Adding a Site Asset
To add a site, navigate to the Asset Management page and perform the following steps:
-
Click Add Asset.
-
From the Add Asset dropdown, select Add Site.
-
Select Internal or External Asset.
-
Click Continue.
-
Click Continue.
-
Type a Primary Hostname/URL in the text field provided.
The Primary Hostname must be provided in a format such as http://site.com. Underscores in URLs and public login domains are not supported by the Sentinel Appliance—see Hostname Requirements (DAST) for more information.
-
Click Test Connectivity. One the following HTTP response codes will be returned:
Response Codes 200
Success
403
Success - Authentication Forbidden
408
Failure - Request Timeout
503
Failure - URL unreachable
-
If the connection is successful a green confirmation banner is displayed on the Add Site page.
-
If the Add Site option is not available, please confirm that the user is a Client Administrator on your primary client account. To do this, go to User Management, search for the user, go to the details page and confirm that the Role under Role Option is set to Client Administrator.
-
If the user is not a Client Administrator, a user with the Client Administrator role can edit the user to grant those permissions.
-
If the Site option appears, but you get an Insufficient privileges for site creation error, contact our support team at support@whitehatsec.com and ask if they can grant you the necessary permissions to allow you to onboard new sites through Sentinel.
-
| For information on how to edit a user’s role in the Continuous Dynamic Portal, please see Administering Groups, Users, and Appliances. |
Asset Details
To add a new site you will be asked to provide basic site information such as site credentials, and a site schedule.
In the Provide Asset Details tab, perform the following steps:
-
Select a Service level from the drop-down.
-
Type the Asset name in the text field provided.
-
Select an Industry that best fits the purpose of your site. This will be used for peer benchmarking purposes when you have received finding results.
-
Optionally, add any additional information to be reviewed by Technical Support (TS) or the Threat Research Center (TRC) teams before the site’s onboarding is finalized. Please note that this information will not be displayed in the Portal, or available through the API.
-
Optionally, add a Custom Asset ID to the site by typing in the text field provided. It’s displayed in reports after the Asset name.
-
Select your Asset priority from the dropdown. See Understanding Asset Priority for more information.
Higher priority assets generally store more sensitive data, have more users, and/or are more important to your organization. The asset priority set will impact the rating displayed for vulnerabilities found on the asset. None represents no adjustment to the final score based on priority. -
Select your desired maximum Scan speed from the dropdown.
-
Optionally, add an Internal description of your site for internal referencing.
-
Add any associated host names. Refer to Adding Associated Hostnames to a Site for more information.
-
Click Next to proceed to the Adding Testing Credentials tab, or click Skip and Create Now to create the asset without testing credentials or a scan schedule
Testing Credentials
In the Add Testing Credentials tab, perform the following steps:
-
Type the Credential label in the text field provided, for your own reference.
-
Type the Username to be used for this credential.
-
Type the Credential password in the text field provided. Click the eye icon to display the password.
-
Type the Login entrance URL in the text field provided.
-
Type the Destination URL in the text field provided.
-
Optionally, add login notes for your site in the text field provided.
-
Click Next to proceed to the Schedule Scan tab or click Skip and Create Now to create the asset without a scan schedule.
If necessary, you can choose to enter credential information at a later time however, unless a site has no login required for access at all, the TRC will not be able to test the site content thoroughly until credentials are available.
Scan Schedule
In the Schedule Scan tab, perform the following steps:
-
Select a Schedule from the drop-down list. Schedules available include:
-
Continuous
-
Nights 8p-6a & Weekends 24hrs
-
Never Scan
-
-
Select a Time Zone from the drop-down list.
The time zone is key information for ensuring that the scan runs according to your preferred schedule. Please choose it carefully. For additional information on setting your schedule, please see Scheduling a Scan. -
Click Create Now. A confirmation message of your site creation will display.
When you return to your Asset Management page, the new site will be listed.
Editing a Site Asset
| Field Name | Description |
|---|---|
Editing a Site |
To edit a site, navigate to the Site Overview page and choose Edit Site Info, Edit Schedule/Time Zone, or click on Credentials or Settings. |
Edit Site Info |
Clicking the Edit Site Info button enables you to edit the Site Name, your custom Asset ID for the site, the Asset Owner, Industry, Description of the site, Status (active or inactive), and Phase (pre-production, production, discontinued, or none). Make your desired changes and click Save Changes. |
Edit Schedule/Time Zone |
Clicking the Edit Schedule/Time Zone button enables you set or change the scan schedule and the time zone. Refer to Scheduling a Scan for more information. |
Credentials |
Clicking on Credentials displays your current credentials and enables you to add, edit, or disable credentials as needed. For more information, refer to Entering or Editing Credentials. |
Settings |
Clicking on Settings displays your site settings (priority and scan speed.) To edit these settings, click Edit Site Settings. For more information, refer to Asset Details - Application Overview Tab |