Invicti Summary
The integration of Invicti with the Centraleyezer Vulnerability Management platform enhances the import and management of security findings. This collaboration enables organizations to efficiently identify, prioritize, track, and remediate vulnerabilities, thereby improving their overall security posture and risk management.
Invicti Key Features
Data Import:
Import applications, scan summaries, and vulnerabilities from Invicti into Centraleyezer, either on-demand or via automated schedules.
- Supported formats: XML, JSON.
Detailed Findings:
Centraleyezer provides comprehensive request/response details for vulnerabilities detected by Invicti tools.
Risk Scoring:
Configurable severity values for Invicti findings, adjustable based on organizational risk policies.
Selective Data Import:
Supports filtering based on status, scan type, and severity for more precise data imports.
Considerations
The integration supports mapping one Invicti security tool instance with one Centraleyezer instance.
Configuring a different Invicti instance in the plugin will overwrite previously imported data.
Requirements
System Requirements:
Centraleyezer Prerequisites: Latest version of the Centraleyezer Vulnerability Management Platform recommended.
Invicti Prerequisites: Must be able to export vulnerability reports
Permissions and Roles:
Centraleyezer: Requires System Admin or Application Security Manager permissions.
Invicti Security Tools: User access for vulnerability scan information.
Import mappings require admin-level permissions.
Release Notes
Version 1.0.0:
New mappings for vulnerabilities from Invicti security tools during scans include:
Finding Target (Vulnerability)
Asset Target (Target URL)
Asset (Target URL Field)
Name (Title)
Description
Recommendation (Remedy)
Criticality (Severity)
Request (Raw Request)
Reply (Raw Response)
CWE ID (Classification – CWE)
OWASP Category (Classification – OWASP 2017)
CVSS Vector (CVSS – Vector)
CVSS Score (Score – Value)
Targets (URL)