Kenna v2
Use the Kenna v2 integration to search and update vulnerabilities, schedule a run connector, and manage tags and attributes.
Configure Kenna v2 on Demisto
- Navigate to Settings > Integrations > Servers & Services.
- Search for Kenna v2.
- Click Add instance to create and configure a new integration instance.
- Name: a textual name for the integration instance.
- Server URL (e.g. https://api.kennasecurity.com)
- Kenna API key
- Use system proxy settings
- Trust any certificate (not secure)
- Click Test to validate the URLs, token, and connection.
Commands
You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
1. Search vulnerabilities
Searches for vulnerabilities in Kenna.
Base Command
kenna-search-vulnerabilities
Input
Argument Name | Description | Required |
---|---|---|
id | Vulnerability ID to search. | Optional |
top-priority | Whether to return vulnerabilities that Kenna deems a top priority to fix. Can be "true" or "false". | Optional |
min-score | The minimum vulnerability score for which to return vulnerabilities. | Optional |
status | The status of the vulnerability. Can be "open", "closed", "risk_accepted", or "false_positive". | Optional |
limit | The maximum number of vulnerabilities to return. The default value is 500. | Optional |
to_context | Whether to flush to context. Can be "True" or "False". The default value is "True". | Optional |
Context Output
Path | Type | Description |
---|---|---|
Kenna.Vulnerabilities.AssetID | Number | The asset ID related to the vulnerability. |
Kenna.Vulnerabilities.Connectors.DefinitionName | String | The connector definition name related to the vulnerability. |
Kenna.Vulnerabilities.Connectors.ID | Number | The connector ID related to the vulnerability. |
Kenna.Vulnerabilities.Connectors.Name | String | The connector name related to the vulnerability. |
Kenna.Vulnerabilities.Connectors.Vendor | String | The connector vendor related to the vulnerability. |
Kenna.Vulnerabilities.CveID | String | The CVE ID related to the vulnerability. |
Kenna.Vulnerabilities.FixID | String | The fix ID related to the vulnerability. |
Kenna.Vulnerabilities.Patch | Boolean | Whether there is a patch related to the vulnerability. |
Kenna.Vulnerabilities.ScannerVulnerabilities.ExternalID | String | The vulnerability scanner external ID. |
Kenna.Vulnerabilities.ScannerVulnerabilities.Open | Boolean | Whether the vulnerability scanner is open. |
Kenna.Vulnerabilities.ScannerVulnerabilities.Port | Number | The vulnerability scanner port. |
Kenna.Vulnerabilities.Score | Number | The vulnerability score. |
Kenna.Vulnerabilities.ServiceTicket.DueDate | Date | The service ticket due date. |
Kenna.Vulnerabilities.ServiceTicket.ExternalIdentifier | String | The service ticket external identifier. |
Kenna.Vulnerabilities.ServiceTicket.Status | String | The service ticket status. |
Kenna.Vulnerabilities.ServiceTicket.TicketType | String | The service ticket type. |
Kenna.Vulnerabilities.Severity | Number | The vulnerability severity. |
Kenna.Vulnerabilities.Status | String | The vulnerability status. |
Kenna.Vulnerabilities.Threat | Number | The vulnerability threat. |
Kenna.Vulnerabilities.TopPriority | Number | The vulnerability priority. |
Kenna.Vulnerabilities.ID | Number | The vulnerability ID. |
Command Example
!kenna-search-vulnerabilities limit=5
Context Example
Human Readable Output
Kenna Vulnerabilities
Name | Score | id |
---|---|---|
CVE-2018-1273 | 100 | 631199 |
CVE-2018-2628 | 100 | 631194 |
CVE-2018-20250 | 100 | 631026 |
CVE-2018-16858 | 100 | 631027 |
CVE-2017-8917 | 100 | 631927 |
2. Run a connector
Executes a run of the specified connector. If file based, it will use the most recently uploaded data file.
Base Command
kenna-run-connector
Input
Argument Name | Description | Required |
---|---|---|
id | The connector ID to run. | Required |
3. Search fixes
Filters fixes by a given set of vulnerability and asset parameters and returns the filtered fixes.
Base Command
kenna-search-fixes
Input
Argument Name | Description | Required |
---|---|---|
id | The vulnerability ID for which to search. | Optional |
top-priority | Whether to return vulnerabilities that Kenna deems a top priority to fix. Can be "true" or "false". | Optional |
min-score | The minimum vulnerability score for which to return vulnerabilities. | Optional |
status | The status of the vulnerability. Can be "open", "closed", "risk_accepted", or "false_positive". | Optional |
vulnerabilities | vulnerabilities for search. | Optional |
limit | The maximum number of vulnerabilities to return. The default value is 500. | Optional |
to_context | Whether to flush to context. Can be "True" or "False". The default value is "True". | Optional |
Context Output
Path | Type | Description |
---|---|---|
Kenna.Fixes.ID | Number | The fix ID. |
Kenna.Fixes.Title | String | The fix title. |
Kenna.Fixes.Assets.ID | Number | The asset ID related to the current fix. |
Kenna.Fixes.Assets.Locator | String | The asset locator related to the current fix. |
Kenna.Fixes.Assets.PrimaryLocator | String | The asset primary locator related to the current fix. |
Kenna.Fixes.Assets.DisplayLocator | String | The asset display locator related to the current fix. |
Kenna.Fixes.Vulnerabilities.ID | Number | The vulnerability ID related to the current fix. |
Kenna.Fixes.Vulnerabilities.ServiceTicketStatus | String | The vulnerability service ticket status related to the current fix. |
Kenna.Fixes.Vulnerabilities.ScannerIDs | Number | The vulnerability scanner IDs related to the current fix. |
Kenna.Fixes.CveID | String | The CVE-ID list related to the current fix. |
Kenna.Fixes.LastUpdatedAt | String | The timestamp when the current fix was last updated. |
Kenna.Fixes.Category | String | The category of fix. |
Kenna.Fixes.VulnerabilityCount | Number | The vulnerability count of the fix. |
Kenna.Fixes.MaxScore | Number | The maximum score of the fix. |
Command Example
!kenna-search-fixes limit=3
Context Example
Human Readable Output
CVE-2019-18408
ID: 1459069
1 vulnerabilities affected
Diagnosis:
Related CVE IDs: CVE-2019-18408
CVE-2019-18409
ID: 1459070
1 vulnerabilities affected
Diagnosis:
Related CVE IDs: CVE-2019-18409
CVE-2019-18393
ID: 1459071
1 vulnerabilities affected
Diagnosis:
Related CVE IDs: CVE-2019-18393
4. Update an asset
Updates the attributes of a single asset.
Base Command
kenna-update-asset
Input
Argument Name | Description | Required |
---|---|---|
id | The ID of the asset to update. | Required |
notes | Notes about the asset. | Required |
Context Output
There is no context output for this command.
Command Example
!kenna-update-asset id={asset_id} notes="My personal asset."
Human Readable Output
Asset {asset_id} was updated
5. Update a vulnerability
Updates the attributes of a single vulnerability.
Base Command
kenna-update-vulnerability
Input
Argument Name | Description | Required |
---|---|---|
id | The ID of the vulnerability to update. | Required |
status | The status of the vulnerability. Can be "open", "closed", "risk_accepted", or "false_positive". | Optional |
notes | Notes about the vulnerability. | Optional |
Context Output
There is no context output for this command.
Command Example
!kenna-update-vulnerability id=631199 status=risk_accepted
Human Readable Output
Asset 631199 was updated
6. Get a list of all connectors
Returns all connectors.
Base Command
kenna-get-connectors
Input
Argument Name | Description | Required |
---|
Context Output
Path | Type | Description |
---|---|---|
Kenna.ConnectorsList.ID | Number | The connector ID. |
Kenna.ConnectorsList.Name | String | The connector name. |
Kenna.ConnectorsList.Running | Boolean | The running connector. |
Kenna.ConnectorsList.Host | String | The connector host. |
Command Example
!kenna-get-connectors
Context Example
Human Readable Output
Kenna Connectors
Host | ID | Name | Running |
---|---|---|---|
152075 | Nessus XML | false | |
152076 | Generic | false | |
152077 | Checkmarx XML | false | |
ven01347.service-now.com:443 | 152078 | ServiceNow | false |
8080 | 152929 | AppScan Enterprise | false |
7. Search assets
Searches for assets.
Base Command
kenna-search-assets
Input
Argument Name | Description | Required |
---|---|---|
id | The asset ID to search for. | Optional |
hostname | The hostname of the asset to search for. | Optional |
min-score | The minimum vulnerability score for which to return vulnerabilities. | Optional |
tags | The tags by which to search. | Optional |
limit | The maximum number of vulnerabilities to return. The default value is 500. | Optional |
to_context | Whether to print output to context. Can be "True" or "False". The default value is "True". | Optional |
Context Output
Path | Type | Description |
---|---|---|
Kenna.Assets.ID | Number | The asset ID. |
Kenna.Assets.Hostname | String | The hostname of the asset. |
Kenna.Assets.IpAddress | String | The asset IP address. |
Kenna.Assets.Score | Number | The asset risk score. |
Kenna.Assets.VulnerabilitiesCount | Number | The number of vulnerabilities associated with the asset. |
Kenna.Assets.OperatingSystem | String | The asset operating system. |
Kenna.Assets.Tags | String | A list of the asset's tags. |
Kenna.Assets.Fqdn | String | The asset FQDN. |
Kenna.Assets.Status | String | The asset status. |
Kenna.Assets.Owner | String | The asset owner. |
Kenna.Assets.Priority | Number | The asset priority. |
Kenna.Assets.Notes | String | Notes of current asset. |
Kenna.Assets.OperatingSystem | String | Operating system of asset |
Command Example
!kenna-search-assets limit=4
Context Example
Human Readable Output
Kenna Assets
IP-address | Operating System | Score | id |
---|---|---|---|
{ip} | Ubuntu | 1000 | {asset_id} |
{ip} | Windows | 1000 | {asset_id} |
{ip} | Windows | 1000 | {asset_id} |
{ip} | Windows | 1000 | {asset_id} |
8. Get an asset's vulnerabilities
Gets vulnerabilities of the specified asset.
Base Command
kenna-get-asset-vulnerabilities
Input
Argument Name | Description | Required |
---|---|---|
id | The asset ID for which to get vulnerabilities. | Required |
limit | The maximum number of vulnerabilities to return. The default value is 500. | Optional |
to_context | Whether to print output to context. Can be "True" or "False". The default value is "True". | Optional |
Context Output
Path | Type | Description |
---|---|---|
Kenna.VulnerabilitiesOfAsset.AssetID | Number | The ID of the asset that this vulnerability is associated with. |
Kenna.VulnerabilitiesOfAsset.CveID | String | The CVE ID of the vulnerability associated with the asset. |
Kenna.VulnerabilitiesOfAsset.ID | Number | The ID of the vulnerability associated withe the asset |
Kenna.VulnerabilitiesOfAsset.Patch | Boolean | Whether there is a patch for the vulnerability associated with the asset. |
Kenna.VulnerabilitiesOfAsset.Status | String | The status of the vulnerability associated with the asset. |
Kenna.VulnerabilitiesOfAsset.TopPriority | Boolean | Whether the vulnerability associated with the asset is a top priority. |
Kenna.VulnerabilitiesOfAsset.Score | Number | The score of the vulnerability associated with the asset. |
Command Example
!kenna-get-asset-vulnerabilities id={asset_id} limit=2
Context Example
Human Readable Output
Kenna Vulnerabilities
Name | Score | id |
---|---|---|
CVE-2017-5817 | 91 | 631229 |
CVE-2018-0866 | 85 | 631231 |
9. Add a tag to an asset
Adds a tag to the specified asset.
Base Command
kenna-add-tag
Input
Argument Name | Description | Required |
---|---|---|
tag | A comma-separated list of tags to add to the asset. | Required |
id | The asset ID to which to add the tag. | Required |
Context Output
There is no context output for this command.
Command Example
!kenna-add-tag id={asset_id} tag="My test tag"
Human Readable Output
Tag My test tag was added to asset {asset_id}
10. Delete a tag from an asset
Deletes tags from the specified asset.
Base Command
kenna-delete-tag
Input
Argument Name | Description | Required |
---|---|---|
id | The asset ID from which to delete the tag. | Required |
tag | The tag to delete. | Required |
Context Output
There is no context output for this command.
Command Example
!kenna-delete-tag id={asset_id} tag="My test tag"
Human Readable Output
Tag My test tag was deleted to asset {asset_id}