Kenna v2
Kenna Pack.#
This Integration is part of theUse the Kenna v2 integration to search and update vulnerabilities, schedule a run connector, and manage tags and attributes.
#
Configure Kenna v2 on Cortex XSOAR- Navigate to Settings > Integrations > Servers & Services.
- Search for Kenna v2.
- Click Add instance to create and configure a new integration instance.
- Name: a textual name for the integration instance.
- Server URL (e.g. https://api.kennasecurity.com)
- Kenna API key
- Use system proxy settings
- Trust any certificate (not secure)
- Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
1. Search vulnerabilitiesSearches for vulnerabilities in Kenna.
#
Base Commandkenna-search-vulnerabilities
#
InputArgument Name | Description | Required |
---|---|---|
id | Vulnerability ID to search. | Optional |
top-priority | Whether to return vulnerabilities that Kenna deems a top priority to fix. Can be "true" or "false". | Optional |
min-score | The minimum vulnerability score for which to return vulnerabilities. | Optional |
status | The status of the vulnerability. Can be "open", "closed", "risk_accepted", or "false_positive". | Optional |
limit | The maximum number of vulnerabilities to return. The default value is 500. | Optional |
to_context | Whether to flush to context. Can be "True" or "False". The default value is "True". | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Kenna.Vulnerabilities.AssetID | Number | The asset ID related to the vulnerability. |
Kenna.Vulnerabilities.Connectors.DefinitionName | String | The connector definition name related to the vulnerability. |
Kenna.Vulnerabilities.Connectors.ID | Number | The connector ID related to the vulnerability. |
Kenna.Vulnerabilities.Connectors.Name | String | The connector name related to the vulnerability. |
Kenna.Vulnerabilities.Connectors.Vendor | String | The connector vendor related to the vulnerability. |
Kenna.Vulnerabilities.CveID | String | The CVE ID related to the vulnerability. |
Kenna.Vulnerabilities.FixID | String | The fix ID related to the vulnerability. |
Kenna.Vulnerabilities.Patch | Boolean | Whether there is a patch related to the vulnerability. |
Kenna.Vulnerabilities.ScannerVulnerabilities.ExternalID | String | The vulnerability scanner external ID. |
Kenna.Vulnerabilities.ScannerVulnerabilities.Open | Boolean | Whether the vulnerability scanner is open. |
Kenna.Vulnerabilities.ScannerVulnerabilities.Port | Number | The vulnerability scanner port. |
Kenna.Vulnerabilities.Score | Number | The vulnerability score. |
Kenna.Vulnerabilities.ServiceTicket.DueDate | Date | The service ticket due date. |
Kenna.Vulnerabilities.ServiceTicket.ExternalIdentifier | String | The service ticket external identifier. |
Kenna.Vulnerabilities.ServiceTicket.Status | String | The service ticket status. |
Kenna.Vulnerabilities.ServiceTicket.TicketType | String | The service ticket type. |
Kenna.Vulnerabilities.Severity | Number | The vulnerability severity. |
Kenna.Vulnerabilities.Status | String | The vulnerability status. |
Kenna.Vulnerabilities.Threat | Number | The vulnerability threat. |
Kenna.Vulnerabilities.TopPriority | Number | The vulnerability priority. |
Kenna.Vulnerabilities.ID | Number | The vulnerability ID. |
#
Command Example!kenna-search-vulnerabilities limit=5
#
Context Example#
Human Readable Output#
Kenna VulnerabilitiesName | Score | id |
---|---|---|
CVE-2018-1273 | 100 | 631199 |
CVE-2018-2628 | 100 | 631194 |
CVE-2018-20250 | 100 | 631026 |
CVE-2018-16858 | 100 | 631027 |
CVE-2017-8917 | 100 | 631927 |
#
2. Run a connectorExecutes a run of the specified connector. If file based, it will use the most recently uploaded data file.
#
Base Commandkenna-run-connector
#
InputArgument Name | Description | Required |
---|---|---|
id | The connector ID to run. | Required |
#
3. Search fixesFilters fixes by a given set of vulnerability and asset parameters and returns the filtered fixes.
#
Base Commandkenna-search-fixes
#
InputArgument Name | Description | Required |
---|---|---|
id | The vulnerability ID for which to search. | Optional |
top-priority | Whether to return vulnerabilities that Kenna deems a top priority to fix. Can be "true" or "false". | Optional |
min-score | The minimum vulnerability score for which to return vulnerabilities. | Optional |
status | The status of the vulnerability. Can be "open", "closed", "risk_accepted", or "false_positive". | Optional |
vulnerabilities | vulnerabilities for search. | Optional |
limit | The maximum number of vulnerabilities to return. The default value is 500. | Optional |
to_context | Whether to flush to context. Can be "True" or "False". The default value is "True". | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Kenna.Fixes.ID | Number | The fix ID. |
Kenna.Fixes.Title | String | The fix title. |
Kenna.Fixes.Assets.ID | Number | The asset ID related to the current fix. |
Kenna.Fixes.Assets.Locator | String | The asset locator related to the current fix. |
Kenna.Fixes.Assets.PrimaryLocator | String | The asset primary locator related to the current fix. |
Kenna.Fixes.Assets.DisplayLocator | String | The asset display locator related to the current fix. |
Kenna.Fixes.Vulnerabilities.ID | Number | The vulnerability ID related to the current fix. |
Kenna.Fixes.Vulnerabilities.ServiceTicketStatus | String | The vulnerability service ticket status related to the current fix. |
Kenna.Fixes.Vulnerabilities.ScannerIDs | Number | The vulnerability scanner IDs related to the current fix. |
Kenna.Fixes.CveID | String | The CVE-ID list related to the current fix. |
Kenna.Fixes.LastUpdatedAt | String | The timestamp when the current fix was last updated. |
Kenna.Fixes.Category | String | The category of fix. |
Kenna.Fixes.VulnerabilityCount | Number | The vulnerability count of the fix. |
Kenna.Fixes.MaxScore | Number | The maximum score of the fix. |
#
Command Example!kenna-search-fixes limit=3
#
Context Example#
Human Readable OutputCVE-2019-18408
#
ID: 14590691 vulnerabilities affected
#
Diagnosis: Related CVE IDs: CVE-2019-18408
CVE-2019-18409
#
ID: 14590701 vulnerabilities affected
#
Diagnosis: Related CVE IDs: CVE-2019-18409
CVE-2019-18393
#
ID: 14590711 vulnerabilities affected
#
Diagnosis: Related CVE IDs: CVE-2019-18393
#
4. Update an assetUpdates the attributes of a single asset.
#
Base Commandkenna-update-asset
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the asset to update. | Required |
notes | Notes about the asset. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!kenna-update-asset id={asset_id} notes="My personal asset."
#
Human Readable OutputAsset {asset_id} was updated
#
5. Update a vulnerabilityUpdates the attributes of a single vulnerability.
#
Base Commandkenna-update-vulnerability
#
InputArgument Name | Description | Required |
---|---|---|
id | The ID of the vulnerability to update. | Required |
status | The status of the vulnerability. Can be "open", "closed", "risk_accepted", or "false_positive". | Optional |
notes | Notes about the vulnerability. | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!kenna-update-vulnerability id=631199 status=risk_accepted
#
Human Readable OutputAsset 631199 was updated
#
6. Get a list of all connectorsReturns all connectors.
#
Base Commandkenna-get-connectors
#
InputArgument Name | Description | Required |
---|
#
Context OutputPath | Type | Description |
---|---|---|
Kenna.ConnectorsList.ID | Number | The connector ID. |
Kenna.ConnectorsList.Name | String | The connector name. |
Kenna.ConnectorsList.Running | Boolean | The running connector. |
Kenna.ConnectorsList.Host | String | The connector host. |
#
Command Example!kenna-get-connectors
#
Context Example#
Human Readable Output#
Kenna ConnectorsHost | ID | Name | Running |
---|---|---|---|
152075 | Nessus XML | false | |
152076 | Generic | false | |
152077 | Checkmarx XML | false | |
ven01347.service-now.com:443 | 152078 | ServiceNow | false |
8080 | 152929 | AppScan Enterprise | false |
#
7. Search assetsSearches for assets.
#
Base Commandkenna-search-assets
#
InputArgument Name | Description | Required |
---|---|---|
id | The asset ID to search for. | Optional |
hostname | The hostname of the asset to search for. | Optional |
min-score | The minimum vulnerability score for which to return vulnerabilities. | Optional |
tags | The tags by which to search. | Optional |
limit | The maximum number of vulnerabilities to return. The default value is 500. | Optional |
to_context | Whether to print output to context. Can be "True" or "False". The default value is "True". | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Kenna.Assets.ID | Number | The asset ID. |
Kenna.Assets.Hostname | String | The hostname of the asset. |
Kenna.Assets.IpAddress | String | The asset IP address. |
Kenna.Assets.Score | Number | The asset risk score. |
Kenna.Assets.VulnerabilitiesCount | Number | The number of vulnerabilities associated with the asset. |
Kenna.Assets.OperatingSystem | String | The asset operating system. |
Kenna.Assets.Tags | String | A list of the asset's tags. |
Kenna.Assets.Fqdn | String | The asset FQDN. |
Kenna.Assets.Status | String | The asset status. |
Kenna.Assets.Owner | String | The asset owner. |
Kenna.Assets.Priority | Number | The asset priority. |
Kenna.Assets.Notes | String | Notes of current asset. |
Kenna.Assets.OperatingSystem | String | Operating system of asset |
#
Command Example!kenna-search-assets limit=4
#
Context Example#
Human Readable Output#
Kenna AssetsIP-address | Operating System | Score | id |
---|---|---|---|
{ip} | Ubuntu | 1000 | {asset_id} |
{ip} | Windows | 1000 | {asset_id} |
{ip} | Windows | 1000 | {asset_id} |
{ip} | Windows | 1000 | {asset_id} |
#
8. Get an asset's vulnerabilitiesGets vulnerabilities of the specified asset.
#
Base Commandkenna-get-asset-vulnerabilities
#
InputArgument Name | Description | Required |
---|---|---|
id | The asset ID for which to get vulnerabilities. | Required |
limit | The maximum number of vulnerabilities to return. The default value is 500. | Optional |
to_context | Whether to print output to context. Can be "True" or "False". The default value is "True". | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Kenna.VulnerabilitiesOfAsset.AssetID | Number | The ID of the asset that this vulnerability is associated with. |
Kenna.VulnerabilitiesOfAsset.CveID | String | The CVE ID of the vulnerability associated with the asset. |
Kenna.VulnerabilitiesOfAsset.ID | Number | The ID of the vulnerability associated withe the asset |
Kenna.VulnerabilitiesOfAsset.Patch | Boolean | Whether there is a patch for the vulnerability associated with the asset. |
Kenna.VulnerabilitiesOfAsset.Status | String | The status of the vulnerability associated with the asset. |
Kenna.VulnerabilitiesOfAsset.TopPriority | Boolean | Whether the vulnerability associated with the asset is a top priority. |
Kenna.VulnerabilitiesOfAsset.Score | Number | The score of the vulnerability associated with the asset. |
#
Command Example!kenna-get-asset-vulnerabilities id={asset_id} limit=2
#
Context Example#
Human Readable Output#
Kenna VulnerabilitiesName | Score | id |
---|---|---|
CVE-2017-5817 | 91 | 631229 |
CVE-2018-0866 | 85 | 631231 |
#
9. Add a tag to an assetAdds a tag to the specified asset.
#
Base Commandkenna-add-tag
#
InputArgument Name | Description | Required |
---|---|---|
tag | A comma-separated list of tags to add to the asset. | Required |
id | The asset ID to which to add the tag. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!kenna-add-tag id={asset_id} tag="My test tag"
#
Human Readable OutputTag My test tag was added to asset {asset_id}
#
10. Delete a tag from an assetDeletes tags from the specified asset.
#
Base Commandkenna-delete-tag
#
InputArgument Name | Description | Required |
---|---|---|
id | The asset ID from which to delete the tag. | Required |
tag | The tag to delete. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!kenna-delete-tag id={asset_id} tag="My test tag"
#
Human Readable OutputTag My test tag was deleted to asset {asset_id}
#
kenna-get-connector-runsReturns JSON data on all the runs of a given connector.
#
Base Commandkenna-get-connector-runs
#
InputArgument Name | Description | Required |
---|---|---|
connector_id | Unique numerical ID of the connector. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Kenna.ConnectorRunsList.ID | Number | Connector Run ID. |
Kenna.ConnectorRunsList.StartTime | Number | Connector Run Start Time. |
Kenna.ConnectorRunsList.EndTime | string | Connector Run End Time. |
Kenna.ConnectorRunsList.Success | boolean | Boolean value showing connector success. |
Kenna.ConnectorRunsList.TotalPayload | Number | Total connector payloads. |
Kenna.ConnectorRunsList.ProcessedPayload | Number | Total payloads processed the connector. |
Kenna.ConnectorRunsList.FailedPayload | Number | Total failed payloads. |
Kenna.ConnectorRunsList.ProcessedAssets | Number | Amount of processed assets. |
Kenna.ConnectorRunsList.AssetsWithTagsReset | Number | Amount of assets with reset tags. |
Kenna.ConnectorRunsList.ProcessedScannerVulnerabilities | Number | Amount of processed scanners with vulnerabilities. |
Kenna.ConnectorRunsList.UpdatedScannerVulnerabilities | Number | Amount of updated scanners with vulnerabilities. |
Kenna.ConnectorRunsList.CreatedScannerVulnerabilities | Number | Amount of created scanners with vulnerabilities. |
Kenna.ConnectorRunsList.ClosedScannerVulnerabilities | Number | Amount of closed scanners with vulnerabilities. |
Kenna.ConnectorRunsList.AutoclosedScannerVulnerabilities | Number | Amount of auto-closed scanners with vulnerabilities. |
Kenna.ConnectorRunsList.ReopenedScannerVulnerabilities | number | Amount of reopened scanners with vulnerabilities. |
Kenna.ConnectorRunsList.ClosedVulnerabilities | Number | Amount of closed vulnerabilities. |
Kenna.ConnectorRunsList.AutoclosedVulnerabilities | Number | Amount of auto-closed vulnerabilities. |
Kenna.ConnectorRunsList.ReopenedVulnerabilities | Number | Amount of re-opened vulnerabilities. |
#
Command Example!kenna-get-connector-runs connector_id={connector_id}
#
Context Example#
Human Readable Output#
Kenna Connector Runs
AssetsWithTagsReset AutoclosedScannerVulnerabilities AutoclosedVulnerabilities ClosedScannerVulnerabilities ClosedVulnerabilities CreatedScannerVulnerabilities EndTime FailedPayload ID ProcessedAssets ProcessedPayload ProcessedScannerVulnerabilities ReopenedScannerVulnerabilities ReopenedVulnerabilities StartTime Success TotalPayload UpdatedScannerVulnerabilities 0 0 0 0 0 10 2019-10-24T19:13:36.000Z 0 111111 10 10 10 0 0 2019-10-24T19:02:02.000Z true 10 0