (0)