Import Cobalt findings into DefectDojo
You can use the Cobalt API to fetch findings data and ingest it into other software, such as Vulnerability Management (VM) tools. VM tools are commonly used to identify, prioritize, and remediate vulnerabilities. DefectDojo is an example of a VM tool that is free and open source. You can easily import findings from Cobalt into DefectDojo, and this article will help you get started with that.
To configure the integration, you will need:
Cobalt.io API Token - See the API token support guide here
Cobalt.io Org Token - Retrieve the token by using the Cobalt API v1 /orgs endpoint. Please ensure you are using API v1 (https://docs.cobalt.io/v1), as the v2 Org Token is not currently supported for this integration.
Step 1. Add a Tool Type
NOTE: If there's already a tool type named "Cobalt.io" you can skip this step.
When logged in to your DefectDojo instance, go to the sidebar and navigate to Configuration → Tool Type. Then select Add Tool Type from the menu in the top right.
Enter the Name "Cobalt.io" and press Submit. You can leave the description empty, or put something meaningful to you e.g. “Pentesting”.
You will be redirected back to the Tool Type overview and get a success message. You should also see the Tool Type you created in the table.
Step 2. Add a Tool Configuration
NOTE: The process is identical if there's already a tool configured, even if an existing Tool Configuration is for Cobalt. It is possible to create multiple Tool Configurations for Cobalt.
Go to the sidebar and navigate to Configuration → Tool Configuration. Then select Add Tool Configuration from the menu in the top right.
Provide a name for the Tool Configuration, select the Tool Type "Cobalt.io" and the Authentication type "API Key". Then paste your Cobalt API Token into the API Key input and your Cobalt Org Token into the Extras input. Then press Submit.
If something is wrong you’ll get a descriptive error message. If everything is OK, you will be redirected back to the Tool Configuration overview and get a success message. You should also see the Tool Configuration you created in the table. If you ever need to update the tool configuration you can do so by pressing the name of the tool configuration.
Step 3. API Scan Configuration
NOTE: The process is identical if there is already an API Scan Configuration for Cobalt. You can have multiple API Scan Configurations for Cobalt.
Next, navigate to the product for which you want to import findings from Cobalt. Then, head to Settings → Add API Scan Configuration.
Provide the identifier of the asset in the Service key 1 input and select the tool configuration created in step 2 for the Tool Configuration input. Then press Save.
If something is wrong you’ll get a descriptive error message. If everything is OK, you are redirected to the API Scan Configurations overview and get a success message. This page is also where you can edit or delete the configuration in the future.
Step 4. Importing Findings
NOTE: The process of importing findings is slightly different if you have more than one API Scan Configuration. We first cover importing if you have only one API Scan Configuration and then highlight what is different if you have more than one API Scan Configuration.
With One API Scan Configuration
Navigate to the engagement for which you want to import findings and select Import Scan Results from the hamburger menu.
Select the Scan Type "Cobalt.io API Import" and fill out all the required fields as well as any optional fields you want to fill out.
Press Import and wait for DefectDojo to fetch the findings for the asset you selected from the Cobalt API. If something went wrong you’ll get a descriptive error message. If the API request was successful you will be redirected to a page with all the imported findings.
With Multiple API Scan Configurations
That’s it. We hope this guide has been helpful in getting your Cobalt findings data imported into DefectDojo. If you have questions about this integration or any other, please feel free to reach out to us: email@example.com
Please sign in to leave a comment.