WhiteHat Security Sentinel Training for Administrators
This tutorial takes you through the WhiteHat Sentinel control panel for System Administrators
1 hour 13 minutes
This tutorial takes you through the WhiteHat Sentinel control panel for System Administrators
Welcome to White Hat Securities Sentinel training for administrators.
In this tutorial, we will cover the following sections of the Sentinel interface
So let's begin by looking at the alert section.
The alert section shows you the recent activity on your account with respect to new users,
new vulnerabilities and completed scans.
You can then take certain actions to view additional information about that specific alert.
You can also filter the results by date range
or by alert type.
Once you've made your selections, click the filter button to show the results.
To clear the filter, simply click on the reset button.
You can also export this information to A C S B file,
and you can choose how many rows to show per page.
Now let's take a look at the action item section.
This is where you will find any needed action items you need to address regarding Cy credentials or schedules needed
By clicking at it,
you can go directly to the credentials, information
or scan schedule for the application in question.
We'll discuss more on entering credentials or setting a schedule later on in this tutorial. Siris
next Let's look at the update section
in this section. We show you any recent or upcoming changes to the central interface or service, including dates and links to related articles.
Be sure to check her occasionally.
Lastly, let's take a look at the system maintenance section.
Here. We will communicate any scheduled or emergency maintenance announcements, including start times and expected duration.
Police note. In the event of an emergency maintenance bulletin,
this section will become the default landing page When you log into sentinel to make sure you don't miss it,
the asset section shows you these sites and applications under contract for sentinel service
sites. Are those applications using our desk solution or dynamic application Security testing?
Well, absolute. Those applications using our Sask solution or static application Security testing.
Let's focus on sites first
on the site stab. You will see a list of sites by sight name
for each site,
you will see the service level.
This could be our baseline standard premium
or pre launch additions.
The next column will display the number of open vulnerabilities for that site.
This can schedule
and time zone columns will show the schedule and time zone for each site
Vole Data provides a quick link
to the vulnerability detail report for that site.
And lastly, status provides an icon based summary on the overall health of your scans.
Using a stoplight analogy
of status with green icon indicates everything is good to go,
and the site is either being scanned
or is pause as dictated by the schedule.
A yellow icon indicates configuration is being done on the white hat side
and the scan will resume. Wants to configuration is complete.
A red icon indicates we are missing something
to scan your sight.
That being either a scan schedule
or valid credentials,
you can also click on the legend status icons for more information on the individual icons and their meanings.
You now also have the option to export to this page to a. C S B file by using the export CSB file link,
allowing you to view this information
or other program of your choice. Now let's take a look at the AP stab
similar to the sites tab. This section will list all your sentinel source applications currently under service
under application name.
You will see both the name and language of your application.
Total findings will provide the count of open vulnerabilities for your application.
The schedule will show the schedule selected for the application.
The phone data link provides a quick link to the vulnerability report for the application,
and lastly, the compliance section will show if the application is currently in PC I. Compliance or not,
this is a bit more complicated to discuss than the scope of this training module,
so it will be explained in more detail
at a later time.
Under the group's tab, you will see a list of all groups you've created.
Groups are a good way to easily assign access to team members for just the sights and APS they need to see.
As you can see in this example,
we have a group for our production sites
and one for our pre production sites.
When we create a new user that's part of my production team.
I can just add him or her to the group,
and they will then have access to all sites and APS in that group.
It definitely beats having to add a site or app to user on a one by one basis.
In our previous tutorial,
we covered the basics of the assets tab.
Now we're going to drill down a little deeper into what you can access per site or per app.
First, let's click on one of our sites here.
We now see we have some additional functions we can access as well as additional information. In the overview section,
we summarize various information about your sight,
including site name, service level and more
in the section. I want to draw your attention to the Link information area.
As we crawl your site, we will find more and more pages.
We provide you a list of the pages tested in the current scan as well as the last completed scan.
These will be links you can click on to see the list.
We also show you the primary host name
and any associated host names for your site
and on the far right.
We show you the priorities set for your site
as well as the global and industry ranks.
These ranks give you an idea of how your sight compares to other sites scanned by a white hat. Security.
From here, you can edit the site info
where you can select
your industry and provide a description of your sight.
You can also edit this schedule and time zone
We'll go into further detail on this in a separate tutorial.
If you make any changes, be sure to click save changes before navigating away from the page
site. Findings will take you to the findings information for just this site.
Activities will give you information as to win scans, air starting, stopping and completing.
Now let's take a look at credentials
for your S E and P Service is you will need to provide valid credentials so we can assess your application. In unauthenticated state,
you can label the credentials and provides requested information
for scanning credentials.
We suggest providing two sets of credentials
a second set toe act as a backup.
Also, to ensure the best coverage,
it is best to provide credentials with the highest access level.
If you're logging, process requires answers to a challenge question
or some additional information. You can provide that in the other. Log in notes.
Once you provided all the necessary information,
click submit to save your changes.
If you have P e service,
we will also need a set of credentials to provide the business logic assessment part of the service,
adding the credentials is the same process as it is for scanning credentials.
However, for business logic credentials,
we suggest providing a set of credentials for every access level you have in your application.
if you have guessed Super user and admin rolls,
we would suggest a total of six credentials to for guests to for Super User and two for admin.
And, as always,
don't forget to click. Submit to save your changes.
we have settings
to make any changes here. Click the edit Site settings.
From here, you can set the site priority.
This will influence the overall score of vulnerability and can be set from 1 to 10.
For any production site. We recommend a higher priority. Be set
either nine or 10.
You can also set the scan speed.
This will set the maximum number of requests Sentinel will send to your servers.
Because we are production safe
and scan in a single thread, it means we don't send a subsequent request until we have received a response from the previous request.
This generally generates the same load as a single user, clicking through your site.
If you change your priority or scan speed,
be sure to click. Save changes.
Now Let's go back to the AP stab
and drill down on one of our applications.
Here. You will find some information regarding your application, such as application name,
and so forth.
As with the site section,
you can click on AP findings to view the vulnerabilities specific to this application.
By going to edit info,
you can change the application Name.
The Edit Schedule Time Zone lets you specify the scan frequency.
Once you set the scan schedule, be sure to click save changes.
You can also add a code base,
just supply the required information and click submit
back on the overview page. We also have the application policy section
Application policies determined What types of vulnerabilities
What levels of severity will cause an application to fail. It's scan.
You can edit the application policy
by clicking the pencil.
You can then create a new policy,
edit the existing policy
and apply a policy.
Under the findings tab, you will find all the information for vulnerabilities found in your sights and applications.
As with other sections, the information is divided by sites, APS and groups.
So let's take a look at the information available to you When looking at the list of vulnerabilities,
we see the following. For each vulnerability found.
Each vulnerability is given a unique vulnerability. I D
Bone status will show if a vulnerability is open or closed.
The score is a combined score of the severity, threat
and site priority,
and we see the severity of the vulnerability in the next column.
The severity is measured on a scale of 1 to 5
and is a measurement of the amount of damage we believe could be done. Should the vulnerability be exploited.
We'll discuss threat when we drill down further into a specific vulnerability.
Under retest of all,
the icon under type indicates whether the vulnerability
was found by sentinels automated assessment
illustrated by a computer icon
or found during the business logic assessment
illustrated by a green check mark.
The status shows if a retest is available,
unavailable or pending.
If an automatic retest is unavailable, this is usually caused by Sentinel not being able to access the site.
We also show the last day tested
date open and date closed for vulnerability
Next we show the class of vulnerability based on the last two classifications.
You then have the site on which the vulnerability appears,
the service level on that site
and tags and notes. You can specify for each vulnerability.
If you wish to have a vulnerability retested,
simply click the checkbox on the far left
for all vulnerabilities to be retested.
Then click the retest vulnerability button to start the retests.
For automatic retest, they should complete within 15 to 30 minutes
for manually retested vulnerability.
These are generally completed within one business day.
Now let's drill down a little deeper into a specific vulnerability
first from this page. If you click the Black Arrow icon,
this will then display the open attack vectors found. For that vulnerability.
The attack vector shows where on the page
the vulnerability can be found.
Therefore, you can have multiple attack vectors per vulnerability per page on your site.
As with the vulnerabilities, each attack vector is given a unique I. D.
You can also click on the vulnerability I D to go to the Vulnerability detail page.
This page gives you the basic information on the vulnerability providing its Class
I D. Location
how many days of vulnerability has remained open
and the vulnerability status.
On the right side, we have some information on the retest ability of the vulnerability
as well as the score information.
As stated previously, the score is the sum of the severity,
threat and site priority.
The threat of the vulnerability is also rated on a scale of 1 to 5,
and it measures the ease of which of vulnerability can be exploited
if the threat is high. For example, five.
This means the vulnerability is very easy to exploit
and could be done with very little knowledge or expertise.
A threat of one, however,
is very difficult to exploit and either requires expertise or intimate knowledge of your application.
Also remember, you can adjust the site priority as this will affect the overall score.
So don't forget to set this in the setting section for each of your sights.
As we scroll down, we see the open attack vector information.
This particular vulnerability has one open attack vector.
We showed the method date found
last retest, and you can also provide any notes per attack vector.
You can also drill down per attack vector for even more detail, such as the scanner request,
attack vector description
and attack vector notes.
And if you have closed any attack vectors, you will find those here. The details and Solution section will give you some information on the vulnerability,
some information on re meeting, the vulnerability
and, if available, a proof of concept.
Where are TRC will provide you the necessary information to demonstrate and reproduce the vulnerability.
Finally, we have the ask a question tab.
This allows you to ask a question about this specific vulnerability
and have a dialogue with the TRC engineer who worked on this vulnerability.
All dialogue is then logged here.
You can use this form to ask for additional information
or additional help on a vulnerability.
The Schedules tab provides a summary of the scan schedules and status for all your sights and APS under service.
Let's start with sites.
As we've seen, we list sites by sight name.
We then have the active scan schedule,
and now we have the actions.
Here is where you can click at it
to set or changes can schedule
From the dropdown.
You can select a predefined schedule either continuous,
which will scan your sight 24 7
or nights and weekends,
which will scan from 8 p.m. to 6 a.m. During the weekdays,
then weekends 24 hours per day.
You can also choose to stop the scan by selecting, not scheduled stop.
We also give you the option to set a customized schedule.
When you select this option, you'll be given the grid where you can select the days and hours. You want your scans to run on your sights.
So let's say we want to scan on Monday, Wednesday and Friday
for 12 hours per day
and then all day, Tuesday and Thursdays.
We just like the check box
for the day of the week
and select the hours
we wanted to scan.
You can also click and drag
too quickly. Select a Jason hours.
We recommend you scan for a minimum of 40 hours per week.
don't forget to name
your schedule so you can easily identify it in the drop down. He was on other sites
or read it at a later time.
Lastly, select the appropriate time zone
and click save changes to save and select your new customs can schedule.
Now let's go to the apse section
as before. We have the absolution by application name.
We then see the schedule status
and we have the actions.
You can click at it
to set the schedule for your application
and as before, from the Assets AB section,
you will have the option to choose when to scan the application.
Simply select the desired radio button
and click save changes.
White Hat Sentinel provides various reports,
so let's take a look at the report section
and the reports available to you
from the report type dropped down.
You have eight different reports from which you can choose
the executive summary in sight. Several reports are designed for executive staff and provide a high level overview of your sites, including colorful charts and graphs.
The vulnerability, detail and attack vector detail reports are designed for developers
providing detailed information on the vulnerabilities, helping your developers re mediate any open vulnerabilities.
The P. C. I and site security statement reports are designed more for auditors.
The PC I report provides some guidance with payment card industry standards and which opened vulnerabilities would put you in jeopardy of failing compliance
the site Security statement report provides information on How are you are dressing security for your sights
and what White Hat is doing to help with that.
The long running scans and completed scans reports provide information useful to sentinel administrators to help understand what is happening with the sights regarding automated assessments.
For each of the reports, you'll be able to slight the sights wanted
and then other options specific to the report type
For the vulnerability and Attack Vector reports,
you will be able to narrow the report by vulnerability, status,
vulnerability classes and so forth.
Once you have your options selected, just click. Generate Report
to get the PDF or C. S B file.
The beta reports currently have to bid reports
that use a new generation of reports were developing
and are in the beta stage. Right now.
You can get beta reports for the Assets Summer Report
and PC I compliance report.
The Sentinel Admin tab allows you to administrate your users and groups,
so let's start with user management.
The user management section will show you a list of all users on your account.
From here, you can add new users or delete selected users
from this page. You can also do any of the assigned sites assigned APS or assigned groups associated with a specific user
from the actions button
you can view at it
or reset passwords for any of your users.
If you choose to edit a user,
you will then be able to add additional information about the user
as well. A set their user wool and select their email options.
Under email options. You can choose how frequently the user will receive an email when new vulnerabilities are found.
You also have the option to expose host names in these emails.
For better security,
we recommend not enabling this option.
However, if you choose this option,
we will use the host names related to the found vulnerabilities.
You can also add assets and groups to the user.
This allows you to grant access to a user toe on Lee those sites and APS to which he or she should be allowed to view
and, as always, be sure to click save changes If you made any changes.
Now, let's look at group management
From this page. You can add,
edit or delete a group.
Groups allow you to manage your sights and APS that logically go together. For example, as we see here,
we have our test group
and pre production sites groups.
Now I can assign users to these groups so that I don't have to go through each individual asset
and assign it to the user.
From the My Profile page, you can control your profile information as well as other account maintenance.
By clicking on edit,
you can update your personal information such as name, job, title and so forth.
Here is where you can also specify your email options,
and if you wish to expose host names
when you've updated your information, just click on save changes.
You can also change your password.
You will need to enter your current password
and confirm your new password before clicking. Save changes
from this page. You can also add a P G. Peaky if your mail server isn't able to do so
in order to receive secure emails from Sentinel.
Lastly, Sentinel provides you with a sentinel a p I.
Allowing for integration to such service is as Jura
Web application firewalls and others
click on the Generate Web AP I ke to get your A P i ke.
Also be sure to click on Web AP Ikey Documentation
for more information on using our A P I.
If you have any questions, please don't hesitate to contact us.
You can re support, but going to https colon slash slash support dot white hat sec dot com
and logging in to our customers Success portal.
You can also send us an email to support at white hat sec dot com
or call us at 408343
8340 during our normal business hours Monday through Friday 6 a.m. to 7 p.m. Pacific time.
Thank you for watching.