Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
---|---|---|---|---|---|---|---|
Edgescan Hosts | edgescan_hosts | NDJSON | API | ||||
Edgescan Vulnerabilities | ✅ | edgescan_vulnerabilities | NDJSON | API |
Overview
Edgescan provides vulnerability management solutions using a "software as a service" model. It has added cloud-based compliance and web application security offerings.
Hunters correlates data from Edgescan on various entities like domains and hostnames and uses it for enrichment and correlation related to vulnerability management.
Supported data types
Edgescan Hosts
Table name: edgescan_hosts
This data type offers a list of all the hosts in the network.
Edgescan Vulnerabilities
Table name: edgescan_vulnerabilities
This data type provides a list of vulnerabilities in the network
Send data to Hunters
To connect Edgescan logs:
Gather the following information from your Edgescan account:
User Name - Your Edgescan user name. Example:
dev.123
.Token - you can find an explanation of how to generate a new Token here. Example:
5d90c7ecf574d728|265
.Host - the API host associated with your tenant. Example:
live.edgescan.com
.
Complete the process on the Hunters platform, following this process.
Expected format
The expected format of the logs is the NDJSON format as exported by Edgescan.
Edgescan Hosts log sample
{'id': 193422, 'asset_id': 1052, 'location': '52.66.16.56', 'label': None, 'status': 'dead', 'hostnames': ['ec2-52-54-16-56.eu-west-3.compute.amazonaws.com'], 'updated_at': '2022-08-30T14:15:09.637Z', 'os_name': 'Linux 2.6.X', 'apis_detected': False}
Edgescan Vulnerabilities log sample
{'id': 22409329, 'name': 'Weak Key Exchange (KEX) Algorithm(s) Supported (SSH)', 'definition_id': 8539, 'asset_id': 45377, 'asset_name': 'RIPE 4564P', 'severity': 1, 'threat': 1, 'risk': 1, 'cvss_score': 0.0, 'cvss_vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:N', 'cvss_v2_score': None, 'cvss_v2_vector': None, 'cvss_version': None, 'cves': [], 'altered_score': False, 'date_opened': '2022-10-18T14:37:57.571Z', 'date_closed': None, 'status': 'open', 'pci_compliance_status': 'pass', 'location': 'some.place.com', 'location_specifier_id': 267774, 'confidence': 80, 'label': None, 'layer': 'network', 'last_pci_exception': None, 'updated_at': '2022-10-17T13:39:05.573Z', 'created_at': '2022-10-08T04:51:15.224Z', 'on_cisa_list': False}