Time
1 hour 13 minutes
Difficulty
Beginner
CEU/CPE
3

Video Description

This tutorial takes you through the WhiteHat Sentinel control panel for the viewer role.

Video Transcription

00:00
Welcome to White Out Security's Sentinel training for viewers.
00:04
In this tutorial, we will cover the following sections of the Sentinel interface
00:10
summary
00:12
assets
00:13
findings,
00:15
schedule
00:17
reports
00:19
and profile
00:28
under the summary tab. In the update section, we show you any recent or upcoming changes to the saddle interface or service,
00:36
including dates and links to related articles.
00:40
Be sure to check here occasionally
00:42
and in the system maintenance section.
00:44
Here is where we will communicate any scheduled or emergency maintenance announcements, including start times and expected duration.
00:52
Please note. In the event of an emergency maintenance bulletin,
00:55
this section will become the default landing page when logging into sentinel
01:00
to make sure you don't miss it,
01:07
the asset section shows you these sites and applications under contract for sentinel service
01:14
sites. Are those applications using our dad asked or dynamic application security testing solutions
01:21
while APS are those applications using our SAS TTE or static application Security testing Solutions.
01:27
Let's focus on sites first
01:30
on the Sites tab, you'll see a list of sites by sight name.
01:34
For each site, you will see the service level.
01:37
This could be our baseline standard
01:40
premium or pre launch additions
01:44
the next column will display the number of open vulnerabilities for that site.
01:49
The scan schedule and Time zone columns will show the schedule and time zone for each site.
01:53
Von Data provides a quick link to the vulnerability detail report for that site,
02:00
and lastly,
02:00
status provides an icon based summary on the overall health of your scans.
02:06
Using a stoplight analogy,
02:07
A status with a green icon
02:09
indicates everything is good to go
02:13
and the site is either being scanned or his paws is dictated by the schedule.
02:17
A yellow icon indicates configuration is being done on the white hat side,
02:23
and scanning will resume once to configuration is complete.
02:27
A red icon indicates we are missing something to scan your sight.
02:30
That being either a scan schedule
02:32
or Valli credentials,
02:36
you can also click on the legend status icons
02:38
for more information on the individual icons and their meanings.
02:43
You know also have the option to export this page to a C s fi file by using the export C. S. V file link,
02:50
allowing you to view this information in excel
02:53
or other program of your choice.
02:57
Now let's take a look at the AP stab
03:00
similar to the sites tab.
03:00
This section will list all your sentinel source applications currently under service
03:07
under application name.
03:08
You will see both the name and language of your application.
03:13
Total findings will provide the count of open vulnerabilities for your application.
03:19
The phone data provides a quick link to the vulnerability report for the application,
03:23
and lastly, the compliance section will show if the application is currently in PC I. Compliance or not,
03:30
this is a bit more complicated to discuss than the scope of this training module, so it will be explained in more detail at a later time.
03:38
And as before, you can filter your results.
03:45
Under the group's tab,
03:46
you will see a list of all groups you've created.
03:49
Groups are a good way to easily assign access to team members for just the sights and APS they need to see.
03:55
As you can see in this example,
03:58
we have a group for our production sites and one for our pre production sites.
04:01
When I create a new user, that's part of my production team.
04:04
I can just add him or her to the group,
04:08
and they will then have access to all sites and APS in that group.
04:11
It definitely beats having to add a site, are apt to user on a one by one basis.
04:23
In our previous tutorial, we covered the basics of the assets tab.
04:27
Now we're going to drill down a little deeper into what you can access per site or per app.
04:32
First, let's click on one of our sites here.
04:36
We now see we have some additional functions we can access as well as additional information.
04:43
In the overview section, we summarize various information about your sight, including site, name,
04:48
service level and more.
04:51
In this section, I want to draw your attention to the Link Information Area.
04:57
As we call your sight,
04:58
we will find more and more pages.
05:00
We provide you a list of the pages tested in the current scan
05:03
as well as the last completed scan.
05:06
These will be links you can click on to see the list.
05:11
We also show you the primary host name and any associated host names for your site
05:16
and on the far right,
05:17
we show you the priority set for your site as well as the global and industry ranks.
05:24
These ranks give you an idea of how your sight compares
05:28
to other sites scanned by White House security
05:31
site. Findings will take you to the findings information for just this site.
05:36
Now let's go back to the AP stab
05:40
and drill down on one of our applications.
05:44
Here. You will find some information regarding your application,
05:46
such as application name,
05:49
language,
05:50
scan schedule
05:51
and so forth.
05:54
As with the site section, you can click on AP findings to see the vulnerabilities for this specific application
06:08
findings is the section where you will find all the information for vulnerabilities found in your sights and applications.
06:15
As with other sections, the information is divided by sites, APS and groups.
06:20
So let's take a look at the wealth of information available to you
06:26
When looking at the list of vulnerabilities,
06:28
we see the following. For each vulnerability found.
06:31
Each vulnerability is given a unique vulnerability. I D
06:35
phone status will show if a vulnerability is open or closed.
06:41
The score is a combined score of the severity, threat and site priority,
06:46
and we see the severity of the vulnerability in the next column.
06:49
The severity is measured on a scale of 1 to 5 and is a measurement of the amount of damage we believe could be done. Should the vulnerability be exploited.
07:00
We'll discuss threat when we drill down further into a specific vulnerability.
07:04
We also show the last day tested, date open and date closed for a vulnerability.
07:11
Next, we show the class of vulnerability based on the last two classifications.
07:16
You then have the site on which the vulnerability appears
07:20
the service level of that site
07:23
and tags the notes You can specify for each vulnerability.
07:30
Now let's drill down a little deeper into a specific vulnerability.
07:33
First
07:34
from this page, if you click the Black Arrow icon,
07:38
this will then display the open attack vectors found. For that vulnerability.
07:43
The attack vector shows where on the page the vulnerability can be found. Therefore,
07:47
you can have multiple attack vectors per vulnerability
07:51
per page on your site.
07:55
As with the vulnerabilities, each attack vector is given a unique I. D.
08:00
You can also click on the vulnerability I D to go to the Vulnerability detail page.
08:05
This page gives you the basic information on the vulnerability providing its Class
08:11
I D.
08:13
Location
08:13
Date opened
08:16
how many days the vulnerability has remained open
08:18
and the bone status
08:20
on the right side. We have some information on the retest ability of the phone ability
08:24
as well as the score information.
08:28
As stated previously, the score is the sum of the severity,
08:33
threat and site priority.
08:35
The threat of vulnerability is also rated on a scale of 1 to 5,
08:39
and it measures the ease of which a vulnerability can be exploited
08:43
if the threat is high. For example, five.
08:46
This means the vulnerability is very easy to exploit
08:50
and could be done with very little knowledge or expertise.
08:54
A threat of one, however, is very difficult to exploit and either requires expertise or intimate knowledge of your company.
09:05
Here we see the open attack vector information.
09:07
This particular vulnerability has one open attack vector.
09:11
We show the method
09:13
they found
09:13
last retest,
09:16
and you can also provide any notes per attack vector.
09:18
You can also drill down for attack Victor for even more detail, such as the scanner, request,
09:24
scanner response,
09:26
attack vector description
09:28
and attack Victor notes.
09:30
And if you have any closed attack vectors,
09:33
you will find those here.
09:37
The details and Solution section will give you some information on the vulnerability, including references,
09:43
some information on remediating the vulnerability
09:46
and, if available,
09:48
a proof of concept.
09:50
Where are TRC will provide you the necessary information to demonstrate and reproduce the vulnerability?
10:00
Finally, we have the ask a question tab.
10:03
This allows you to ask a question about this specific vulnerability
10:07
and have a dialogue with the TRC engineer
10:09
who worked on this vulnerability.
10:11
All dialogue is then logged here.
10:13
You can use this form to ask for additional information
10:16
or additional help on a vulnerability.
10:26
The schedules TAP provides a summary of the scan schedules and status for all your sights and APS under service.
10:33
For sites, you can view the sites listed by name
10:37
and the respective scan schedule
10:39
and time zones.
10:39
As with the Assets page, we also show you the scan status.
10:45
The same is true for the apse section.
10:48
You can view the sites listed by name
10:50
and the respective schedule,
10:52
time zone and status.
11:01
White Hat Sentinel provides various reports, so let's take a look at the report section
11:05
and the reports available to you
11:09
from the report type drop down. You have eight different reports from which you can choose
11:15
the executive summary and site. Summer reports are designed for executive staff
11:20
and provide a high level overview of your sites, including colorful charts and graphs,
11:26
the Vulnerability detail and Attack Vector. Detailed reports are designed for developers providing detailed information on the vulnerabilities,
11:33
helping your developers re mediate open vulnerabilities.
11:37
The P C I and site security statement reports are designed more for auditors.
11:43
The PC I report provides some guidance with payment card industry standards
11:46
and which opened vulnerabilities would put you in jeopardy of failing compliance.
11:52
The Science Security Statement report provides information on how you are addressing security for your sights and what White Hat is doing to help with that.
12:01
The long running scans and completed scans reports provide information useful to sentinel administrators to help understand what is happening with the sights regarding automated assessments.
12:13
For each of the reports, you will be able to select the sights wanted and then other options specific to the report type
12:20
For the vulnerability and Attack Vector reports,
12:24
you'll be able to narrow the report by vulnerability, status, vulnerability classes and so forth.
12:31
Once you have your options selected, just click Generate Report to get the PDF or C S v file.
12:39
The Beta reports currently offer seven new baby reports that use a new generation of reports we are developing
12:46
and are in the beta stage right now.
12:54
From the My Profile page, you can control your profile information
12:58
as well as do some other account maintenance.
13:01
By clicking on edit,
13:03
you can update your personal information such as name
13:05
John, title, et cetera.
13:09
Here is where you can also specify your email options,
13:11
and if you wish to expose host names
13:15
when you've updated your information, just click on save changes.
13:18
You can also change your password.
13:20
You will need to enter your current password
13:22
new password
13:24
and confirm your new password before clicking. Save changes
13:30
from this page. You can also add a P G. Peaky. If you're male, Super isn't able to do so
13:35
in order to receive secure emails from Sentinel.
13:39
If you have any questions, please don't hesitate to contact us.
13:43
You can re support, but going to https, colon slash slash support dot white hat sec dot com and logging in to our customers Success portal.
13:54
You can also send us an email to support at white hat sec dot com
14:00
or call us at 4083438340 during our normal business hours Monday through Friday. 6 a.m. to 7 p.m. Pacific time. Thank you for watching
14:15
back.

Up Next