1. Home
  2. Getting Started
  3. Getting Started Guide

Getting Started Guide

This is a step-by-step guide to the allow you to configure your AppSec Phoenix account to start gathering and managing vulnerabilities.

To help you get your AppSec Phoenix account up and running, here are the main steps you need to complete:

Connect Scanner.

  1. On the Navigation Menu, select Integrations > Scanners.
  1. Click on the “Add Scanner” button.
  1. In the first step, enter a name for this scanner integration and select the required scanner type from the list; then click on “Next“.
  1. On the second step you need to provide the required details for the scanner integration. The list of fields available will depend on selected scanner (the screenshot below shows an example of integration with Snyk).
  1. Click “Create Scanner”. 

After the scanner integration is created the new entry appears on the Scanners list page. (Here showing the example from above highlighted in red.)

Create Applications.

To create an Application, follow these steps:

  1. On the Navigation Menu, select Risk Explorer > Applications.
  1. Click the “Add Application” button on the right-hand side.
  1. Complete the following fields:
  • Application Name – name assigned to the Application.
  • Environment/Account – the cloud account where this Application is deployed.
  • Threshold – sets the risk tolerance level for the Application.
  • Value – the monetary value to the organisation. 
  • Criticality – determines how critical the Application is to the organisation. 
  • Accountable User – assigns the person or user primarily accountable for the Application. 
  • Tags – assigns tags to help identify and search for the Application.

In the second step you have the option to link the Application to a Jira project by selecting the “Link to Jira Project” checkbox, if you have Jira already integrated into your AppSec Phoenix account. Please see here for more details.

  1. Click the “Create Application” button.

You can also import Application definitions in bulk following the step described here.

Add Components (from Scanners).

  1. On the Navigation Menu, click Applications.
  1. Scroll down and go to the Applications section. Look for the Application where you want to add the Component and click Edit (pencil icon)
  1. Scroll down to Components section and click “Add Component” button.
  1. Select the Scanner you want to use and click the “Next” button to proceed with setting a target below.

Set a target.

  1. Check the corresponding box(es) of Scanner Target(s) where you wish to add the Component and click the “Next” button.
  1. Enter the Component Name, set the Exposure as Internal or External, and enter tags.
  1. Click the “Save” button. 
  1. On the Navigation Menu, go to Integrations > Workflow.
  1. Click Jira Software.
  1. Enter the following details:
  • Name
  • Server URL
  • Username
  • Access Token
  1. Click the “Save Workflow” button.

Create Users.

  1. On the Navigation Menu, click Users Management.
  1. Click “Add User”.
  1. Enter the following user details:
  • Email Address
  • First Name
  • Last Name
  • Phone Number
  • Role
  • MFA (Multi-Factor Authentication)
  1. Click “Create” once done. 

Assign Applications to Users.

  1. On the Navigation Menu, click Applications.
  1. Scroll down and go to the Applications section. Look for the Application where you want to add the Component and click Edit (pencil icon)
  1. Assign the application to a user using the “Accountable User” dropdown menu.
  1. Click “Save” or “Save and Show Applications”.

Assign Applications to Jira.

  1. On the Navigation Menu, click Applications.
  1. Scroll down and go to the Applications section. Look for the Application where you want to add the Component and click Edit (pencil icon)
  1. Check the “Link to Jira Project” checkbox.
  1. Select the “Jira Account“ and “Jira Project” to be assigned for the application.
  1. Click “Save Linking to Jira”.

Set target Risk Tolerance.

  1. On the Navigation Menu, click Applications.
  1. Scroll down and go to the Applications section. Look for the Application where you want to add the Component and click Edit (pencil icon)
  1. Enter the Threshold Value in the “Threshold” field.
  1. Click “Save” or “Save and Show Applications”.

You can also set a global Risk Tolerance level and override the individual Risk Tolerance or Threshold Level of individual Applications by following these steps:

  1. On the Dashboard, go to Organisation Risk Evolution section and click the “Set Overall Risk Tolerance“ button.
  1. Set the “Organisation Threshold” 
  1. Click the red “Override” button to override all other Threshold values assigned individually to Applications.

Review Vulnerabilities and Push to Jira 

  1. On the Navigation Menu, click Vulnerability.
  1. Scroll down to the list of Vulnerabilities and click the blue diamond-shaped Jira logo corresponding to the component you’d like to push to Jira.
  1. Once clicked, the Jira logo changes into a clickable link that opens the Jira Issue created for this vulnerability.
  1. From Jira, you can monitor, update, and set the status of the Issue.
Updated on February 14, 2022

Related Articles

x Logo: Shield Security
This Site Is Protected By
Shield Security