Skip to main content

Kenna v2

This Integration is part of the Kenna Pack.#

Use the Kenna v2 integration to search and update vulnerabilities, schedule a run connector, and manage tags and attributes.

Configure Kenna v2 on Cortex XSOAR#


  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Kenna v2.
  3. Click Add instance to create and configure a new integration instance.
    • Name: a textual name for the integration instance.
    • Server URL (e.g. https://api.kennasecurity.com)
    • Kenna API key
    • Use system proxy settings
    • Trust any certificate (not secure)
  4. Click Test to validate the URLs, token, and connection.

Commands#


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

1. Search vulnerabilities#


Searches for vulnerabilities in Kenna.

Base Command#

kenna-search-vulnerabilities

Input#
Argument NameDescriptionRequired
idVulnerability ID to search.Optional
top-priorityWhether to return vulnerabilities that Kenna deems a top priority to fix. Can be "true" or "false".Optional
min-scoreThe minimum vulnerability score for which to return vulnerabilities.Optional
statusThe status of the vulnerability. Can be "open", "closed", "risk_accepted", or "false_positive".Optional
limitThe maximum number of vulnerabilities to return. The default value is 500.Optional
to_contextWhether to flush to context. Can be "True" or "False". The default value is "True".Optional
Context Output#
PathTypeDescription
Kenna.Vulnerabilities.AssetIDNumberThe asset ID related to the vulnerability.
Kenna.Vulnerabilities.Connectors.DefinitionNameStringThe connector definition name related to the vulnerability.
Kenna.Vulnerabilities.Connectors.IDNumberThe connector ID related to the vulnerability.
Kenna.Vulnerabilities.Connectors.NameStringThe connector name related to the vulnerability.
Kenna.Vulnerabilities.Connectors.VendorStringThe connector vendor related to the vulnerability.
Kenna.Vulnerabilities.CveIDStringThe CVE ID related to the vulnerability.
Kenna.Vulnerabilities.FixIDStringThe fix ID related to the vulnerability.
Kenna.Vulnerabilities.PatchBooleanWhether there is a patch related to the vulnerability.
Kenna.Vulnerabilities.ScannerVulnerabilities.ExternalIDStringThe vulnerability scanner external ID.
Kenna.Vulnerabilities.ScannerVulnerabilities.OpenBooleanWhether the vulnerability scanner is open.
Kenna.Vulnerabilities.ScannerVulnerabilities.PortNumberThe vulnerability scanner port.
Kenna.Vulnerabilities.ScoreNumberThe vulnerability score.
Kenna.Vulnerabilities.ServiceTicket.DueDateDateThe service ticket due date.
Kenna.Vulnerabilities.ServiceTicket.ExternalIdentifierStringThe service ticket external identifier.
Kenna.Vulnerabilities.ServiceTicket.StatusStringThe service ticket status.
Kenna.Vulnerabilities.ServiceTicket.TicketTypeStringThe service ticket type.
Kenna.Vulnerabilities.SeverityNumberThe vulnerability severity.
Kenna.Vulnerabilities.StatusStringThe vulnerability status.
Kenna.Vulnerabilities.ThreatNumberThe vulnerability threat.
Kenna.Vulnerabilities.TopPriorityNumberThe vulnerability priority.
Kenna.Vulnerabilities.IDNumberThe vulnerability ID.
Command Example#

!kenna-search-vulnerabilities limit=5

Context Example#
{
"Kenna.Vulnerabilities": [
{
"Status": "open",
"CveID": "CVE-2018-1273",
"Severity": 8,
"AssetID": {asset_id},
"Threat": 10,
"Patch": true,
"Connectors": [
{
"DefinitionName": "Nessus XML",
"Vendor": "Tenable",
"ID": 152075,
"Name": "Nessus XML"
},
{
"DefinitionName": "Kenna Data Importer",
"Vendor": "Kenna",
"ID": 152076,
"Name": "Generic"
}
],
"Score": 100,
"ScannerVulnerabilities": [
{
"Open": true,
"ExternalID": "generic scanner-id CVE-2018-1273",
"Port": null
},
{
"Open": true,
"ExternalID": "nessus-external-id CVE-2018-1273 f1ca5f10-907f-44a3-9dad-4250dff54cf6",
"Port": null
}
],
"FixID": 1460814,
"TopPriority": true,
"ID": 631199
},
{
"Status": "open",
"CveID": "CVE-2018-2628",
"Severity": 8,
"AssetID": {asset_id},
"Threat": 10,
"Patch": true,
"Connectors": [
{
"DefinitionName": "Nessus XML",
"Vendor": "Tenable",
"ID": 152075,
"Name": "Nessus XML"
},
{
"DefinitionName": "Kenna Data Importer",
"Vendor": "Kenna",
"ID": 152076,
"Name": "Generic"
}
],
"Score": 100,
"ScannerVulnerabilities": [
{
"Open": true,
"ExternalID": "generic scanner-id CVE-2018-2628",
"Port": null
},
{
"Open": true,
"ExternalID": "nessus-external-id CVE-2018-2628 bc839599-9e76-41f9-a79f-92120e346688",
"Port": null
}
],
"FixID": 1460809,
"TopPriority": true,
"ID": 631194
},
{
"Status": "open",
"CveID": "CVE-2018-20250",
"Severity": 7,
"AssetID": {asset_id},
"Threat": 9,
"Patch": true,
"Connectors": [
{
"DefinitionName": "Nessus XML",
"Vendor": "Tenable",
"ID": 152075,
"Name": "Nessus XML"
},
{
"DefinitionName": "Kenna Data Importer",
"Vendor": "Kenna",
"ID": 152076,
"Name": "Generic"
}
],
"Score": 100,
"ScannerVulnerabilities": [
{
"Open": true,
"ExternalID": "generic scanner-id CVE-2018-20250",
"Port": null
},
{
"Open": true,
"ExternalID": "nessus-external-id CVE-2018-20250 755a8761-828b-45a9-907f-d30f38bd18a9",
"Port": null
}
],
"FixID": 1460615,
"TopPriority": true,
"ID": 631026
},
{
"Status": "open",
"CveID": "CVE-2018-16858",
"Severity": 8,
"AssetID": {asset_id},
"Threat": 10,
"Patch": true,
"Connectors": [
{
"DefinitionName": "Nessus XML",
"Vendor": "Tenable",
"ID": 152075,
"Name": "Nessus XML"
},
{
"DefinitionName": "Kenna Data Importer",
"Vendor": "Kenna",
"ID": 152076,
"Name": "Generic"
}
],
"Score": 100,
"ScannerVulnerabilities": [
{
"Open": true,
"ExternalID": "generic scanner-id CVE-2018-16858",
"Port": null
},
{
"Open": true,
"ExternalID": "nessus-external-id CVE-2018-16858 19443e63-b916-4068-a174-0c4678416c14",
"Port": null
}
],
"FixID": 1460616,
"TopPriority": true,
"ID": 631027
},
{
"Status": "open",
"CveID": "CVE-2017-8917",
"Severity": 8,
"AssetID": {asset_id},
"Threat": 10,
"Patch": true,
"Connectors": [
{
"DefinitionName": "Nessus XML",
"Vendor": "Tenable",
"ID": 152075,
"Name": "Nessus XML"
},
{
"DefinitionName": "Kenna Data Importer",
"Vendor": "Kenna",
"ID": 152076,
"Name": "Generic"
}
],
"Score": 100,
"ScannerVulnerabilities": [
{
"Open": true,
"ExternalID": "generic scanner-id CVE-2017-8917",
"Port": null
},
{
"Open": true,
"ExternalID": "nessus-external-id CVE-2017-8917 bfe89aea-8ba7-411e-9f48-9fd6e821526e",
"Port": null
}
],
"FixID": 1461409,
"TopPriority": true,
"ID": 631927
}
]
}
Human Readable Output#

Kenna Vulnerabilities#

NameScoreid
CVE-2018-1273100631199
CVE-2018-2628100631194
CVE-2018-20250100631026
CVE-2018-16858100631027
CVE-2017-8917100631927

2. Run a connector#


Executes a run of the specified connector. If file based, it will use the most recently uploaded data file.

Base Command#

kenna-run-connector

Input#
Argument NameDescriptionRequired
idThe connector ID to run.Required

3. Search fixes#


Filters fixes by a given set of vulnerability and asset parameters and returns the filtered fixes.

Base Command#

kenna-search-fixes

Input#
Argument NameDescriptionRequired
idThe vulnerability ID for which to search.Optional
top-priorityWhether to return vulnerabilities that Kenna deems a top priority to fix. Can be "true" or "false".Optional
min-scoreThe minimum vulnerability score for which to return vulnerabilities.Optional
statusThe status of the vulnerability. Can be "open", "closed", "risk_accepted", or "false_positive".Optional
vulnerabilitiesvulnerabilities for search.Optional
limitThe maximum number of vulnerabilities to return. The default value is 500.Optional
to_contextWhether to flush to context. Can be "True" or "False". The default value is "True".Optional
Context Output#
PathTypeDescription
Kenna.Fixes.IDNumberThe fix ID.
Kenna.Fixes.TitleStringThe fix title.
Kenna.Fixes.Assets.IDNumberThe asset ID related to the current fix.
Kenna.Fixes.Assets.LocatorStringThe asset locator related to the current fix.
Kenna.Fixes.Assets.PrimaryLocatorStringThe asset primary locator related to the current fix.
Kenna.Fixes.Assets.DisplayLocatorStringThe asset display locator related to the current fix.
Kenna.Fixes.Vulnerabilities.IDNumberThe vulnerability ID related to the current fix.
Kenna.Fixes.Vulnerabilities.ServiceTicketStatusStringThe vulnerability service ticket status related to the current fix.
Kenna.Fixes.Vulnerabilities.ScannerIDsNumberThe vulnerability scanner IDs related to the current fix.
Kenna.Fixes.CveIDStringThe CVE-ID list related to the current fix.
Kenna.Fixes.LastUpdatedAtStringThe timestamp when the current fix was last updated.
Kenna.Fixes.CategoryStringThe category of fix.
Kenna.Fixes.VulnerabilityCountNumberThe vulnerability count of the fix.
Kenna.Fixes.MaxScoreNumberThe maximum score of the fix.
Command Example#

!kenna-search-fixes limit=3

Context Example#
{
"Kenna.Fixes": [
{
"Category": null,
"VulnerabilityCount": 1,
"CveID": [
"CVE-2019-18408"
],
"Assets": [
{
"PrimaryLocator": "ip_address",
"Locator": "{ip}",
"DisplayLocator": "{ip}",
"ID": {id}}
}
],
"Title": "CVE-2019-18408",
"LastUpdatedAt": "2019-10-24T19:02:03.000Z",
"MaxScore": 27,
"ID": 1459069
},
{
"Category": null,
"VulnerabilityCount": 1,
"CveID": [
"CVE-2019-18409"
],
"Assets": [
{
"PrimaryLocator": "ip_address",
"Locator": "{ip}",
"DisplayLocator": "{ip}",
"ID": 10963
}
],
"Title": "CVE-2019-18409",
"LastUpdatedAt": "2019-10-24T19:02:03.000Z",
"MaxScore": 16,
"ID": 1459070
},
{
"Category": null,
"VulnerabilityCount": 1,
"CveID": [
"CVE-2019-18393"
],
"Assets": [
{
"PrimaryLocator": "ip_address",
"Locator": "{ip}",
"DisplayLocator": "{ip}",
"ID": 10963
}
],
"Title": "CVE-2019-18393",
"LastUpdatedAt": "2019-10-24T19:02:03.000Z",
"MaxScore": 27,
"ID": 1459071
}
]
}
Human Readable Output#

CVE-2019-18408

ID: 1459069#

1 vulnerabilities affected

Diagnosis:#

Related CVE IDs: CVE-2019-18408
CVE-2019-18409

ID: 1459070#

1 vulnerabilities affected

Diagnosis:#

Related CVE IDs: CVE-2019-18409
CVE-2019-18393

ID: 1459071#

1 vulnerabilities affected

Diagnosis:#

Related CVE IDs: CVE-2019-18393

4. Update an asset#


Updates the attributes of a single asset.

Base Command#

kenna-update-asset

Input#
Argument NameDescriptionRequired
idThe ID of the asset to update.Required
notesNotes about the asset.Required
Context Output#

There is no context output for this command.

Command Example#

!kenna-update-asset id={asset_id} notes="My personal asset."

Human Readable Output#

Asset {asset_id} was updated

5. Update a vulnerability#


Updates the attributes of a single vulnerability.

Base Command#

kenna-update-vulnerability

Input#
Argument NameDescriptionRequired
idThe ID of the vulnerability to update.Required
statusThe status of the vulnerability. Can be "open", "closed", "risk_accepted", or "false_positive".Optional
notesNotes about the vulnerability.Optional
Context Output#

There is no context output for this command.

Command Example#

!kenna-update-vulnerability id=631199 status=risk_accepted

Human Readable Output#

Asset 631199 was updated

6. Get a list of all connectors#


Returns all connectors.

Base Command#

kenna-get-connectors

Input#
Argument NameDescriptionRequired
Context Output#
PathTypeDescription
Kenna.ConnectorsList.IDNumberThe connector ID.
Kenna.ConnectorsList.NameStringThe connector name.
Kenna.ConnectorsList.RunningBooleanThe running connector.
Kenna.ConnectorsList.HostStringThe connector host.
Command Example#

!kenna-get-connectors

Context Example#
{
"Kenna.ConnectorsList": [
{
"Host": null,
"Running": false,
"ID": 152075,
"Name": "Nessus XML"
},
{
"Host": null,
"Running": false,
"ID": 152076,
"Name": "Generic"
},
{
"Host": null,
"Running": false,
"ID": 152077,
"Name": "Checkmarx XML"
},
{
"Host": "ven01347.service-now.com:443",
"Running": false,
"ID": 152078,
"Name": "ServiceNow"
},
{
"Host": "8080",
"Running": false,
"ID": 152929,
"Name": "AppScan Enterprise"
}
]
}
Human Readable Output#

Kenna Connectors#

HostIDNameRunning
152075Nessus XMLfalse
152076Genericfalse
152077Checkmarx XMLfalse
ven01347.service-now.com:443152078ServiceNowfalse
8080152929AppScan Enterprisefalse

7. Search assets#


Searches for assets.

Base Command#

kenna-search-assets

Input#
Argument NameDescriptionRequired
idThe asset ID to search for.Optional
hostnameThe hostname of the asset to search for.Optional
min-scoreThe minimum vulnerability score for which to return vulnerabilities.Optional
tagsThe tags by which to search.Optional
limitThe maximum number of vulnerabilities to return. The default value is 500.Optional
to_contextWhether to print output to context. Can be "True" or "False". The default value is "True".Optional
Context Output#
PathTypeDescription
Kenna.Assets.IDNumberThe asset ID.
Kenna.Assets.HostnameStringThe hostname of the asset.
Kenna.Assets.IpAddressStringThe asset IP address.
Kenna.Assets.ScoreNumberThe asset risk score.
Kenna.Assets.VulnerabilitiesCountNumberThe number of vulnerabilities associated with the asset.
Kenna.Assets.OperatingSystemStringThe asset operating system.
Kenna.Assets.TagsStringA list of the asset's tags.
Kenna.Assets.FqdnStringThe asset FQDN.
Kenna.Assets.StatusStringThe asset status.
Kenna.Assets.OwnerStringThe asset owner.
Kenna.Assets.PriorityNumberThe asset priority.
Kenna.Assets.NotesStringNotes of current asset.
Kenna.Assets.OperatingSystemStringOperating system of asset
Command Example#

!kenna-search-assets limit=4

Context Example#
{
"Kenna.Assets": [
{
"Status": "active",
"Tags": [
"DMZ"
],
"Notes": "Test Update Notes Kenna",
"Hostname": null,
"Fqdn": null,
"ID": {asset_id},
"Priority": 10,
"Score": 1000,
"Owner": null,
"IpAddress": "{ip}",
"OperatingSystem": "Ubuntu",
"VulnerabilitiesCount": 55
},
{
"Status": "active",
"Tags": [
"Category4"
],
"Notes": null,
"Hostname": null,
"Fqdn": null,
"ID": {asset_id},
"Priority": 10,
"Score": 1000,
"Owner": null,
"IpAddress": "{ip}",
"OperatingSystem": "Windows",
"VulnerabilitiesCount": 19
},
{
"Status": "active",
"Tags": [
"Category4",
"Category5"
],
"Notes": null,
"Hostname": null,
"Fqdn": null,
"ID": {asset_id},
"Priority": 10,
"Score": 1000,
"Owner": null,
"IpAddress": "{ip}",
"OperatingSystem": "Windows",
"VulnerabilitiesCount": 10
},
{
"Status": "active",
"Tags": [
"Category3",
"Category5"
],
"Notes": null,
"Hostname": null,
"Fqdn": null,
"ID": {asset_id},
"Priority": 10,
"Score": 1000,
"Owner": null,
"IpAddress": "{ip}",
"OperatingSystem": "Windows",
"VulnerabilitiesCount": 10
}
]
}
Human Readable Output#

Kenna Assets#

IP-addressOperating SystemScoreid
{ip}Ubuntu1000{asset_id}
{ip}Windows1000{asset_id}
{ip}Windows1000{asset_id}
{ip}Windows1000{asset_id}

8. Get an asset's vulnerabilities#


Gets vulnerabilities of the specified asset.

Base Command#

kenna-get-asset-vulnerabilities

Input#
Argument NameDescriptionRequired
idThe asset ID for which to get vulnerabilities.Required
limitThe maximum number of vulnerabilities to return. The default value is 500.Optional
to_contextWhether to print output to context. Can be "True" or "False". The default value is "True".Optional
Context Output#
PathTypeDescription
Kenna.VulnerabilitiesOfAsset.AssetIDNumberThe ID of the asset that this vulnerability is associated with.
Kenna.VulnerabilitiesOfAsset.CveIDStringThe CVE ID of the vulnerability associated with the asset.
Kenna.VulnerabilitiesOfAsset.IDNumberThe ID of the vulnerability associated withe the asset
Kenna.VulnerabilitiesOfAsset.PatchBooleanWhether there is a patch for the vulnerability associated with the asset.
Kenna.VulnerabilitiesOfAsset.StatusStringThe status of the vulnerability associated with the asset.
Kenna.VulnerabilitiesOfAsset.TopPriorityBooleanWhether the vulnerability associated with the asset is a top priority.
Kenna.VulnerabilitiesOfAsset.ScoreNumberThe score of the vulnerability associated with the asset.
Command Example#

!kenna-get-asset-vulnerabilities id={asset_id} limit=2

Context Example#
{
"Kenna.VulnerabilitiesOfAsset": [
{
"Status": "open",
"CveID": "CVE-2017-5817",
"AssetID": {asset_id},
"Patch": true,
"Score": 91,
"TopPriority": true,
"ID": 631229
},
{
"Status": "open",
"CveID": "CVE-2018-0866",
"AssetID": {asset_id},
"Patch": true,
"Score": 85,
"TopPriority": true,
"ID": 631231
}
]
}
Human Readable Output#

Kenna Vulnerabilities#

NameScoreid
CVE-2017-581791631229
CVE-2018-086685631231

9. Add a tag to an asset#


Adds a tag to the specified asset.

Base Command#

kenna-add-tag

Input#
Argument NameDescriptionRequired
tagA comma-separated list of tags to add to the asset.Required
idThe asset ID to which to add the tag.Required
Context Output#

There is no context output for this command.

Command Example#

!kenna-add-tag id={asset_id} tag="My test tag"

Human Readable Output#

Tag My test tag was added to asset {asset_id}

10. Delete a tag from an asset#


Deletes tags from the specified asset.

Base Command#

kenna-delete-tag

Input#
Argument NameDescriptionRequired
idThe asset ID from which to delete the tag.Required
tagThe tag to delete.Required
Context Output#

There is no context output for this command.

Command Example#

!kenna-delete-tag id={asset_id} tag="My test tag"

Human Readable Output#

Tag My test tag was deleted to asset {asset_id}

kenna-get-connector-runs#


Returns JSON data on all the runs of a given connector.

Base Command#

kenna-get-connector-runs

Input#

Argument NameDescriptionRequired
connector_idUnique numerical ID of the connector.Required

Context Output#

PathTypeDescription
Kenna.ConnectorRunsList.IDNumberConnector Run ID.
Kenna.ConnectorRunsList.StartTimeNumberConnector Run Start Time.
Kenna.ConnectorRunsList.EndTimestringConnector Run End Time.
Kenna.ConnectorRunsList.SuccessbooleanBoolean value showing connector success.
Kenna.ConnectorRunsList.TotalPayloadNumberTotal connector payloads.
Kenna.ConnectorRunsList.ProcessedPayloadNumberTotal payloads processed the connector.
Kenna.ConnectorRunsList.FailedPayloadNumberTotal failed payloads.
Kenna.ConnectorRunsList.ProcessedAssetsNumberAmount of processed assets.
Kenna.ConnectorRunsList.AssetsWithTagsResetNumberAmount of assets with reset tags.
Kenna.ConnectorRunsList.ProcessedScannerVulnerabilitiesNumberAmount of processed scanners with vulnerabilities.
Kenna.ConnectorRunsList.UpdatedScannerVulnerabilitiesNumberAmount of updated scanners with vulnerabilities.
Kenna.ConnectorRunsList.CreatedScannerVulnerabilitiesNumberAmount of created scanners with vulnerabilities.
Kenna.ConnectorRunsList.ClosedScannerVulnerabilitiesNumberAmount of closed scanners with vulnerabilities.
Kenna.ConnectorRunsList.AutoclosedScannerVulnerabilitiesNumberAmount of auto-closed scanners with vulnerabilities.
Kenna.ConnectorRunsList.ReopenedScannerVulnerabilitiesnumberAmount of reopened scanners with vulnerabilities.
Kenna.ConnectorRunsList.ClosedVulnerabilitiesNumberAmount of closed vulnerabilities.
Kenna.ConnectorRunsList.AutoclosedVulnerabilitiesNumberAmount of auto-closed vulnerabilities.
Kenna.ConnectorRunsList.ReopenedVulnerabilitiesNumberAmount of re-opened vulnerabilities.

Command Example#

!kenna-get-connector-runs connector_id={connector_id}

Context Example#

{
"Kenna": {
"ConnectorRunsList": {
"AssetsWithTagsReset": 0,
"AutoclosedScannerVulnerabilities": 0,
"AutoclosedVulnerabilities": 0,
"ClosedScannerVulnerabilities": 0,
"ClosedVulnerabilities": 0,
"CreatedScannerVulnerabilities": 0,
"EndTime": "2019-10-24T19:13:36.000Z",
"FailedPayload": 0,
"ID": 111111,
"ProcessedAssets": 10,
"ProcessedPayload": null,
"ProcessedScannerVulnerabilities": 10,
"ReopenedScannerVulnerabilities": 0,
"StartTime": "2019-10-24T19:02:02.000Z",
"Success": true,
"TotalPayload": 10,
"UpdatedScannerVulnerabilities": 10
}
}
}

Human Readable Output#

Kenna Connector Runs#

AssetsWithTagsResetAutoclosedScannerVulnerabilitiesAutoclosedVulnerabilitiesClosedScannerVulnerabilitiesClosedVulnerabilitiesCreatedScannerVulnerabilitiesEndTimeFailedPayloadIDProcessedAssetsProcessedPayloadProcessedScannerVulnerabilitiesReopenedScannerVulnerabilitiesReopenedVulnerabilitiesStartTimeSuccessTotalPayloadUpdatedScannerVulnerabilities
00000102019-10-24T19:13:36.000Z0111111101010002019-10-24T19:02:02.000Ztrue100