Understanding Orchestron Webhooks

Features, Vulnerability Correlation, Integrations
VISHNU PRASAD | September 26, 2018
webhooks

 


As a Vulnerability Correlation and Management platform, Orchestron uses webhooks as a critical facilitator to consume results from tools sources.

Why Webhooks?

Orchestron integrates with an array of Open Source as well as Commercial SAST, DAST, SCA, CI and Defect tracking tools, from which the scan results are consumed and correlated by Orchestron Console (AVC). But in case, some SAST, SCA and DAST tools do not have a pre-built integration functionality, then the Orchestron Console (AVC) can still consume the scan results by creating a webhook and provide a correlated view of vulnerabilities. In addition to this, Orchestron webhooks allow teams to automate the process of downloading results from scanners and uploading them to Orchestron Console (AVC) by specifying the file path via a CURL Command. This helps reduce the time consumed by the manual process.

Webhooks help in integrating Orchestron with any non-standard scanning tools. A tools that gives out vulnerability reports in the XML or JSON format can be integrated via a webhook, or in case the file format is different, it can be converted to Orchy JSON and can be published to Orchestron via webhooks. Webhooks also help in posting the custom exploit output to Orchestron.

How it works?

A unique webhook is created per application, per tool. For example to allow ZAP scan results of www.example.com to be consumed within Orchestron, a Webhook would be created; another webhook would be created for BURP and so on. Every webhook is identified by its corresponding Webhook ID. The vulnerability results from various such tools can be consumed using a webhook ID within a CURL command or using appropriate REQUEST libraries in Java or Python. Orchestron’s webhook includes usage of JWT authorization tokens to allow secure access and processing of vulnerability information.

Webhooks in Orchestron are compatible with file formats such as XML and JSON. Once the CURL command is invoked, the command takes the JWT authorization token, the name of the scan, and the file path of the tool results (XML/JSON), and publishes the file to Orchestron Console (AVC).

webhooks - screenshot-770410-editedScan results from tools such as ZAP, Burp, Arachni, AppSpider, Checkmarx, Brakeman, Bandit, w3af, Nessus, OWASP Dependency Checker, AppScan - DAST, AppScan - SAST, NodeJsScan, Xanitizer, HP-Fortify, Acunetix and Clair can be uploaded using webhooks

Learn More