Adding a Site Asset

To add a site, navigate to the Asset Management page and perform the following steps:

  1. Click Add Asset.

    asset add site 1
  2. From the Add Asset dropdown, select Add Site.

    • If the Add Site option is not available, please confirm that the user is a Client Administrator on your primary client account. To do this, go to User Management, search for the user, go to the details page and confirm that the Role under Role Option is set to Client Administrator.

    • If the user is not a Client Administrator, a user with the Client Administrator role can edit the user to grant those permissions.

    • If the Site option appears, but you get an Insufficient privileges for site creation error, contact our support team at support@whitehatsec.com and ask if they can grant you the necessary permissions to allow you to onboard new sites through Sentinel.

For information on how to edit a user’s role in Sentinel, please see Administering Groups, Users, and Appliances.

To add a new site you will be asked to provide basic site information such as site credentials, and a site schedule.

Asset Details

In the Provide Asset Details tab, perform the following steps:

  1. Select a Service level from the drop down.

    asset add site 2
  2. Type the Asset name in the text field provided.

  3. Type a Primary Hostname/URL in the text field provided.

    This must be provided in a format such as http://site.com
  4. Select an Industry that best fits the purpose of your site. This will be used for peer benchmarking purposes when you have recived finding results.

  5. Optionally, add any additional information to be reviewed by Technical Support (TS) or the Threat Research Center (TRC) teams before the site’s onboarding is finalized. Please note that this information will not be displayed in Sentinel, or available through the API.

  6. Optionally, click the radio button for Internal asset. If the site is an internal asset, you will be asked for two more pieces of information before the Skip and Create Now link is made available.

  7. Select the satellite appliance assigned to this asset from the drop-down list, or request a new appliance (see Appliance Management for more information.)

  8. Select the relevant radio button to use a specific IP address to access the primary hostname, or use the DNS configured on the appliance to resolve the primary hostname.

  9. If you have selected to use an IP address, type the Internal site’s IP address in the text field provided.

  10. Optionally, add a Custom Asset ID to the site by typing in the text field provided.

  11. Select your Asset priority from the dropdown. See Understanding Asset Priority for more information.

    Higher priority assets generally store more sensitive data, have more users, and/or are more important to your organization. The asset priority set will impact the rating displayed for vulnerabilities found on the asset. None represents no adjustment to the final score based on priority.
  12. Select your desired maximum Scan speed from the dropdown.

  13. Optionally, add an Internal description of your site for internal refrencing.

  14. Add any associated host names. Refer to Adding Associated Hostnames to a Site for more information.

  15. Click Next to proceed to the Adding Testing Credentials tab, or click Skip and Create Now to create the asset without testing credentials or a scan schedule

Testing Credentials

In the Add Testing Credentials tab, perform the following steps:

  1. Type the Credential label in the text field provided, for your own reference.

    asset add site 3
  2. Type the Username to be used for this credential.

  3. Type the Credential password in the text field provided.

  4. In the Confirm credential password field, type your selected password again.

  5. Type the Login entrance URL in the text field provided.

  6. Type the Destination URL in the text field provided.

  7. Optionally, add login notes for your site in the text field provided.

  8. Click Next to proceed to the Schedule Scan tab, or click Skip and Create Now to create the asset without a scan schedule.

    If necessary, you can choose to enter credential information at a later time however, unless a site has no login required for access at all, the TRC will not be able to test the site content thoroughly until credentials are available.

Scan Schedule

In the Schedule Scan tab, perform the following steps:

  1. Select a Schedule from the drop down list. Schedules available include:

    • Continuous

    • Nights 8p-6a & Weekends 24hrs

    • Never Scan

      asset add site 4
  2. Select a Time Zone from the drop down list.

    The time zone is key information for ensuring that the scan runs according to your preferred schedule. Please choose it carefully. For additional information on setting your schedule, please see Scheduling a Scan.
  3. Click Create Now. A confirmation message of your site creation will display.

When you return to your Asset Management page, the new site will be listed.

Editing a Site Asset

Field Name Description

Editing a Site

To edit a site, navigate to the Site Overview page and choose Edit Site Info, Edit Schedule/Time Zone, or click on Credentials or Settings.

Edit Site Info

Clicking the Edit Site Info button enables you to edit the Site Name, your custom Asset ID for the site, the Asset Owner, Industry, Description of the site, Status (active or inactive), and Phase (pre-production, production, discontinued, or none). Make your desired changes and click Save Changes.

Edit Schedule/Time Zone

Clicking the Edit Schedule/Time Zone button enables you set or change the scan schedule and the time zone. Refer to Scheduling a Scan for more information.

Credentials

Clicking on Credentials displays your current credentials and enables you to add, edit, or disable credentials as needed. For more information, refer to Entering or Editing Credentials.

Settings

Clicking on Settings displays your site settings (priority and scan speed.) To edit these settings, click Edit Site Settings. For more information, refer to Asset Details - Application Overview Tab

Video Tutorial - Onboarding a Site (DAST) Asset

When adding a site, the option to use the appliance’s DNS configuration to resolve the primary hostname, has not yet been added to the video tutorial.