Kenna v2

Use the Kenna v2 integration to search and update vulnerabilities, schedule a run connector, and manage tags and attributes.

Configure Kenna v2 on Demisto


  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Kenna v2.
  3. Click Add instance to create and configure a new integration instance.
    • Name: a textual name for the integration instance.
    • Server URL (e.g. https://api.kennasecurity.com)
    • Kenna API key
    • Use system proxy settings
    • Trust any certificate (not secure)
  4. Click Test to validate the URLs, token, and connection.

Commands


You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. 1. Search vulnerabilities: kenna-search-vulnerabilities 2. Run a connector: kenna-run-connector 3. Search fixes: kenna-search-fixes 4. Update an asset: kenna-update-asset 5. Update a vulnerability: kenna-update-vulnerability 6. Get a list of all connectors: kenna-get-connectors 7. Search assets: kenna-search-assets 8. Get an asset's vulnerability: kenna-get-asset-vulnerabilities 9. Add a tag to an asset: kenna-add-tag 10. Delete a tag from an asset: kenna-delete-tag

1. Search vulnerabilities


Searches for vulnerabilities in Kenna.

Base Command

kenna-search-vulnerabilities

Input
Argument NameDescriptionRequired
idVulnerability ID to search.Optional
top-priorityWhether to return vulnerabilities that Kenna deems a top priority to fix. Can be "true" or "false".Optional
min-scoreThe minimum vulnerability score for which to return vulnerabilities.Optional
statusThe status of the vulnerability. Can be "open", "closed", "risk_accepted", or "false_positive".Optional
limitThe maximum number of vulnerabilities to return. The default value is 500.Optional
to_contextWhether to flush to context. Can be "True" or "False". The default value is "True".Optional
Context Output
PathTypeDescription
Kenna.Vulnerabilities.AssetIDNumberThe asset ID related to the vulnerability.
Kenna.Vulnerabilities.Connectors.DefinitionNameStringThe connector definition name related to the vulnerability.
Kenna.Vulnerabilities.Connectors.IDNumberThe connector ID related to the vulnerability.
Kenna.Vulnerabilities.Connectors.NameStringThe connector name related to the vulnerability.
Kenna.Vulnerabilities.Connectors.VendorStringThe connector vendor related to the vulnerability.
Kenna.Vulnerabilities.CveIDStringThe CVE ID related to the vulnerability.
Kenna.Vulnerabilities.FixIDStringThe fix ID related to the vulnerability.
Kenna.Vulnerabilities.PatchBooleanWhether there is a patch related to the vulnerability.
Kenna.Vulnerabilities.ScannerVulnerabilities.ExternalIDStringThe vulnerability scanner external ID.
Kenna.Vulnerabilities.ScannerVulnerabilities.OpenBooleanWhether the vulnerability scanner is open.
Kenna.Vulnerabilities.ScannerVulnerabilities.PortNumberThe vulnerability scanner port.
Kenna.Vulnerabilities.ScoreNumberThe vulnerability score.
Kenna.Vulnerabilities.ServiceTicket.DueDateDateThe service ticket due date.
Kenna.Vulnerabilities.ServiceTicket.ExternalIdentifierStringThe service ticket external identifier.
Kenna.Vulnerabilities.ServiceTicket.StatusStringThe service ticket status.
Kenna.Vulnerabilities.ServiceTicket.TicketTypeStringThe service ticket type.
Kenna.Vulnerabilities.SeverityNumberThe vulnerability severity.
Kenna.Vulnerabilities.StatusStringThe vulnerability status.
Kenna.Vulnerabilities.ThreatNumberThe vulnerability threat.
Kenna.Vulnerabilities.TopPriorityNumberThe vulnerability priority.
Kenna.Vulnerabilities.IDNumberThe vulnerability ID.
Command Example

!kenna-search-vulnerabilities limit=5

Context Example
{
"Kenna.Vulnerabilities": [
{
"Status": "open",
"CveID": "CVE-2018-1273",
"Severity": 8,
"AssetID": {asset_id},
"Threat": 10,
"Patch": true,
"Connectors": [
{
"DefinitionName": "Nessus XML",
"Vendor": "Tenable",
"ID": 152075,
"Name": "Nessus XML"
},
{
"DefinitionName": "Kenna Data Importer",
"Vendor": "Kenna",
"ID": 152076,
"Name": "Generic"
}
],
"Score": 100,
"ScannerVulnerabilities": [
{
"Open": true,
"ExternalID": "generic scanner-id CVE-2018-1273",
"Port": null
},
{
"Open": true,
"ExternalID": "nessus-external-id CVE-2018-1273 f1ca5f10-907f-44a3-9dad-4250dff54cf6",
"Port": null
}
],
"FixID": 1460814,
"TopPriority": true,
"ID": 631199
},
{
"Status": "open",
"CveID": "CVE-2018-2628",
"Severity": 8,
"AssetID": {asset_id},
"Threat": 10,
"Patch": true,
"Connectors": [
{
"DefinitionName": "Nessus XML",
"Vendor": "Tenable",
"ID": 152075,
"Name": "Nessus XML"
},
{
"DefinitionName": "Kenna Data Importer",
"Vendor": "Kenna",
"ID": 152076,
"Name": "Generic"
}
],
"Score": 100,
"ScannerVulnerabilities": [
{
"Open": true,
"ExternalID": "generic scanner-id CVE-2018-2628",
"Port": null
},
{
"Open": true,
"ExternalID": "nessus-external-id CVE-2018-2628 bc839599-9e76-41f9-a79f-92120e346688",
"Port": null
}
],
"FixID": 1460809,
"TopPriority": true,
"ID": 631194
},
{
"Status": "open",
"CveID": "CVE-2018-20250",
"Severity": 7,
"AssetID": {asset_id},
"Threat": 9,
"Patch": true,
"Connectors": [
{
"DefinitionName": "Nessus XML",
"Vendor": "Tenable",
"ID": 152075,
"Name": "Nessus XML"
},
{
"DefinitionName": "Kenna Data Importer",
"Vendor": "Kenna",
"ID": 152076,
"Name": "Generic"
}
],
"Score": 100,
"ScannerVulnerabilities": [
{
"Open": true,
"ExternalID": "generic scanner-id CVE-2018-20250",
"Port": null
},
{
"Open": true,
"ExternalID": "nessus-external-id CVE-2018-20250 755a8761-828b-45a9-907f-d30f38bd18a9",
"Port": null
}
],
"FixID": 1460615,
"TopPriority": true,
"ID": 631026
},
{
"Status": "open",
"CveID": "CVE-2018-16858",
"Severity": 8,
"AssetID": {asset_id},
"Threat": 10,
"Patch": true,
"Connectors": [
{
"DefinitionName": "Nessus XML",
"Vendor": "Tenable",
"ID": 152075,
"Name": "Nessus XML"
},
{
"DefinitionName": "Kenna Data Importer",
"Vendor": "Kenna",
"ID": 152076,
"Name": "Generic"
}
],
"Score": 100,
"ScannerVulnerabilities": [
{
"Open": true,
"ExternalID": "generic scanner-id CVE-2018-16858",
"Port": null
},
{
"Open": true,
"ExternalID": "nessus-external-id CVE-2018-16858 19443e63-b916-4068-a174-0c4678416c14",
"Port": null
}
],
"FixID": 1460616,
"TopPriority": true,
"ID": 631027
},
{
"Status": "open",
"CveID": "CVE-2017-8917",
"Severity": 8,
"AssetID": {asset_id},
"Threat": 10,
"Patch": true,
"Connectors": [
{
"DefinitionName": "Nessus XML",
"Vendor": "Tenable",
"ID": 152075,
"Name": "Nessus XML"
},
{
"DefinitionName": "Kenna Data Importer",
"Vendor": "Kenna",
"ID": 152076,
"Name": "Generic"
}
],
"Score": 100,
"ScannerVulnerabilities": [
{
"Open": true,
"ExternalID": "generic scanner-id CVE-2017-8917",
"Port": null
},
{
"Open": true,
"ExternalID": "nessus-external-id CVE-2017-8917 bfe89aea-8ba7-411e-9f48-9fd6e821526e",
"Port": null
}
],
"FixID": 1461409,
"TopPriority": true,
"ID": 631927
}
]
}
Human Readable Output

Kenna Vulnerabilities

NameScoreid
CVE-2018-1273100631199
CVE-2018-2628100631194
CVE-2018-20250100631026
CVE-2018-16858100631027
CVE-2017-8917100631927

2. Run a connector


Executes a run of the specified connector. If file based, it will use the most recently uploaded data file.

Base Command

kenna-run-connector

Input
Argument NameDescriptionRequired
idThe connector ID to run.Required

3. Search fixes


Filters fixes by a given set of vulnerability and asset parameters and returns the filtered fixes.

Base Command

kenna-search-fixes

Input
Argument NameDescriptionRequired
idThe vulnerability ID for which to search.Optional
top-priorityWhether to return vulnerabilities that Kenna deems a top priority to fix. Can be "true" or "false".Optional
min-scoreThe minimum vulnerability score for which to return vulnerabilities.Optional
statusThe status of the vulnerability. Can be "open", "closed", "risk_accepted", or "false_positive".Optional
vulnerabilitiesvulnerabilities for search.Optional
limitThe maximum number of vulnerabilities to return. The default value is 500.Optional
to_contextWhether to flush to context. Can be "True" or "False". The default value is "True".Optional
Context Output
PathTypeDescription
Kenna.Fixes.IDNumberThe fix ID.
Kenna.Fixes.TitleStringThe fix title.
Kenna.Fixes.Assets.IDNumberThe asset ID related to the current fix.
Kenna.Fixes.Assets.LocatorStringThe asset locator related to the current fix.
Kenna.Fixes.Assets.PrimaryLocatorStringThe asset primary locator related to the current fix.
Kenna.Fixes.Assets.DisplayLocatorStringThe asset display locator related to the current fix.
Kenna.Fixes.Vulnerabilities.IDNumberThe vulnerability ID related to the current fix.
Kenna.Fixes.Vulnerabilities.ServiceTicketStatusStringThe vulnerability service ticket status related to the current fix.
Kenna.Fixes.Vulnerabilities.ScannerIDsNumberThe vulnerability scanner IDs related to the current fix.
Kenna.Fixes.CveIDStringThe CVE-ID list related to the current fix.
Kenna.Fixes.LastUpdatedAtStringThe timestamp when the current fix was last updated.
Kenna.Fixes.CategoryStringThe category of fix.
Kenna.Fixes.VulnerabilityCountNumberThe vulnerability count of the fix.
Kenna.Fixes.MaxScoreNumberThe maximum score of the fix.
Command Example

!kenna-search-fixes limit=3

Context Example
{
"Kenna.Fixes": [
{
"Category": null,
"VulnerabilityCount": 1,
"CveID": [
"CVE-2019-18408"
],
"Assets": [
{
"PrimaryLocator": "ip_address",
"Locator": "{ip}",
"DisplayLocator": "{ip}",
"ID": {id}}
}
],
"Title": "CVE-2019-18408",
"LastUpdatedAt": "2019-10-24T19:02:03.000Z",
"MaxScore": 27,
"ID": 1459069
},
{
"Category": null,
"VulnerabilityCount": 1,
"CveID": [
"CVE-2019-18409"
],
"Assets": [
{
"PrimaryLocator": "ip_address",
"Locator": "{ip}",
"DisplayLocator": "{ip}",
"ID": 10963
}
],
"Title": "CVE-2019-18409",
"LastUpdatedAt": "2019-10-24T19:02:03.000Z",
"MaxScore": 16,
"ID": 1459070
},
{
"Category": null,
"VulnerabilityCount": 1,
"CveID": [
"CVE-2019-18393"
],
"Assets": [
{
"PrimaryLocator": "ip_address",
"Locator": "{ip}",
"DisplayLocator": "{ip}",
"ID": 10963
}
],
"Title": "CVE-2019-18393",
"LastUpdatedAt": "2019-10-24T19:02:03.000Z",
"MaxScore": 27,
"ID": 1459071
}
]
}
Human Readable Output

CVE-2019-18408

ID: 1459069

1 vulnerabilities affected

Diagnosis:

Related CVE IDs: CVE-2019-18408
CVE-2019-18409

ID: 1459070

1 vulnerabilities affected

Diagnosis:

Related CVE IDs: CVE-2019-18409
CVE-2019-18393

ID: 1459071

1 vulnerabilities affected

Diagnosis:

Related CVE IDs: CVE-2019-18393

4. Update an asset


Updates the attributes of a single asset.

Base Command

kenna-update-asset

Input
Argument NameDescriptionRequired
idThe ID of the asset to update.Required
notesNotes about the asset.Required
Context Output

There is no context output for this command.

Command Example

!kenna-update-asset id={asset_id} notes="My personal asset."

Human Readable Output

Asset {asset_id} was updated

5. Update a vulnerability


Updates the attributes of a single vulnerability.

Base Command

kenna-update-vulnerability

Input
Argument NameDescriptionRequired
idThe ID of the vulnerability to update.Required
statusThe status of the vulnerability. Can be "open", "closed", "risk_accepted", or "false_positive".Optional
notesNotes about the vulnerability.Optional
Context Output

There is no context output for this command.

Command Example

!kenna-update-vulnerability id=631199 status=risk_accepted

Human Readable Output

Asset 631199 was updated

6. Get a list of all connectors


Returns all connectors.

Base Command

kenna-get-connectors

Input
Argument NameDescriptionRequired
Context Output
PathTypeDescription
Kenna.ConnectorsList.IDNumberThe connector ID.
Kenna.ConnectorsList.NameStringThe connector name.
Kenna.ConnectorsList.RunningBooleanThe running connector.
Kenna.ConnectorsList.HostStringThe connector host.
Command Example

!kenna-get-connectors

Context Example
{
"Kenna.ConnectorsList": [
{
"Host": null,
"Running": false,
"ID": 152075,
"Name": "Nessus XML"
},
{
"Host": null,
"Running": false,
"ID": 152076,
"Name": "Generic"
},
{
"Host": null,
"Running": false,
"ID": 152077,
"Name": "Checkmarx XML"
},
{
"Host": "ven01347.service-now.com:443",
"Running": false,
"ID": 152078,
"Name": "ServiceNow"
},
{
"Host": "8080",
"Running": false,
"ID": 152929,
"Name": "AppScan Enterprise"
}
]
}
Human Readable Output

Kenna Connectors

HostIDNameRunning
152075Nessus XMLfalse
152076Genericfalse
152077Checkmarx XMLfalse
ven01347.service-now.com:443152078ServiceNowfalse
8080152929AppScan Enterprisefalse

7. Search assets


Searches for assets.

Base Command

kenna-search-assets

Input
Argument NameDescriptionRequired
idThe asset ID to search for.Optional
hostnameThe hostname of the asset to search for.Optional
min-scoreThe minimum vulnerability score for which to return vulnerabilities.Optional
tagsThe tags by which to search.Optional
limitThe maximum number of vulnerabilities to return. The default value is 500.Optional
to_contextWhether to print output to context. Can be "True" or "False". The default value is "True".Optional
Context Output
PathTypeDescription
Kenna.Assets.IDNumberThe asset ID.
Kenna.Assets.HostnameStringThe hostname of the asset.
Kenna.Assets.IpAddressStringThe asset IP address.
Kenna.Assets.ScoreNumberThe asset risk score.
Kenna.Assets.VulnerabilitiesCountNumberThe number of vulnerabilities associated with the asset.
Kenna.Assets.OperatingSystemStringThe asset operating system.
Kenna.Assets.TagsStringA list of the asset's tags.
Kenna.Assets.FqdnStringThe asset FQDN.
Kenna.Assets.StatusStringThe asset status.
Kenna.Assets.OwnerStringThe asset owner.
Kenna.Assets.PriorityNumberThe asset priority.
Kenna.Assets.NotesStringNotes of current asset.
Kenna.Assets.OperatingSystemStringOperating system of asset
Command Example

!kenna-search-assets limit=4

Context Example
{
"Kenna.Assets": [
{
"Status": "active",
"Tags": [
"DMZ"
],
"Notes": "Test Update Notes Kenna",
"Hostname": null,
"Fqdn": null,
"ID": {asset_id},
"Priority": 10,
"Score": 1000,
"Owner": null,
"IpAddress": "{ip}",
"OperatingSystem": "Ubuntu",
"VulnerabilitiesCount": 55
},
{
"Status": "active",
"Tags": [
"Category4"
],
"Notes": null,
"Hostname": null,
"Fqdn": null,
"ID": {asset_id},
"Priority": 10,
"Score": 1000,
"Owner": null,
"IpAddress": "{ip}",
"OperatingSystem": "Windows",
"VulnerabilitiesCount": 19
},
{
"Status": "active",
"Tags": [
"Category4",
"Category5"
],
"Notes": null,
"Hostname": null,
"Fqdn": null,
"ID": {asset_id},
"Priority": 10,
"Score": 1000,
"Owner": null,
"IpAddress": "{ip}",
"OperatingSystem": "Windows",
"VulnerabilitiesCount": 10
},
{
"Status": "active",
"Tags": [
"Category3",
"Category5"
],
"Notes": null,
"Hostname": null,
"Fqdn": null,
"ID": {asset_id},
"Priority": 10,
"Score": 1000,
"Owner": null,
"IpAddress": "{ip}",
"OperatingSystem": "Windows",
"VulnerabilitiesCount": 10
}
]
}
Human Readable Output

Kenna Assets

IP-addressOperating SystemScoreid
{ip}Ubuntu1000{asset_id}
{ip}Windows1000{asset_id}
{ip}Windows1000{asset_id}
{ip}Windows1000{asset_id}

8. Get an asset's vulnerabilities


Gets vulnerabilities of the specified asset.

Base Command

kenna-get-asset-vulnerabilities

Input
Argument NameDescriptionRequired
idThe asset ID for which to get vulnerabilities.Required
limitThe maximum number of vulnerabilities to return. The default value is 500.Optional
to_contextWhether to print output to context. Can be "True" or "False". The default value is "True".Optional
Context Output
PathTypeDescription
Kenna.VulnerabilitiesOfAsset.AssetIDNumberThe ID of the asset that this vulnerability is associated with.
Kenna.VulnerabilitiesOfAsset.CveIDStringThe CVE ID of the vulnerability associated with the asset.
Kenna.VulnerabilitiesOfAsset.IDNumberThe ID of the vulnerability associated withe the asset
Kenna.VulnerabilitiesOfAsset.PatchBooleanWhether there is a patch for the vulnerability associated with the asset.
Kenna.VulnerabilitiesOfAsset.StatusStringThe status of the vulnerability associated with the asset.
Kenna.VulnerabilitiesOfAsset.TopPriorityBooleanWhether the vulnerability associated with the asset is a top priority.
Kenna.VulnerabilitiesOfAsset.ScoreNumberThe score of the vulnerability associated with the asset.
Command Example

!kenna-get-asset-vulnerabilities id={asset_id} limit=2

Context Example
{
"Kenna.VulnerabilitiesOfAsset": [
{
"Status": "open",
"CveID": "CVE-2017-5817",
"AssetID": {asset_id},
"Patch": true,
"Score": 91,
"TopPriority": true,
"ID": 631229
},
{
"Status": "open",
"CveID": "CVE-2018-0866",
"AssetID": {asset_id},
"Patch": true,
"Score": 85,
"TopPriority": true,
"ID": 631231
}
]
}
Human Readable Output

Kenna Vulnerabilities

NameScoreid
CVE-2017-581791631229
CVE-2018-086685631231

9. Add a tag to an asset


Adds a tag to the specified asset.

Base Command

kenna-add-tag

Input
Argument NameDescriptionRequired
tagA comma-separated list of tags to add to the asset.Required
idThe asset ID to which to add the tag.Required
Context Output

There is no context output for this command.

Command Example

!kenna-add-tag id={asset_id} tag="My test tag"

Human Readable Output

Tag My test tag was added to asset {asset_id}

10. Delete a tag from an asset


Deletes tags from the specified asset.

Base Command

kenna-delete-tag

Input
Argument NameDescriptionRequired
idThe asset ID from which to delete the tag.Required
tagThe tag to delete.Required
Context Output

There is no context output for this command.

Command Example

!kenna-delete-tag id={asset_id} tag="My test tag"

Human Readable Output

Tag My test tag was deleted to asset {asset_id}