Adding Associated Hostnames to a Site

You can add up to ten Associated Hostnames to your site by clicking on "Add Hostname" in the "Hostnames" section of the Assets/ Site Details/ Overview tab.

add associated hostname 1
Associated Host Names in both "Approved" and "Pending Approval" status count toward the limit of ten. If you need to add more than ten associated hostnames, please contact us at support@whitehatsec.com.

To add Associated Hostnames, scroll down to the "Hostnames" section and click on the "Add Hostname" link located next to the "Associated Hostname(s)" subheading.

Enter the new Associated Hostname in the Associated Hostname text box and confirm by clicking on "Add Hostname."

add associated hostname 2
Underscores in Associated Hostnames are not supported by the Sentinel Appliance.

You will see a confirmation of your request for the additional hostname. If a Business Logic Assessment is currently in progress, you will be notified of that: new hostnames cannot be added to a Business Logic Assessment that has already begun, but any approved hostnames will be included in future Business Logic Assessments.

ongoing bla ahn notice

If any Business Logic Assessments were completed before the Associated Hostname was added and approved, you will be notified that those completed Business Logic Assessments will not include the new Associated Hostname.

completed bla ahn notification

If you have attempted to add a hostname that has been rejected, the reason for the rejection will be summarized:

rejected ahn screen with reason
  • The Associated Hostname given already exists on another site (is associated with a different asset).

  • The Associated Hostname does not share a session with the base domain: that is, the associated host name cannot be accessed using the session or login state from the base domain. If the session or login state cannot be transferred from the base domain to the Associated Hostname, the Associated Hostname is not considered to be part of the application.

  • The Associated Hostname is not related to the base domain; that is, the logical flow, design or characteristics of the Associated Hostname do not follow those of the base domain.

  • The base domain is inaccessible, and we therefore cannot determine the validity of the Associated Hostname at this time. Once the base domain is accessible, we will proceed with the Associated Hostname validation. You can view any open issues that might be contributing to this issue in the Summary tab under Action Items in the Continuous Dynamic Portal.

(Please see the Action Items Sub-Tab for more details.)

  • The Associated Hostname is inaccessible. We are unable to determine the validity of the Associated Hostname at this time because it is inaccessible. Once you address this issue, we will proceed with the Associated Hostname validation.

  • The credentials on the base domain are invalid. We are unable to determine the validity of the Associated Hostname at this time because the credentials for the base URL are invalid. Once you address this issue, we will proceed with Associated Hostname validation. You can view any open issues that might be contributing to this issue in the Summary tab under Action Items in the Portal.

(Please see the Action Items Sub-Tab for more details.)

Your Sentinel Administrator(s) can also see the rejection reasons for any rejected Associated Hostnames on the Activity Log subtab of the Summary tab.

activity log sub tab ahn rejected activities

If you are uncertain about the root causes of the rejection of any Associated Hostname, please contact us.

Deleting Associated Hostnames

You can click on the "trash can" icon to remove an Associated Host Name from the list unless it is in the "Pending Approval" status. Hostnames pending approval cannot be removed via the Portal interface at this time; please contact Black Duck if you need to remove a hostname in the pending approval status.

If you delete an Associated Hostname that has vulnerabilities associated with it, those vulnerabilities will be listed with a status of "Out of Scope" to reflect the change:

deleting ahn shows out of scope vuln

The Vulnerability Details page for any Out of Scope vulnerability resulting from the removal of an Associated Hostname will also show a status of "Out of Scope," and any related Attack Vectors will be marked as "Invalid." Invalid Attack Vectors are neither open nor closed, and are therefore shown in the "Other Attack Vectors" tab, as shown in the following image:

vuln details page for removed ahn