Import Cobalt findings into Kenna Security

You can use the Cobalt API to fetch findings data and ingest it into other software, such as Vulnerability Management (VM) tools. VM tools are commonly used to identify, prioritize, and remediate vulnerabilities. Kenna Security is such a VM tool. You can import findings from Cobalt into Kenna Security using an external toolkit from Kenna Security. This article will help you get started with that.

To configure the integration, you will need:

Cobalt.io API Token - See the API token support guide here
Cobalt.io Org Token - Retrieve the token by using the Cobalt API v1 /orgs endpoint. Please ensure you are using API v1 (https://docs.cobalt.io/v1), as the v2 Org Token is not currently supported for this integration.
Kenna Security API Token - See support guide here.

Step 1. Create a (new) Kenna Security Data Importer Connector

NOTE: If you already have a Kenna Security Data Importer configured, it is recommended to add a separate Data Importer dedicated to importing Cobalt findings.

Next, select “Add Connector” to start adding a new Connector.

Search for and select the “Kenna Data Importer” Connector.

Configure the Connector and name it, for example, “Kenna Data Importer - Cobalt.io”. Then, press “Save”.

Next, click on the name of the Connector you just created.

Take note of the “Connector ID” as you will need it in step 3.

Step 2. Get the Kenna Security Toolkit Image

The Kenna Security Toolkit is wrapped in a container image. You can either get it from Docker Hub or build it from the source.

From Docker Hub

Pull the toolkit image from Docker Hub, e.g.:

```

docker pull kennasecurity/toolkit

```

Once this is done, continue with step 3.

From Source

First, clone the Kenna Toolkit repository, e.g.:

```

git clone git@github.com:KennaSecurity/toolkit.git

```

Then, build the Kenna Security Toolkit image from the source. If you have already done this in the past, you may have to do it again as the Cobalt task is a relatively new addition.

```

docker build . -t toolkit:latest

```

Step 3. Run the Cobalt task

Set the appropriate secret values before running the task. Note that the `KENNA_CONNECTOR_ID` should be set to the “Connector ID” value of the connector created in step 1.

```

export COBALT_API_TOKEN=xxx

export COBALT_ORG_TOKEN=xxx

export KENNA_API_KEY=xxx

export KENNA_CONNECTOR_ID=xxx

```

Then, run the toolkit with the `cobaltio` task selected. This will import all findings from the configured org in Cobalt into Kenna Security. By default, Kenna's (newer) AppSec module is used, which is recommended. If you want to use the VM module instead, add the option `kenna_appsec_module=false` to the command below.

```

docker run -it --rm toolkit:latest \

task=cobaltio \

cobalt_api_token=$COBALT_API_TOKEN \

cobalt_org_token=$COBALT_ORG_TOKEN \

kenna_api_key=$KENNA_API_KEY \

kenna_connector_id=$KENNA_CONNECTOR_ID

```

Step 4. View the Findings

Depending on whether you are using the Kenna AppSec Module or the Kenna VM module you can find the findings in a different place. We show both here.

Kenna AppSec Module

Here you will see the imported findings. If there were already findings here, you can apply a filter for the connector name in the sidebar on the right.

Kenna VM Module

Here you will see the imported vulnerabilities. If there were already vulnerabilities here, you may need to search to find the newly implemented vulnerabilities.

Conclusion

That’s it. We hope this guide has been helpful in getting your Cobalt findings data imported into Kenna Security. If you have questions about this integration or any other, please feel free to reach out to us: integrations@cobalt.io