Time
1 hour 13 minutes
Difficulty
Beginner
CEU/CPE
3

Video Description

This tutorial takes you through the WhiteHat Sentinel control panel for System Administrators

Video Transcription

00:00
Welcome to White Hat Securities Sentinel training for administrators.
00:06
In this tutorial, we will cover the following sections of the Sentinel interface
00:11
summary
00:13
assets
00:14
findings,
00:16
schedule
00:17
reports,
00:19
admin
00:21
and profile.
00:26
So let's begin by looking at the alert section.
00:29
The alert section shows you the recent activity on your account with respect to new users,
00:34
new vulnerabilities and completed scans.
00:38
You can then take certain actions to view additional information about that specific alert.
00:44
You can also filter the results by date range
00:47
or by alert type.
00:49
Once you've made your selections, click the filter button to show the results.
00:54
To clear the filter, simply click on the reset button.
01:00
You can also export this information to A C S B file,
01:03
and you can choose how many rows to show per page.
01:10
Now let's take a look at the action item section.
01:17
This is where you will find any needed action items you need to address regarding Cy credentials or schedules needed
01:23
By clicking at it,
01:26
you can go directly to the credentials, information
01:29
or scan schedule for the application in question.
01:32
We'll discuss more on entering credentials or setting a schedule later on in this tutorial. Siris
01:38
next Let's look at the update section
01:42
in this section. We show you any recent or upcoming changes to the central interface or service, including dates and links to related articles.
01:51
Be sure to check her occasionally.
01:53
Lastly, let's take a look at the system maintenance section.
01:57
Here. We will communicate any scheduled or emergency maintenance announcements, including start times and expected duration.
02:06
Police note. In the event of an emergency maintenance bulletin,
02:08
this section will become the default landing page When you log into sentinel to make sure you don't miss it,
02:22
the asset section shows you these sites and applications under contract for sentinel service
02:28
sites. Are those applications using our desk solution or dynamic application Security testing?
02:35
Well, absolute. Those applications using our Sask solution or static application Security testing.
02:42
Let's focus on sites first
02:46
on the site stab. You will see a list of sites by sight name
02:50
for each site,
02:52
you will see the service level.
02:53
This could be our baseline standard premium
02:57
or pre launch additions.
03:00
The next column will display the number of open vulnerabilities for that site.
03:05
This can schedule
03:06
and time zone columns will show the schedule and time zone for each site
03:10
Vole Data provides a quick link
03:14
to the vulnerability detail report for that site.
03:16
And lastly, status provides an icon based summary on the overall health of your scans.
03:23
Using a stoplight analogy
03:24
of status with green icon indicates everything is good to go,
03:30
and the site is either being scanned
03:31
or is pause as dictated by the schedule.
03:36
A yellow icon indicates configuration is being done on the white hat side
03:40
and the scan will resume. Wants to configuration is complete.
03:46
A red icon indicates we are missing something
03:50
to scan your sight.
03:51
That being either a scan schedule
03:53
or valid credentials,
03:58
you can also click on the legend status icons for more information on the individual icons and their meanings.
04:05
You now also have the option to export to this page to a. C S B file by using the export CSB file link,
04:14
allowing you to view this information
04:15
in Excel
04:16
or other program of your choice. Now let's take a look at the AP stab
04:21
similar to the sites tab. This section will list all your sentinel source applications currently under service
04:29
under application name.
04:30
You will see both the name and language of your application.
04:34
Total findings will provide the count of open vulnerabilities for your application.
04:40
The schedule will show the schedule selected for the application.
04:45
The phone data link provides a quick link to the vulnerability report for the application,
04:50
and lastly, the compliance section will show if the application is currently in PC I. Compliance or not,
04:58
this is a bit more complicated to discuss than the scope of this training module,
05:02
so it will be explained in more detail
05:04
at a later time.
05:08
Under the group's tab, you will see a list of all groups you've created.
05:12
Groups are a good way to easily assign access to team members for just the sights and APS they need to see.
05:19
As you can see in this example,
05:21
we have a group for our production sites
05:25
and one for our pre production sites.
05:28
When we create a new user that's part of my production team.
05:31
I can just add him or her to the group,
05:34
and they will then have access to all sites and APS in that group.
05:40
It definitely beats having to add a site or app to user on a one by one basis.
05:50
In our previous tutorial,
05:51
we covered the basics of the assets tab.
05:55
Now we're going to drill down a little deeper into what you can access per site or per app.
06:00
First, let's click on one of our sites here.
06:08
We now see we have some additional functions we can access as well as additional information. In the overview section,
06:15
we summarize various information about your sight,
06:18
including site name, service level and more
06:23
in the section. I want to draw your attention to the Link information area.
06:27
As we crawl your site, we will find more and more pages.
06:30
We provide you a list of the pages tested in the current scan as well as the last completed scan.
06:36
These will be links you can click on to see the list.
06:41
We also show you the primary host name
06:43
and any associated host names for your site
06:46
and on the far right.
06:48
We show you the priorities set for your site
06:50
as well as the global and industry ranks.
06:54
These ranks give you an idea of how your sight compares to other sites scanned by a white hat. Security.
07:00
From here, you can edit the site info
07:02
where you can select
07:04
your industry and provide a description of your sight.
07:09
You can also edit this schedule and time zone
07:12
from here.
07:13
We'll go into further detail on this in a separate tutorial.
07:16
If you make any changes, be sure to click save changes before navigating away from the page
07:23
site. Findings will take you to the findings information for just this site.
07:28
Activities will give you information as to win scans, air starting, stopping and completing.
07:34
Now let's take a look at credentials
07:39
for your S E and P Service is you will need to provide valid credentials so we can assess your application. In unauthenticated state,
07:46
you can label the credentials and provides requested information
07:50
for scanning credentials.
07:53
We suggest providing two sets of credentials
07:56
a second set toe act as a backup.
07:58
Also, to ensure the best coverage,
08:01
it is best to provide credentials with the highest access level.
08:05
If you're logging, process requires answers to a challenge question
08:07
or some additional information. You can provide that in the other. Log in notes.
08:15
Once you provided all the necessary information,
08:16
click submit to save your changes.
08:22
If you have P e service,
08:24
we will also need a set of credentials to provide the business logic assessment part of the service,
08:30
adding the credentials is the same process as it is for scanning credentials.
08:33
However, for business logic credentials,
08:37
we suggest providing a set of credentials for every access level you have in your application.
08:43
For example,
08:43
if you have guessed Super user and admin rolls,
08:48
we would suggest a total of six credentials to for guests to for Super User and two for admin.
08:56
And, as always,
08:56
don't forget to click. Submit to save your changes.
09:03
And lastly,
09:05
we have settings
09:07
to make any changes here. Click the edit Site settings.
09:09
From here, you can set the site priority.
09:13
This will influence the overall score of vulnerability and can be set from 1 to 10.
09:18
For any production site. We recommend a higher priority. Be set
09:22
either nine or 10.
09:24
You can also set the scan speed.
09:28
This will set the maximum number of requests Sentinel will send to your servers.
09:31
Because we are production safe
09:35
and scan in a single thread, it means we don't send a subsequent request until we have received a response from the previous request.
09:43
This generally generates the same load as a single user, clicking through your site.
09:48
If you change your priority or scan speed,
09:50
be sure to click. Save changes.
09:56
Now Let's go back to the AP stab
10:00
and drill down on one of our applications.
10:07
Here. You will find some information regarding your application, such as application name,
10:11
language,
10:11
scan schedule
10:13
and so forth.
10:15
As with the site section,
10:18
you can click on AP findings to view the vulnerabilities specific to this application.
10:22
By going to edit info,
10:24
you can change the application Name.
10:26
The Edit Schedule Time Zone lets you specify the scan frequency.
10:31
Once you set the scan schedule, be sure to click save changes.
10:39
You can also add a code base,
10:41
just supply the required information and click submit
10:46
back on the overview page. We also have the application policy section
10:52
Application policies determined What types of vulnerabilities
10:56
What levels of severity will cause an application to fail. It's scan.
11:01
You can edit the application policy
11:03
by clicking the pencil.
11:09
You can then create a new policy,
11:13
edit the existing policy
11:13
and apply a policy.
11:22
Under the findings tab, you will find all the information for vulnerabilities found in your sights and applications.
11:31
As with other sections, the information is divided by sites, APS and groups.
11:35
So let's take a look at the information available to you When looking at the list of vulnerabilities,
11:41
we see the following. For each vulnerability found.
11:43
Each vulnerability is given a unique vulnerability. I D
11:48
Bone status will show if a vulnerability is open or closed.
11:52
The score is a combined score of the severity, threat
11:56
and site priority,
11:58
and we see the severity of the vulnerability in the next column.
12:03
The severity is measured on a scale of 1 to 5
12:07
and is a measurement of the amount of damage we believe could be done. Should the vulnerability be exploited.
12:13
We'll discuss threat when we drill down further into a specific vulnerability.
12:20
Under retest of all,
12:22
the icon under type indicates whether the vulnerability
12:26
was found by sentinels automated assessment
12:28
illustrated by a computer icon
12:31
or found during the business logic assessment
12:33
illustrated by a green check mark.
12:37
The status shows if a retest is available,
12:41
unavailable or pending.
12:43
If an automatic retest is unavailable, this is usually caused by Sentinel not being able to access the site.
12:52
We also show the last day tested
12:56
date open and date closed for vulnerability
13:00
Next we show the class of vulnerability based on the last two classifications.
13:07
You then have the site on which the vulnerability appears,
13:11
the service level on that site
13:13
and tags and notes. You can specify for each vulnerability.
13:18
If you wish to have a vulnerability retested,
13:20
simply click the checkbox on the far left
13:24
for all vulnerabilities to be retested.
13:26
Then click the retest vulnerability button to start the retests.
13:31
For automatic retest, they should complete within 15 to 30 minutes
13:35
for manually retested vulnerability.
13:39
These are generally completed within one business day.
13:41
Now let's drill down a little deeper into a specific vulnerability
13:46
first from this page. If you click the Black Arrow icon,
13:50
this will then display the open attack vectors found. For that vulnerability.
13:54
The attack vector shows where on the page
13:58
the vulnerability can be found.
14:01
Therefore, you can have multiple attack vectors per vulnerability per page on your site.
14:07
As with the vulnerabilities, each attack vector is given a unique I. D.
14:13
You can also click on the vulnerability I D to go to the Vulnerability detail page.
14:22
This page gives you the basic information on the vulnerability providing its Class
14:28
I D. Location
14:30
date opened
14:31
how many days of vulnerability has remained open
14:33
and the vulnerability status.
14:35
On the right side, we have some information on the retest ability of the vulnerability
14:41
as well as the score information.
14:43
As stated previously, the score is the sum of the severity,
14:48
threat and site priority.
14:50
The threat of the vulnerability is also rated on a scale of 1 to 5,
14:56
and it measures the ease of which of vulnerability can be exploited
15:01
if the threat is high. For example, five.
15:03
This means the vulnerability is very easy to exploit
15:05
and could be done with very little knowledge or expertise.
15:09
A threat of one, however,
15:11
is very difficult to exploit and either requires expertise or intimate knowledge of your application.
15:20
Also remember, you can adjust the site priority as this will affect the overall score.
15:24
So don't forget to set this in the setting section for each of your sights.
15:28
As we scroll down, we see the open attack vector information.
15:33
This particular vulnerability has one open attack vector.
15:37
We showed the method date found
15:39
last retest, and you can also provide any notes per attack vector.
15:46
You can also drill down per attack vector for even more detail, such as the scanner request,
15:50
scanner response,
15:52
attack vector description
15:54
and attack vector notes.
15:56
And if you have closed any attack vectors, you will find those here. The details and Solution section will give you some information on the vulnerability,
16:04
including references,
16:07
some information on re meeting, the vulnerability
16:10
and, if available, a proof of concept.
16:11
Where are TRC will provide you the necessary information to demonstrate and reproduce the vulnerability.
16:18
Finally, we have the ask a question tab.
16:22
This allows you to ask a question about this specific vulnerability
16:26
and have a dialogue with the TRC engineer who worked on this vulnerability.
16:30
All dialogue is then logged here.
16:33
You can use this form to ask for additional information
16:36
or additional help on a vulnerability.
16:45
The Schedules tab provides a summary of the scan schedules and status for all your sights and APS under service.
16:52
Let's start with sites.
16:55
As we've seen, we list sites by sight name.
16:57
We then have the active scan schedule,
17:00
time zone
17:02
scan status
17:03
and now we have the actions.
17:04
Here is where you can click at it
17:07
to set or changes can schedule
17:11
From the dropdown.
17:12
You can select a predefined schedule either continuous,
17:17
which will scan your sight 24 7
17:18
or nights and weekends,
17:21
which will scan from 8 p.m. to 6 a.m. During the weekdays,
17:25
then weekends 24 hours per day.
17:29
You can also choose to stop the scan by selecting, not scheduled stop.
17:34
We also give you the option to set a customized schedule.
17:38
When you select this option, you'll be given the grid where you can select the days and hours. You want your scans to run on your sights.
17:47
So let's say we want to scan on Monday, Wednesday and Friday
17:51
for 12 hours per day
17:52
and then all day, Tuesday and Thursdays.
17:56
We just like the check box
17:57
for the day of the week
18:02
and select the hours
18:03
we wanted to scan.
18:10
You can also click and drag
18:12
too quickly. Select a Jason hours.
18:17
We recommend you scan for a minimum of 40 hours per week.
18:21
Also,
18:22
don't forget to name
18:23
your schedule so you can easily identify it in the drop down. He was on other sites
18:29
or read it at a later time.
18:33
Lastly, select the appropriate time zone
18:37
and click save changes to save and select your new customs can schedule.
18:42
Now let's go to the apse section
18:45
as before. We have the absolution by application name.
18:48
We then see the schedule status
18:51
AP status,
18:52
and we have the actions.
18:55
You can click at it
18:56
to set the schedule for your application
19:00
and as before, from the Assets AB section,
19:03
you will have the option to choose when to scan the application.
19:07
Simply select the desired radio button
19:11
and click save changes.
19:22
White Hat Sentinel provides various reports,
19:25
so let's take a look at the report section
19:27
and the reports available to you
19:30
from the report type dropped down.
19:33
You have eight different reports from which you can choose
19:37
the executive summary in sight. Several reports are designed for executive staff and provide a high level overview of your sites, including colorful charts and graphs.
19:49
The vulnerability, detail and attack vector detail reports are designed for developers
19:56
providing detailed information on the vulnerabilities, helping your developers re mediate any open vulnerabilities.
20:03
The P. C. I and site security statement reports are designed more for auditors.
20:08
The PC I report provides some guidance with payment card industry standards and which opened vulnerabilities would put you in jeopardy of failing compliance
20:17
the site Security statement report provides information on How are you are dressing security for your sights
20:23
and what White Hat is doing to help with that.
20:27
The long running scans and completed scans reports provide information useful to sentinel administrators to help understand what is happening with the sights regarding automated assessments.
20:38
For each of the reports, you'll be able to slight the sights wanted
20:42
and then other options specific to the report type
20:45
For the vulnerability and Attack Vector reports,
20:48
you will be able to narrow the report by vulnerability, status,
20:52
vulnerability classes and so forth.
20:55
Once you have your options selected, just click. Generate Report
21:00
to get the PDF or C. S B file.
21:03
The beta reports currently have to bid reports
21:07
that use a new generation of reports were developing
21:10
and are in the beta stage. Right now.
21:11
You can get beta reports for the Assets Summer Report
21:15
and PC I compliance report.
21:25
The Sentinel Admin tab allows you to administrate your users and groups,
21:29
so let's start with user management.
21:32
The user management section will show you a list of all users on your account.
21:37
From here, you can add new users or delete selected users
21:41
from this page. You can also do any of the assigned sites assigned APS or assigned groups associated with a specific user
21:49
from the actions button
21:52
you can view at it
21:53
or reset passwords for any of your users.
21:59
If you choose to edit a user,
22:00
you will then be able to add additional information about the user
22:04
as well. A set their user wool and select their email options.
22:11
Under email options. You can choose how frequently the user will receive an email when new vulnerabilities are found.
22:19
You also have the option to expose host names in these emails.
22:25
For better security,
22:26
we recommend not enabling this option.
22:29
However, if you choose this option,
22:32
we will use the host names related to the found vulnerabilities.
22:36
You can also add assets and groups to the user.
22:38
This allows you to grant access to a user toe on Lee those sites and APS to which he or she should be allowed to view
22:47
and, as always, be sure to click save changes If you made any changes.
22:55
Now, let's look at group management
22:56
From this page. You can add,
22:59
edit or delete a group.
23:02
Groups allow you to manage your sights and APS that logically go together. For example, as we see here,
23:08
we have our test group
23:10
production sites
23:11
and pre production sites groups.
23:15
Now I can assign users to these groups so that I don't have to go through each individual asset
23:19
and assign it to the user.
23:27
From the My Profile page, you can control your profile information as well as other account maintenance.
23:33
By clicking on edit,
23:36
you can update your personal information such as name, job, title and so forth.
23:41
Here is where you can also specify your email options,
23:45
and if you wish to expose host names
23:48
when you've updated your information, just click on save changes.
23:53
You can also change your password.
23:56
You will need to enter your current password
24:00
new password
24:00
and confirm your new password before clicking. Save changes
24:07
from this page. You can also add a P G. Peaky if your mail server isn't able to do so
24:12
in order to receive secure emails from Sentinel.
24:15
Lastly, Sentinel provides you with a sentinel a p I.
24:19
Allowing for integration to such service is as Jura
24:22
Web application firewalls and others
24:26
click on the Generate Web AP I ke to get your A P i ke.
24:30
Also be sure to click on Web AP Ikey Documentation
24:33
for more information on using our A P I.
24:38
If you have any questions, please don't hesitate to contact us.
24:42
You can re support, but going to https colon slash slash support dot white hat sec dot com
24:51
and logging in to our customers Success portal.
24:53
You can also send us an email to support at white hat sec dot com
24:59
or call us at 408343
25:03
8340 during our normal business hours Monday through Friday 6 a.m. to 7 p.m. Pacific time.
25:11
Thank you for watching.