Import Cobalt Findings into Kenna Security

Integration Overview

Kenna Security is a risk and vulnerability intelligence platform.

You can retrieve findings data from Cobalt using the API and import it into Kenna Security. Then you can measure risk associated with vulnerabilities and prioritize remediation efforts on the Kenna Security platform.

What You Need

To configure the integration, you need the following:

• Cobalt API token. Learn how to create an API token.
• Cobalt organization token. Learn how to retrieve an organization token using the Cobalt API v1.
  • Make sure that you use the Cobalt API v1 and not v2. This integration doesn’t support organization tokens from the API v2.
• Kenna Security API key. Learn how to create an API key.
• Kenna Security connector ID. Create a Kenna Security Data Importer connector, and copy the connector ID as described in step 1.

Step 1: Create a Kenna Security Data Importer Connector

We recommend creating a dedicated connector for importing Cobalt findings in Kenna Security, even if you already have other connectors configured.

1. In Kenna Security, select Connectors.
   
   
2. Select Add Connector.
   
   
3. Search for and select the Kenna Data Importer connector.
   
   
4. On the configuration page, enter a name for your connector, such as Kenna Data Importer - Cobalt.io. Select Save.
   
   
5. Select the connector you created.
   
   
6. Copy the connector ID. You will need it in step 2.
   
   

Step 2: Get the Kenna Security Toolkit Image

The Kenna Security Toolkit is wrapped in a container image. You can get it in two ways:

• Pull the image from Docker Hub
• Build the image from the source

From Docker Hub

Pull the toolkit image from Docker Hub using this request:

docker pull kennasecurity/toolkit

When ready, go to step 3.

From the Source

1. Clone the Kenna Toolkit repository.

   git clone git@github.com:KennaSecurity/toolkit.git
   

2. Build the Kenna Security Toolkit image from the source. If you’ve already done this in the past, you may have to do it again because the Cobalt task is a relatively new addition.

   docker build . -t toolkit:latest
   

Step 3: Run the Cobalt Task

1. Prepare the following variables required to run the Cobalt task. See how to get these values.
   • COBALT_API_TOKEN: Cobalt API token
   • COBALT_ORG_TOKEN: Cobalt organization token
   • KENNA_API_KEY: Kenna Security API key
   • KENNA_CONNECTOR_ID: ID of the Kenna Security Data Importer connector
2. Replace variables with your values, and run this task:

   export COBALT_API_TOKEN=xxx
   
   export COBALT_ORG_TOKEN=xxx
   
   export KENNA_API_KEY=xxx
   
   export KENNA_CONNECTOR_ID=xxx
   

3. Run the toolkit with the cobaltio task selected. This command imports all findings from the configured organization in Cobalt into Kenna Security.
   • (Recommended) By default, the AppSec module is used.
   • If you want to use the VM module instead, add kenna_appsec_module=false to the command below.

   docker run -it --rm toolkit:latest \
   
       task=cobaltio \
   
       cobalt_api_token=$COBALT_API_TOKEN \
   
       cobalt_org_token=$COBALT_ORG_TOKEN \
   
       kenna_api_key=$KENNA_API_KEY \
   
       kenna_connector_id=$KENNA_CONNECTOR_ID
   

Step 4: View Imported Findings

You can view findings imported from Cobalt in one of these modules, depending on which one you’re using:

• AppSec Module
• VM Module

AppSec Module

In Kenna Security, navigate to AppSec > Explore.

You should see findings imported from Cobalt. If the page contains findings from other sources, you can apply a filter for the Cobalt connector.

VM Module

In Kenna Security, navigate to VM > Explore.

You should see findings imported from Cobalt. If the page contains vulnerabilities from other sources, use search to find newly added vulnerabilities.