Adding a Site Asset

To add a site, navigate to the Asset Management page and perform the following steps:

Click Add Asset.
From the Add Asset dropdown, select Add Site.
Select External Asset or Internal Asset, then click Continue.
Click Continue to confirm that a connectivity check will be performed on the site.

Enter the Primary Hostname URL of the Site asset you want to add.

The Primary Hostname URL must be provided in a format such as http://site.com. Underscores in URLs and public login domains are not supported by the Sentinel Appliance—see Hostname Requirements (DAST) for more information.

Click Test Connectivity. One of the following HTTP response codes will be returned:

Response Codes

200

Success

403

Success - Authentication Forbidden

408

Failure - Request Timeout

503

Failure - URL unreachable
If the connection is successful a "Connectivity validated" message is displayed:
- If the Add Site option is not available, please confirm that the user is a Client Administrator on your primary client account. To do this, go to User Management, search for the user, go to the details page and confirm that the Role under Role Option is set to Client Administrator.
- If the user is not a Client Administrator, a user with the Client Administrator role can edit the user to grant those permissions.
- If the Site option appears, but you get an Insufficient privileges for site creation error, contact our support team at support@whitehatsec.com and ask if they can grant you the necessary permissions to allow you to onboard new sites through Continuous Dynamic.

Response Codes
200	Success
403	Success - Authentication Forbidden
408	Failure - Request Timeout
503	Failure - URL unreachable

For information on how to edit a user’s role in the Continuous Dynamic Portal, please see Administering Groups, Users, and Appliances.

Now, complete the three steps in the Add Site wizard. Further details of each step are provided below.

1. Provide Asset Details

To add a new site you need to provide some basic information such as the site credentials to use for scanning and a site schedule.

On the Provide Asset Details tab, perform the following steps:

Select a Service level from the dropdown.
Enter the Asset name in the text field provided.
Select an Industry that best fits the purpose of your site. This will be used for peer benchmarking purposes when you have received finding results.
Optionally, add any additional information to be reviewed by Technical Support (TS) or the Threat Research Center (TRC) teams before the site’s onboarding is finalized. Please note that this information will not be displayed in the Portal, or available through the API.
Optionally, add a Custom Asset ID to the site in the text field provided. This is displayed in reports after the Asset name.

Select your Asset priority from the dropdown. See Understanding Asset Priority for more information.

Higher priority assets generally store more sensitive data, have more users, and/or are more important to your organization. The asset priority set will impact the rating displayed for vulnerabilities found on the asset. None represents no adjustment to the final score based on priority.

Select your desired maximum Scan speed from the dropdown.
Optionally, add an Internal description of your site for internal referencing.
In the Associated Hostnames (Optional) section, add any associated host names for the Site asset. Refer to Adding Associated Hostnames to a Site for more information.
Click Next to proceed to the Add Testing Credentials tab, or click Skip and Create Now to create the asset without testing credentials or a scan schedule.

2. Add Testing Credentials

On the next tab, add testing credentials (also referred to as scanning credentials) for the site Asset.

Perform the following steps:

Enter a Credential label for your own reference.

Leave Username & Password selected as the Authentication Type.

If your testing credentials are stored in a Privileged Access Management (PAM) system, select PAM Integration and then follow the steps in Adding Scanning Credentials. See PAM Authentication Overview for more details about this feature.

Enter the Username to use for this credential.
Enter the Credential password. You can click the eye icon to display the password.
Enter the Login entrance URL.
Enter the Destination URL.
Optionally, add login notes for your site.
If supported by your site, select Enable Time-based One-time Password (TOTP) MFA, and then enter your TOTP secret key. See Setting up Time-based One-time Password (TOTP) MFA for more information.

Click Next to proceed to the Schedule Scan tab or click Skip and Create Now to create the asset without a scan schedule.

If necessary, you can choose to add credential information to the site at a later time; however, unless a site has no login required for access at all, the TRC will not be able to test the site content thoroughly until credentials are available.

3. Schedule Scan

On the Schedule Scan tab, perform the following steps:

Select a Schedule from the dropdown. Schedules available include:
- Continuous
- Nights 8P-6A, and Weekends 24hrs
- Never Scan

Select a Time Zone from the drop-down list.

The time zone is important for ensuring that the scan runs according to your preferred schedule. Please select it carefully. For additional information on setting your schedule, please see Scheduling a Scan.

Click Create Now. A confirmation message of your site creation will display.

Select the Assets tab to return to the Asset Management page and the new site will be listed.

Editing a Site Asset

Field Name	Description
Editing a Site	To edit a site, navigate to the Site Overview page and choose Edit Site Info, Edit Schedule/Time Zone, or click on Credentials or Settings.
Edit Site Info	Clicking the Edit Site Info button enables you to edit the Site Name, your custom Asset ID for the site, the Asset Owner, Industry, Description of the site, Status (active or inactive), and Phase (pre-production, production, discontinued, or none). Make your desired changes and click Save Changes.
Edit Schedule/Time Zone	Clicking the Edit Schedule/Time Zone button enables you set or change the scan schedule and the time zone. Refer to Scheduling a Scan for more information.
Credentials	Clicking on Credentials displays your current credentials and enables you to add, edit, or disable credentials as needed. For more information, refer to Entering or Editing Credentials.
Settings	Clicking on Settings displays your site settings (priority and scan speed.) To edit these settings, click Edit Site Settings. For more information, refer to Asset Details - Application Overview Tab

Field Name

Description

Editing a Site

To edit a site, navigate to the Site Overview page and choose Edit Site Info, Edit Schedule/Time Zone, or click on Credentials or Settings.

Edit Site Info

Clicking the Edit Site Info button enables you to edit the Site Name, your custom Asset ID for the site, the Asset Owner, Industry, Description of the site, Status (active or inactive), and Phase (pre-production, production, discontinued, or none). Make your desired changes and click Save Changes.

Edit Schedule/Time Zone

Clicking the Edit Schedule/Time Zone button enables you set or change the scan schedule and the time zone. Refer to Scheduling a Scan for more information.

Credentials

Clicking on Credentials displays your current credentials and enables you to add, edit, or disable credentials as needed. For more information, refer to Entering or Editing Credentials.

Settings

Clicking on Settings displays your site settings (priority and scan speed.) To edit these settings, click Edit Site Settings. For more information, refer to Asset Details - Application Overview Tab

Video Tutorial - Onboarding a Site (DAST) Asset

When adding a site, the option to use the appliance’s DNS configuration to resolve the primary hostname has not yet been added to the video tutorial.