Frustrated by jumping back and forth between tools to try to understand your organization’s vulnerability exposure across both your containerized workloads and your traditional IT assets? Cisco Vulnerability Management (FKA Kenna Security) and Cisco Cloud Application Security (FKA Panoptica), both of which are included in Cisco’s Cloud Protection Suite, can help you view and analyze your risk across your entire attack surface.

Cisco Cloud Application Security leverages an agentless approach to collect vulnerability data for your cloud and container workloads, however even the most cloud-first organizations still have traditional workloads such as user laptops or networking devices to secure as well.

Cisco Vulnerability Management provides a vendor-agnostic platform to ingest your security vulnerabilities across all your vulnerability detection tools, provided remediation prioritization leveraging industry-leading threat intelligence and AI/ML. These prioritization abilities enable your organization to filter through the noise and address the vulnerabilities which truly pose a risk of breach.

While efforts are planned to build a native connector between these two products, Cisco customers can leverage Cisco Vulnerability Management’s Data Importer to import assets and vulnerabilities from Cisco Cloud Application Security.

To get started, we’ll want to first pull a CSV file containing vulnerability and asset data from Cisco Cloud Application Security. This can be accomplished in just three clicks.

Starting from the Dashboard, click on the Vulnerability Management link under Threats & Vulnerabilities on the left hand navigation window.

Once you’ve arrived on the Vulnerability Management page, scroll down to the Vulnerabilities table and click on the download button in the top right corner of the table. Click on the Download with asset information option to generate a CSV file which contains all the data necessary to import your vulnerabilities into Cisco Vulnerability Management.

Note: The remainder of this post was written by @lewiso from the Cisco Vulnerability Management Customer Success team.

The next step in the process would be to ingest this data into the Cisco Vulnerability Management platform. A converter utility, the csv2kdi converter, exists for this task. This utility can be used to convert a structured data set into a JavaScript Object Notation (JSON) format that can be used to ingest asset and / or vulnerability data into the Cisco VM platform through the Cisco VM’s data importer introduced earlier. The JSON format is documented on this Cisco VM help page. The Cisco Data importer connector can be created within your Cisco VM platform by going over to connectors, adding a new connector, and creating a connector of type ‘Data Importer’ as shown in the snippets below.

The conversion utility exists in a few different formats: as individual scripts here and another version with upload capabilities here, as well as part of the Toolkit framework here.

For the purpose of this blog, we would be focusing on the Toolkit approach. As a summary, the Toolkit is a container that contains various connectors for vulnerability scanners and utilities that can be used for ingesting asset and vulnerability data into Cisco VM. The converter utility in the Toolkit also has upload capabilities.

A meta file is used by the converter to map fields in the export taken from the scanner platform to the relevant structures and objects within the JSON file to be created by the csv2kdi converter. The creation of a meta file for a particular export type is a one-time activity. A meta file that can be used for the export from Cisco Cloud Application Security is provided in the attachment.

With the meta file available, we can then carry out the conversion to the format ready for ingesting into the Cisco VM platform via the created data importer connector.

The command used for creating reference JSON files is as shown below along with a description of the various parts of the command.

Command Example 1 (JSON file is created for manual upload to the Cisco VM platform)

podman run -it -v $(pwd):/opt/app/toolkit/input -v $(pwd):/opt/app/toolkit/output toolkit:latest task=csv2kdi csv_in=pan_source.csv meta_file=pan_meta.csv batch_page_size=20000

Note that the batch_page_size parameter has been included so that all the data is contained in one JSON file as opposed to multiple files. Adjust as required depending on your dataset.

Command Example 2 – direct upload via the command line

For this step, additional parameters that indicate the API URL, API key and connector ID need to be added.

podman run -it -v $(pwd):/opt/app/toolkit/input -v $(pwd):/opt/app/toolkit/output toolkit:latest task=csv2kdi csv_in=pan_source.csv meta_file=pan_meta.csv kenna_api_host=”api.kennasecurity.com” kenna_connector_id=12345 kenna_api_key=$API_KEY

Notes:

• Replace the kenna_api_host value with the value that matches for your Cisco VM instance.
• The kenna_api_key value has been included by using environmental variables, however, if providing this on the command line, ensure to use single quotes (not double quotes) to wrap around the API key to prevent authentication issues.

To get the connector ID for the created Cisco Data Importer connector you created earlier, in the Connectors list, click on the newly created data importer connector to find the screen which shows you the connector ID among other information. The snippet below shows the sequence of steps to retrieve the connector ID.

In summary, the end-to-end steps for getting data from your Cisco Cloud Application Security platform into Cisco VM are:

1. Exprt the data from Cisco Cloud Application Security
2. Create a Cisco Data Importer connector within Cisco Vulnerability Management (the connector ID will be required for a direct upload to the Cisco VM platform).
3. Use the csv2kdi converter utility to create the JSON file and optionally upload it via the same command via the created connector.
4. Manually upload the JSON file(s) through the created data importer connector if this wasn’t done in step 3.

Once the upload is complete, you are able to see the assets and vulnerabilities data from your Cisco Cloud Application Security platform within Cisco VM.