Viewing the Invicti Vulnerability Integration import run status and records
Use the Vulnerability Integration Runs related list to verify the success of your integration runs, locate any issues, and inform your remediation decisions.
Viewing import status, import sets, and records
To view the status of your imports, as a user in the App-Sec Manager user group, navigate to and select an integration record. Select the Vulnerability Integration Runs related list.
View details such as total processing times, average times for pre- and post-integration run processes, and reports on the integration run records for the Application Vulnerable Item integration.
To view the import sets, navigate to and select an integration.
- Product model: Discovered Applications [sn_vul_app_release] table
- Configuration item: Scanned Applications [sn_vul_app_scanned_application] table
- Application Vulnerability Entry [sn_vul_app_vul_entry] table
- For Platform type with scan type, SCA, the Package [sn_vul_app_package] table records are updated or created.
The Scan List integration creates or updates records in the Scanned Applications [sn_vul_app_scan_summary] table.
For Enterprise integrations only: Each vulnerability in Invicti has a 'type', for example, ProductDirectoryListing. This type is imported and mapped as a unique ID into your instance and displayed as part of the value in the Vulnerability field on the application vulnerable item (AVIT) record.
In this example, the value is Invicti-ProductDirectoryListing, and this value is also displayed as the unique ID on the Application Vulnerability Entry record. Invicti AVITs support multiple Common Weakness Enumeration (CWE) entries, so CWEs aren't used as unique IDs. CWEs are also displayed on the AVIT record.For Invicti AVITs, if there are duplicate types in Invicti for a vulnerability, the word 'custom' is inserted in the value, for example, Invicti-custom-ProductDirectoryListing. If you create a Custom type for vulnerabilities, the vulnerability ID might be Invicti-Custom-<title of vulnerability>.
New fields: For scan type=Invicti, the Affected parameters, and Custom fields might include data that can help you understand the vulnerability and help you remediate it. If there is no data, these fields aren't displayed on the AVIT.
For the Platform integrations, unique identifiers are imported from Invicti and don't have to be created.