Pentera

Overview

Integration with Pcysys. This integration was integrated and tested with version 3.3.2 of Pentera by Pcysys

Pcysys Playbook

Use Cases

Integration Use Cases: 1. Integrate PenTera’s Automated Penetration Testing findings within Demisto for playbook-driven enrichment and response 2. Address penetration testing findings, prioritize, and automate response tasks 3. Leverage Demisto’s third-party product integrations

Use Case #1: Automate Dynamic Vulnerability Alerts - Password Policy  Challenge: Password policies are a continuous undertaking that organizations need to review regularly.  Solution: With the Demisto-PenTera integration, PenTera can continuously validate the effectiveness of enterprise passwords and take action on easily crackable passwords with focus on high privileged accounts. Once PenTera flags a password that doesn’t meet the standard, automated playbooks through Demisto take action and remediate the vulnerability based on corporate policy.

Use Case #2: Automated real-time validation for critical vulnerabilities Challenge: Continuous security validation is critical for the ongoing cyber hygiene of an organization’s network. However, critical vulnerabilities require on-demand testing as they influence many components of the network. Security teams struggle with prioritizing remediation and understanding the true impact vulnerabilities have on their specific network. Solution: After running automated single-action tests for critical vulnerabilities, the Demisto integration allows security teams to automate the response process based on the findings. For example, PenTera discovers the vulnerability of different components of the network, e.g a server or an endpoint. The latter is a simpler fix that should go through one workflow, perhaps even be automatically remediated, while the first, a much more complex process, will create a high-risk task in the relevant workflow, automatically prioritizing the response tasks based on business impact severity.

Configure Pentera on Demisto

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Pentera.
  3. Click Add instance to create and configure a new integration instance.
    • Name: a textual name for the integration instance.
    • Server URL (e.g. https://192.168.64.128)
    • Pentera API port
    • TGT (The token from Pentera UI in Administration -> API Clients)
    • Client Id
    • Trust any certificate (not secure)
    • Use system proxy settings
  4. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. 1. pentera-run-template-by-name 2. pentera-get-task-run-status 3. pentera-get-task-run-full-action-report

1. pentera-run-template-by-name

Run a specific template by its name. Please add the template name in the parameters

Required Permissions

Operator and admin users

Base Command

pentera-run-template-by-name

Input
Argument NameDescriptionRequired
template_nameThe name of the template that you want to runRequired
Context Output
PathTypeDescription
Pentera.TaskRun.TemplateNameStringReturns the name of the template
Pentera.TaskRun.IDStringThe task run id
Pentera.TaskRun.StartTimeDateThe date when the task run started
Pentera.TaskRun.EndTimeDateThe date when the task run ended
Pentera.TaskRun.StatusStringThe status of the task run; e.g.: 'Running', 'Pending', 'Failed', 'Cleaning up', 'Canceled', 'Done', 'Warning', 'Aborted (exceeded max hosts limit)'.
Command Example

!pentera-run-template-by-name template_name="Test Template for Playbook"

Context Example
{
"Pentera.TaskRun": {
"Status": "Running",
"TemplateName": "Test Template for Playbook",
"StartTime": 2020-02-13T19:32:45Z,
"EndTime": null,
"ID": "5e45883d1deb8eda82b1eed5"
}
}
Human Readable Output

Test Template for Playbook

IDStartTimeStatusTemplateName
2020-02-13 17:32:45Z5e45883d1deb8eda82b1eed5'2020-02-13T17:32:45Z'Running

Integration log: Full Integration Log: Got command: pentera-run-template-by-name result is JSON Parsed JSON Response: {'ID': '5e45883d1deb8eda82b1eed5', 'TemplateName': 'Test Template for Playbook', 'StartTime': '2020-02-13T17:32:45Z', 'EndTime': None, 'Status': 'Running'} Parsed JSON Response: {'ID': '5e45883d1deb8eda82b1eed5', 'TemplateName': 'Test Template for Playbook', 'StartTime': '2020-02-13T17:32:45Z', 'EndTime': None, 'Status': 'Running'}

2. pentera-get-task-run-status

Get the status of a task run by its task run id

Required Permissions

Operator and admin users

Base Command

pentera-get-task-run-status

Input
Argument NameDescriptionRequired
task_run_idThe ID of the task runRequired
Context Output
PathTypeDescription
Pentera.TaskRun.IDStringThe task run id
Pentera.TaskRun.TemplateNameStringReturns the name of the template
Pentera.TaskRun.StartTimeDateThe date when the task run started
Pentera.TaskRun.EndTimeDateThe date when the task run ended
Pentera.TaskRun.StatusStringThe status of the task run; e.g.: 'Running', 'Pending', 'Failed', 'Cleaning up', 'Canceled', 'Done', 'Warning', 'Aborted (exceeded max hosts limit)'.
Command Example
Context Example
{
"Pentera.TaskRun": {
"Status": "Done",
"TemplateName": "Test Template for Playbook",
"StartTime": "2020-02-13T17:10:58Z",
"EndTime": "2020-02-13T19:14:12Z",
"ID": "5e4583221deb8eda82b195c5"
}
}
Human Readable Output

Test Template for Playbook: Done

EndTimeIDStartTimeStatusTemplateName
2020-02-13 17:10:58Z1581614052321.05e4583221deb8eda82b195c51581613858961.0Done

Integration log: Full Integration Log: Got command: pentera-get-task-run-status result is JSON Parsed JSON Response: {'ID': '5e4583221deb8eda82b195c5', 'TemplateName': 'Test Template for Playbook', 'StartTime': '2020-02-13T17:10:58Z', 'EndTime': '2020-02-13T19:14:12Z', 'Status': 'Done'}

3. pentera-get-task-run-full-action-report

Get the full action report of a task run

Fieldnames: 'Severity', 'Time', 'Duration', 'Operation Type', 'Techniques', 'Parameters', 'Status'

Severity:

  • Low: [0: 2.5)
  • Medium: [2.5: 5)
  • High: [5: 7.5)
  • Critical: [7.5: 10]

Duration:

In milliseconds

Status:

'Running', 'Pending', 'Failed', 'Cleaning up', 'Canceled', 'Done', 'Warning', 'Aborted (exceeded max hosts limit)'.

Required Permissions

User view, operator and admin users

Base Command

pentera-get-task-run-full-action-report

Input
Argument NameDescriptionRequired
task_run_idThe ID of the task runRequired
Context Output
PathTypeDescription
Pentera.TaskRun.IDStringThe task run id
Pentera.TaskRun.TemplateNameStringReturns the name of the template
Pentera.TaskRun.StartTimeDateThe date when the task run started
Pentera.TaskRun.EndTimeDateThe date when the task run ended
Pentera.TaskRun.StatusStringThe status of the task run; e.g.: 'Running', 'Pending', 'Failed', 'Cleaning up', 'Canceled', 'Done', 'Warning', 'Aborted (exceeded max hosts limit)'.
Pentera.TaskRun.FullActionReportStringThe full action report of the task run
Command Example
Context Example
{
"Pentera.TaskRun": {
"FullActionReport": [
{
"Status": "no results",
"Severity": "",
"Parameters": "Host: 192.168.1.2",
"Time": "13/02/2020, 17:11:59",
"Duration": "31578",
"Operation Type": "BlueKeep (CVE-2019-0708) Vulnerability Discovery",
"Techniques": "Network Service Scanning(T1046)"
},
{
"Status": "no results",
"Severity": "",
"Parameters": "Host: 192.168.1.1",
"Time": "13/02/2020, 17:12:01",
"Duration": "31618",
"Operation Type": "BlueKeep (CVE-2019-0708) Vulnerability Discovery",
"Techniques": "Network Service Scanning(T1046)"
}
],
"ID": "5e4583221deb8eda82b195c5"
}
}
Human Readable Output

Pentera Report for TaskRun ID 5e4583221deb8eda82b195c5### # Pentera Report for TaskRun ID 5e4583221deb8eda82b195c5

DurationOperation TypeParametersSeverityStatusTechniquesTime
31578BlueKeep (CVE-2019-0708) Vulnerability DiscoveryHost: 192.168.1.2no resultsNetwork Service Scanning(T1046)13/02/2020, 17:11:59
31618BlueKeep (CVE-2019-0708) Vulnerability DiscoveryHost: 192.168.1.1no resultsNetwork Service Scanning(T1046)13/02/2020, 17:12:01

Integration log: Full Integration Log: Got command: pentera-get-task-run-full-action-report result is TEXT