1. Home
  2. Getting Started
  3. Getting Started Guide

Getting Started Guide

This is a step-by-step guide to the allow you to configure your AppSec Phoenix account to start gathering and managing vulnerabilities.

To help you get your AppSec Phoenix account up and running, here are the main steps you need to complete:

Connect Scanner.

  1. On the Navigation Menu, click Integrations.
  1. Click the “Add Scanner” button.
  1. Enter a Scanner Name.
  1. Select a Scanner Template. Here are your choices
  1. Click the “Next” button.
  1. Enter the User ID and token ID for your selected scanner. 
  • For CSV Import, skip to Step 7.
  • For Sonatype, enter the token ID only.
  • For CloudGuard, enter the Server URL, API Key, and Secret Key.
  1. Click “Create Scanner”. 

    The new scanner will now be added to the list of scanners in the Scanners page.

Create Applications.

To create an Application, follow these steps:

  1. On the Navigation Menu, click Applications.
  1. Scroll down and go to the Applications section. Then click the “Add Application” button.
  1. Complete the following fields:
  • Application Name  
  • Threshold  
  • Criticality  
  • Value  
  • Accountable User  
  • Tags

You also have the option to check the “Link to Jira Project” if you have Jira already integrated into your AppSec Phoenix account.

  1. Click the “Create Application” button.

To create multiple Applications, you can use the CSV Import feature using these steps:

  1. On the Navigation Menu, click Applications.
  1. Scroll down and go to the Applications section. Then click “Download Template” 
  1. Open the CSV template and follow the format to enter the Application details.
  1. Save the CSV template and upload it to AppSec Phoenix by clicking the “Import CSV” button.

A message confirms that you have successfully uploaded the file and added the new Applications.

Add Components (from Scanners).

  1. On the Navigation Menu, click Applications.
  1. Scroll down and go to the Applications section. Look for the Application where you want to add the Component and click Edit (pencil icon)
  1. Scroll down to Components section and click “Add Component” button.
  1. Select the Scanner you want to use and click the “Next” button to proceed with setting a target below.

Set a target.

  1. Check the corresponding box(es) of Scanner Target(s) where you wish to add the Component and click the “Next” button.
  1. Enter the Component Name, set the Exposure as Internal or External, and enter tags.
  1. Click the “Save” button. 
  1. On the Navigation Menu, go to Integrations > Workflow.
  1. Click Jira Software.
  1. Enter the following details:
  • Name
  • Server URL
  • Username
  • Access Token
  1. Click the “Save Workflow” button.

Create Users.

  1. On the Navigation Menu, click Users Management.
  1. Click “Add User”.
  1. Enter the following user details:
  • Email Address
  • First Name
  • Last Name
  • Phone Number
  • Role
  • MFA (Multi-Factor Authentication)
  1. Click “Create” once done. 

Assign Applications to Users.

  1. On the Navigation Menu, click Applications.
  1. Scroll down and go to the Applications section. Look for the Application where you want to add the Component and click Edit (pencil icon)
  1. Assign the application to a user using the “Accountable User” dropdown menu.
  1. Click “Save” or “Save and Show Applications”.

Assign Applications to Jira.

  1. On the Navigation Menu, click Applications.
  1. Scroll down and go to the Applications section. Look for the Application where you want to add the Component and click Edit (pencil icon)
  1. Check the “Link to Jira Project” checkbox.
  1. Select the “Jira Account“ and “Jira Project” to be assigned for the application.
  1. Click “Save Linking to Jira”.

Set target Risk Tolerance.

  1. On the Navigation Menu, click Applications.
  1. Scroll down and go to the Applications section. Look for the Application where you want to add the Component and click Edit (pencil icon)
  1. Enter the Threshold Value in the “Threshold” field.
  1. Click “Save” or “Save and Show Applications”.

You can also set a global Risk Tolerance level and override the individual Risk Tolerance or Threshold Level of individual Applications by following these steps:

  1. On the Dashboard, go to Organisation Risk Evolution section and click the “Set Overall Risk Tolerance“ button.
  1. Set the “Organisation Threshold” 
  1. Click the red “Override” button to override all other Threshold values assigned individually to Applications.

Review Vulnerabilities and Push to Jira 

  1. On the Navigation Menu, click Vulnerability.
  1. Scroll down to the list of Vulnerabilities and click the blue diamond-shaped Jira logo corresponding to the component you’d like to push to Jira.
  1. Once clicked, the Jira logo changes into a clickable link that opens the Jira Issue created for this vulnerability.
  1. From Jira, you can monitor, update, and set the status of the Issue.
Updated on September 12, 2021

Related Articles

x Logo: ShieldPRO
This Site Is Protected By
ShieldPRO