Welcome to White House Securities Sentinel training for security operators. In the story A LL. We will cover the following sections of the central interface
under the summary tab. In the update section,
we show you any recent or upcoming changes to the central interface or service,
including dates and links to related articles.
Be sure to check here occasionally
and in the system maintenance section.
Here is where we will communicate any scheduled or emergency maintenance announcements, including start times and expected duration.
In the event of an emergency maintenance bulletin,
this section will become the default landing page when logging into sentinel to make sure you don't miss it,
the asset section shows you these sites and applications under contract for sentinel service
sites. Are those applications using our dad asked or dynamic application security testing solutions
while APS are those applications using our SAS TTE or static application security testing Solutions.
Let's focus on sites first
you'll see a list of sites by sight name.
For each site, you will see the service level.
This could be our baseline standard
premium or pre launch additions.
The next column will display the number of open vulnerabilities for that site.
The scan schedule and Time zone columns will show the schedule and time zone for each site.
Von Data provides a quick link to the vulnerability detail report for that site, and lastly,
status provides an icon based summary on the overall health of your scans.
Using a stoplight analogy,
a status with a green icon
indicates everything is good to go,
and the site is either being scanned or his paws as dictated by the schedule.
A yellow icon indicates configuration is being done on the white hat side,
and scanning will resume. Wants to configuration is complete.
A red icon indicates we are missing something to scan your sight.
That being either a scan schedule
or Valli credentials,
you can also click on the legend status icons
for more information on the individual icons and their meanings.
You know also have the option to export this page to a C s fi file by using the export C. S. V file link,
allowing you to view this information in excel
or other program of your choice.
Now let's take a look at the AP stab
similar to the sites tab.
This section will list all your sentinel source applications currently under service
under application name.
You will see both the name and language of your application.
Total findings will provide the count of open vulnerabilities for your application.
The phone data provides a quick link to the vulnerability report for the application,
and lastly, the compliance section will show if the application is currently in PC I. Compliance or not,
this is a bit more complicated to discuss than the scope of this training module, so it will be explained in more detail at a later time.
And as before, you can filter your results.
Under the group's tab,
you will see a list of all groups you've created.
Groups are a good way to easily assign access to team members for just the sights and APS they need to see.
As you can see in this example,
we have a group for our production sites and one for our pre production sites.
When I create a new user that's part of my production team.
I can just add him or her to the group,
and they will then have access to all sites and APS in that group.
It definitely beats having to add a site are apt to user on a one by one basis.
In our previous tutorial, we covered the basics of the assets. Stab.
Now we're going to drill down a little deeper into what you can access per site or per app.
First, let's click on one of our sites here.
We now see we have some additional functions we can access as well as additional information.
In the overview section,
we summarize various information about your sight,
including site, name, service level
I want to draw your attention to the Leak information area.
As we call your site, we will find more and more pages.
We provide you a list of the pages tested in the current scan
as well as the last completed scan.
These will be links you can click on to see the list.
We also show you the primary host name
and any associated host names for your site
and on the far right,
we show you the priority set for your site as well as the global and industry ranks.
These ranks give you an idea of how your sight compares to other sites scanned by white at security.
you can edit the schedule and time zone.
We'll go into further detail on this in a separate tutorial.
If you make any changes, be sure to click save changes before navigating away from the page
site. Findings will take you to the findings information for just this site.
Now let's take a look at credentials
for your S E and P E Service is
you will need to provide valid credentials so we can assess your application. In unauthenticated state,
you can label the credentials
and provide the requested information
for scanning credentials.
We suggest providing two sets of credentials
a second set toe act as a backup.
to ensure the best coverage, it is best to provide credentials with the highest access level.
If you're logging, process requires answers to a challenge question
or some additional information.
You can provide that in the other Log in notes section.
Once you provided all the necessary information,
click submit to save your changes.
If you have P E service, we will also need a set of credentials to provide the business logic assessment part of the service,
adding the credentials is the same process as it is for scanning credentials.
However, for business logic credentials, we suggest providing a set of credentials for every access level you have in your application.
super user and admin rolls,
we would suggest a total of six credentials.
two for super user and two for admin.
And, as always, don't forget to click. Submit
to save your changes.
Now let's go back to the AP stab and drill down on one of our applications.
Here you will find some information regarding your application,
such as application name, language,
scan schedule and so forth.
And as with the site section, you can click on our findings to see the vulnerabilities for the application.
The findings is the section where you will find all the information for vulnerabilities found in your sights and applications.
As with other sections, the information is divided by sites, APS and groups.
So let's take a look at the wealth of information available to you.
When looking at the list of vulnerabilities, we see the following. For each vulnerability found.
Each vulnerability is given a unique vulnerability I D
vole status will show if a vulnerability is open or closed.
The score is a combined score of the severity, threat and site priority,
and we see the severity of the vulnerability in the next column.
The severity is measured on a scale of 1 to 5 and is a measurement of the amount of damage we believe could be done. Should the vulnerability be exploited,
we'll discuss threat when we drill down further into a specific vulnerability
The icon under type indicates whether the vulnerability was found by sentinels automated assessment
illustrated by a computer icon
or found during the business logic assessment,
illustrated by a green check mark.
The status shows if a retest is available,
unavailable or pending.
If an automatic retest is unavailable, this is usually caused by Sentinel not being able to access the site.
We also show the last day tested, date open
and date closed for vulnerability.
Next, we show the class of vulnerability based on the last two classifications.
You then have the site on which the vulnerability appears.
The service level of that site
and tags and notes. You can specify for each vulnerability
if you wish to have a vulnerability retested.
Simply click the checkbox on the far left for all vulnerabilities to be retested.
Then click the retest vulnerability button to start the retests.
For automatic retest, they should complete within 15 to 30 minutes
for manually retested vulnerabilities.
These generally are completed within one business day.
Now let's drill down a little deeper into a specific vulnerability
first from this page. If you click the Black Arrow icon, this will then display the open attack vectors found. For that vulnerability.
The attack vector shows where on the page
the vulnerability can be found.
Therefore, you can have multiple attack Victor's per vulnerability per page on your site.
As with the vulnerabilities, each attack vector is given a unique I. D.
You can also click on the vulnerability I D to go to the Vulnerability detail page.
This page gives you the basic information on the vulnerability providing its Class
how many days the vulnerability has remained open
on the right side. We have some information on the retest ability of the vulnerability
as well as the score information
The score is the sum of the severity, threat and site priority.
The threat of a vulnerability is also rated on a scale of 1 to 5,
and it measures the ease of which a vulnerability can be exploited
if the threat is high. For example, five. This means the vulnerability is very easy to exploit and can be done with very little knowledge or expertise.
Ah, threat of one, however, is very difficult to exploit and other requires expertise or intimate knowledge of your company.
Here we see the open attack vector information.
This particular vulnerability has
one open attack vector.
We showed the method
date found last retest,
and you can also provide any notes per attack vector.
You can also drill down for attack Vector for even more detail, such as the scanner, request scanner response,
attack vector description and attack vector notes.
And if you have closed any attack Victor's, you will find those here.
The Details and Solution section will give you some information on the vulnerability,
some information on remediating, the vulnerability and, if available, a proof of concept.
Where are TRC will provide you the necessary information to demonstrate and reproduce the vulnerability.
Finally, we have the ask a question tab.
This allows you to ask a question about this specific vulnerability
and have a dialogue with the TRC engineer who worked on this vulnerability.
All dialogue is then log here.
You can use this form to ask for additional information
or additional help on a vulnerability.
The Schedules tab provides a summary of the scan schedules and status for all your sights and APS under service.
Let's start with sites.
As we've seen, we list sites by sight name.
We then have the active scan schedule,
and now we have the actions.
Here is where you can click at it
to set or changes can schedule
You can select a predefined schedule either continuous,
which will scan your sight 24 7
or nights and weekends, which will scan from 8 p.m. To 6 a.m. During the weekdays,
then weekends 24 hours per day.
You can also choose to stop the scan
by selecting, not scheduled stopped.
We also give you the option to set a customized schedule.
When you select this option, you'll be given the grid where you can select the days and hours. You want your scans to run on your sights.
So let's say we want to scan on Monday, Wednesday and Friday
for 12 hours per day
and then all day, Tuesday and Thursdays.
We just like the check box
for the day of the week.
And so, like the hours
You can also click and drag
too quickly. Select a Jason hours.
We recommend you scan for a minimum of 40 hours per week.
don't forget to name
your schedule so you can easily identify it in the drop down He was on other sites
or edit at a later time.
select the appropriate time zone
and click save changes to save and select your new customs can schedule.
Now let's go to the AB section.
As before, we have the absolution by application name.
We then see the schedule status
and we have the actions.
to set the schedule for your application
and as before, from the Assets AB section,
you will have the option to choose went to scan the application.
Simply select the desired radio button
and click save changes.
White hat Sentinel provides various reports. So let's take a look at the report section
and the reports available to you
from the report type dropped down. You have eight different reports from which you can choose
the executive summary and site. Summer reports are designed for executive staff
and provide a high level overview of your sights,
including colorful charts and graphs,
the Vulnerability detail and Attack Vector. Detailed reports are designed for developers providing detailed information on the vulnerabilities.
Helping your developers re mediate
The P C I in sight security statement reports are designed more for auditors.
The PC I report provides some guidance with payment card industry standards
and which opened vulnerabilities would put you in jeopardy of failing compliance.
The Science Security Statement report provides information on how you are addressing security for your sights and what White Hat is doing to help with that.
The long running scans and completed scans reports provide information useful to sentinel administrators to help understand what is happening with the sights regarding automated assessments.
For each of the reports, you will be able to select the sights wanted and then other options specific to the report type
for the vulnerability and attack Vector reports,
you'll be able to narrow the report by vulnerability, status,
vulnerability classes and so forth.
Once you have your options selected, just click. Generate Report to get the PDF or C. S v file.
The Beta reports currently offer seven new baby reports that use a new generation of reports we are developing
and are in the beta stage right now.
From the My Profile page, you can control your profile information
as well as do some other account maintenance.
By clicking on edit,
you can update your personal information such as name, job, title, et cetera.
Here is where you can also specify your email options,
and if you wish to expose host names
when you've updated your information,
just click on save changes.
You can also change your password.
You will need to enter your current password new password
and confirm your new password before clicking. Save changes.
Also from this page, you can add a P G peaky if your mail server isn't able to do so in order to receive secure emails from Sentinel.
Sutton will provide you with a sentinel AP I allowing for integration to such service is as Jura
Web application firewalls and others
click on the generate Web AP I Ke to get your A P I ke.
be sure to click on Web AP Ikey Documentation Form or information on using our A P I.
If you have any questions, please don't hesitate to contact us. You can re support, but going to https colon slash slash support dot white hat sec dot com and logging in to our customers Success portal.
You can also send us an email to support at white hat sec dot com or call us at 4083438340 during our normal business hours Monday through Friday 6 a.m. to 7 p.m. Pacific time.
Thank you for watching.