WhiteHat Security Sentinel Training for Security Operators

Video Activity

This tutorial takes you through the WhiteHat Sentinel control panel for Security Operators

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
1 hour 13 minutes
Difficulty
Beginner
CEU/CPE
3
Video Description

This tutorial takes you through the WhiteHat Sentinel control panel for Security Operators

Video Transcription
00:00
Welcome to White House Securities Sentinel training for security operators. In the story A LL. We will cover the following sections of the central interface
00:10
Summary
00:12
assets
00:14
findings,
00:15
schedule
00:17
reports
00:18
and profile
00:28
under the summary tab. In the update section,
00:31
we show you any recent or upcoming changes to the central interface or service,
00:36
including dates and links to related articles.
00:39
Be sure to check here occasionally
00:42
and in the system maintenance section.
00:44
Here is where we will communicate any scheduled or emergency maintenance announcements, including start times and expected duration.
00:52
Please note.
00:53
In the event of an emergency maintenance bulletin,
00:55
this section will become the default landing page when logging into sentinel to make sure you don't miss it,
01:07
the asset section shows you these sites and applications under contract for sentinel service
01:14
sites. Are those applications using our dad asked or dynamic application security testing solutions
01:19
while APS are those applications using our SAS TTE or static application security testing Solutions.
01:26
Let's focus on sites first
01:30
on the Sites tab,
01:30
you'll see a list of sites by sight name.
01:34
For each site, you will see the service level.
01:37
This could be our baseline standard
01:40
premium or pre launch additions.
01:42
The next column will display the number of open vulnerabilities for that site.
01:48
The scan schedule and Time zone columns will show the schedule and time zone for each site.
01:53
Von Data provides a quick link to the vulnerability detail report for that site, and lastly,
02:00
status provides an icon based summary on the overall health of your scans.
02:06
Using a stoplight analogy,
02:07
a status with a green icon
02:09
indicates everything is good to go,
02:12
and the site is either being scanned or his paws as dictated by the schedule.
02:17
A yellow icon indicates configuration is being done on the white hat side,
02:23
and scanning will resume. Wants to configuration is complete.
02:27
A red icon indicates we are missing something to scan your sight.
02:30
That being either a scan schedule
02:32
or Valli credentials,
02:36
you can also click on the legend status icons
02:38
for more information on the individual icons and their meanings.
02:43
You know also have the option to export this page to a C s fi file by using the export C. S. V file link,
02:50
allowing you to view this information in excel
02:53
or other program of your choice.
02:57
Now let's take a look at the AP stab
02:59
similar to the sites tab.
03:00
This section will list all your sentinel source applications currently under service
03:07
under application name.
03:07
You will see both the name and language of your application.
03:13
Total findings will provide the count of open vulnerabilities for your application.
03:17
The phone data provides a quick link to the vulnerability report for the application,
03:23
and lastly, the compliance section will show if the application is currently in PC I. Compliance or not,
03:30
this is a bit more complicated to discuss than the scope of this training module, so it will be explained in more detail at a later time.
03:38
And as before, you can filter your results.
03:44
Under the group's tab,
03:46
you will see a list of all groups you've created.
03:49
Groups are a good way to easily assign access to team members for just the sights and APS they need to see.
03:55
As you can see in this example,
03:57
we have a group for our production sites and one for our pre production sites.
04:01
When I create a new user that's part of my production team.
04:04
I can just add him or her to the group,
04:06
and they will then have access to all sites and APS in that group.
04:11
It definitely beats having to add a site are apt to user on a one by one basis.
04:20
In our previous tutorial, we covered the basics of the assets. Stab.
04:25
Now we're going to drill down a little deeper into what you can access per site or per app.
04:31
First, let's click on one of our sites here.
04:35
We now see we have some additional functions we can access as well as additional information.
04:42
In the overview section,
04:44
we summarize various information about your sight,
04:46
including site, name, service level
04:49
and more.
04:51
In this section,
04:53
I want to draw your attention to the Leak information area.
04:57
As we call your site, we will find more and more pages.
05:00
We provide you a list of the pages tested in the current scan
05:04
as well as the last completed scan.
05:08
These will be links you can click on to see the list.
05:12
We also show you the primary host name
05:15
and any associated host names for your site
05:17
and on the far right,
05:19
we show you the priority set for your site as well as the global and industry ranks.
05:25
These ranks give you an idea of how your sight compares to other sites scanned by white at security.
05:32
From here,
05:33
you can edit the schedule and time zone.
05:36
We'll go into further detail on this in a separate tutorial.
05:40
If you make any changes, be sure to click save changes before navigating away from the page
05:47
site. Findings will take you to the findings information for just this site.
05:53
Now let's take a look at credentials
05:55
for your S E and P E Service is
05:58
you will need to provide valid credentials so we can assess your application. In unauthenticated state,
06:03
you can label the credentials
06:05
and provide the requested information
06:09
for scanning credentials.
06:10
We suggest providing two sets of credentials
06:13
a second set toe act as a backup.
06:15
Also,
06:16
to ensure the best coverage, it is best to provide credentials with the highest access level.
06:23
If you're logging, process requires answers to a challenge question
06:27
or some additional information.
06:29
You can provide that in the other Log in notes section.
06:31
Once you provided all the necessary information,
06:34
click submit to save your changes.
06:39
If you have P E service, we will also need a set of credentials to provide the business logic assessment part of the service,
06:46
adding the credentials is the same process as it is for scanning credentials.
06:50
However, for business logic credentials, we suggest providing a set of credentials for every access level you have in your application.
06:59
For example,
07:00
if you have guessed
07:01
super user and admin rolls,
07:04
we would suggest a total of six credentials.
07:06
Two for guests,
07:09
two for super user and two for admin.
07:12
And, as always, don't forget to click. Submit
07:15
to save your changes.
07:16
Now let's go back to the AP stab and drill down on one of our applications.
07:24
Here you will find some information regarding your application,
07:27
such as application name, language,
07:29
scan schedule and so forth.
07:31
And as with the site section, you can click on our findings to see the vulnerabilities for the application.
07:43
The findings is the section where you will find all the information for vulnerabilities found in your sights and applications.
07:50
As with other sections, the information is divided by sites, APS and groups.
07:57
So let's take a look at the wealth of information available to you.
08:01
When looking at the list of vulnerabilities, we see the following. For each vulnerability found.
08:07
Each vulnerability is given a unique vulnerability I D
08:11
vole status will show if a vulnerability is open or closed.
08:16
The score is a combined score of the severity, threat and site priority,
08:22
and we see the severity of the vulnerability in the next column.
08:26
The severity is measured on a scale of 1 to 5 and is a measurement of the amount of damage we believe could be done. Should the vulnerability be exploited,
08:35
we'll discuss threat when we drill down further into a specific vulnerability
08:41
under retest bone.
08:41
The icon under type indicates whether the vulnerability was found by sentinels automated assessment
08:48
illustrated by a computer icon
08:50
or found during the business logic assessment,
08:54
illustrated by a green check mark.
08:56
The status shows if a retest is available,
09:00
unavailable or pending.
09:03
If an automatic retest is unavailable, this is usually caused by Sentinel not being able to access the site.
09:09
We also show the last day tested, date open
09:13
and date closed for vulnerability.
09:16
Next, we show the class of vulnerability based on the last two classifications.
09:22
You then have the site on which the vulnerability appears.
09:26
The service level of that site
09:28
and tags and notes. You can specify for each vulnerability
09:33
if you wish to have a vulnerability retested.
09:35
Simply click the checkbox on the far left for all vulnerabilities to be retested.
09:41
Then click the retest vulnerability button to start the retests.
09:46
For automatic retest, they should complete within 15 to 30 minutes
09:50
for manually retested vulnerabilities.
09:52
These generally are completed within one business day.
09:56
Now let's drill down a little deeper into a specific vulnerability
10:01
first from this page. If you click the Black Arrow icon, this will then display the open attack vectors found. For that vulnerability.
10:09
The attack vector shows where on the page
10:13
the vulnerability can be found.
10:16
Therefore, you can have multiple attack Victor's per vulnerability per page on your site.
10:22
As with the vulnerabilities, each attack vector is given a unique I. D.
10:26
You can also click on the vulnerability I D to go to the Vulnerability detail page.
10:33
This page gives you the basic information on the vulnerability providing its Class
10:37
I D.
10:39
Location
10:41
date open
10:41
how many days the vulnerability has remained open
10:45
and the loan status
10:46
on the right side. We have some information on the retest ability of the vulnerability
10:52
as well as the score information
10:54
stated previously.
10:56
The score is the sum of the severity, threat and site priority.
11:01
The threat of a vulnerability is also rated on a scale of 1 to 5,
11:05
and it measures the ease of which a vulnerability can be exploited
11:09
if the threat is high. For example, five. This means the vulnerability is very easy to exploit and can be done with very little knowledge or expertise.
11:18
Ah, threat of one, however, is very difficult to exploit and other requires expertise or intimate knowledge of your company.
11:26
Here we see the open attack vector information.
11:30
This particular vulnerability has
11:31
one open attack vector.
11:33
We showed the method
11:35
date found last retest,
11:37
and you can also provide any notes per attack vector.
11:41
You can also drill down for attack Vector for even more detail, such as the scanner, request scanner response,
11:48
attack vector description and attack vector notes.
11:52
And if you have closed any attack Victor's, you will find those here.
11:56
The Details and Solution section will give you some information on the vulnerability,
12:01
including references,
12:03
some information on remediating, the vulnerability and, if available, a proof of concept.
12:09
Where are TRC will provide you the necessary information to demonstrate and reproduce the vulnerability.
12:16
Finally, we have the ask a question tab.
12:20
This allows you to ask a question about this specific vulnerability
12:24
and have a dialogue with the TRC engineer who worked on this vulnerability.
12:28
All dialogue is then log here.
12:31
You can use this form to ask for additional information
12:35
or additional help on a vulnerability.
12:43
The Schedules tab provides a summary of the scan schedules and status for all your sights and APS under service.
12:50
Let's start with sites.
12:52
As we've seen, we list sites by sight name.
12:56
We then have the active scan schedule,
12:58
time zone
13:00
scan status,
13:01
and now we have the actions.
13:03
Here is where you can click at it
13:05
to set or changes can schedule
13:09
from the dropdown.
13:11
You can select a predefined schedule either continuous,
13:15
which will scan your sight 24 7
13:16
or nights and weekends, which will scan from 8 p.m. To 6 a.m. During the weekdays,
13:22
then weekends 24 hours per day.
13:26
You can also choose to stop the scan
13:30
by selecting, not scheduled stopped.
13:33
We also give you the option to set a customized schedule.
13:37
When you select this option, you'll be given the grid where you can select the days and hours. You want your scans to run on your sights.
13:45
So let's say we want to scan on Monday, Wednesday and Friday
13:48
for 12 hours per day
13:50
and then all day, Tuesday and Thursdays.
13:54
We just like the check box
13:56
for the day of the week.
14:00
And so, like the hours
14:01
we wanted to scan.
14:07
You can also click and drag
14:11
too quickly. Select a Jason hours.
14:13
We recommend you scan for a minimum of 40 hours per week.
14:18
Also,
14:20
don't forget to name
14:22
your schedule so you can easily identify it in the drop down He was on other sites
14:26
or edit at a later time.
14:31
Lastly,
14:33
select the appropriate time zone
14:35
and click save changes to save and select your new customs can schedule.
14:41
Now let's go to the AB section.
14:43
As before, we have the absolution by application name.
14:46
We then see the schedule status
14:48
AP status,
14:50
and we have the actions.
14:52
You can click at it
14:54
to set the schedule for your application
14:58
and as before, from the Assets AB section,
15:01
you will have the option to choose went to scan the application.
15:05
Simply select the desired radio button
15:09
and click save changes.
15:20
White hat Sentinel provides various reports. So let's take a look at the report section
15:26
and the reports available to you
15:28
from the report type dropped down. You have eight different reports from which you can choose
15:33
the executive summary and site. Summer reports are designed for executive staff
15:39
and provide a high level overview of your sights,
15:43
including colorful charts and graphs,
15:45
the Vulnerability detail and Attack Vector. Detailed reports are designed for developers providing detailed information on the vulnerabilities.
15:54
Helping your developers re mediate
15:56
open vulnerabilities.
15:58
The P C I in sight security statement reports are designed more for auditors.
16:02
The PC I report provides some guidance with payment card industry standards
16:07
and which opened vulnerabilities would put you in jeopardy of failing compliance.
16:11
The Science Security Statement report provides information on how you are addressing security for your sights and what White Hat is doing to help with that.
16:21
The long running scans and completed scans reports provide information useful to sentinel administrators to help understand what is happening with the sights regarding automated assessments.
16:33
For each of the reports, you will be able to select the sights wanted and then other options specific to the report type
16:41
for the vulnerability and attack Vector reports,
16:44
you'll be able to narrow the report by vulnerability, status,
16:47
vulnerability classes and so forth.
16:49
Once you have your options selected, just click. Generate Report to get the PDF or C. S v file.
16:59
The Beta reports currently offer seven new baby reports that use a new generation of reports we are developing
17:04
and are in the beta stage right now.
17:11
From the My Profile page, you can control your profile information
17:17
as well as do some other account maintenance.
17:19
By clicking on edit,
17:21
you can update your personal information such as name, job, title, et cetera.
17:26
Here is where you can also specify your email options,
17:30
and if you wish to expose host names
17:33
when you've updated your information,
17:36
just click on save changes.
17:38
You can also change your password.
17:41
You will need to enter your current password new password
17:45
and confirm your new password before clicking. Save changes.
17:49
Also from this page, you can add a P G peaky if your mail server isn't able to do so in order to receive secure emails from Sentinel.
18:00
Lastly,
18:00
Sutton will provide you with a sentinel AP I allowing for integration to such service is as Jura
18:07
Web application firewalls and others
18:11
click on the generate Web AP I Ke to get your A P I ke.
18:15
Also
18:17
be sure to click on Web AP Ikey Documentation Form or information on using our A P I.
18:23
If you have any questions, please don't hesitate to contact us. You can re support, but going to https colon slash slash support dot white hat sec dot com and logging in to our customers Success portal.
18:38
You can also send us an email to support at white hat sec dot com or call us at 4083438340 during our normal business hours Monday through Friday 6 a.m. to 7 p.m. Pacific time.
18:56
Thank you for watching.
Up Next