Set up the SecurityScorecard connector
The Universal Connector ingests finding and asset data into VRM by pulling data from a source tool that is currently unavailable in Veracode Risk Manager (VRM) and mapping it to the required VRM fields.
This guide provides information on how the Universal Connector for SecurityScorecard maps and ingests data into VRM.
Complete the following tasks to set up and use your VRM connector for ServiceNow.
Add your SecurityScorecard connector
Follow the below steps to set up the SecurityScorecard Connector.
Prerequisites
- Have the Admin role in VRM
- Have an active SecurityScorecard API token
- Know your company domain name used in Security Scorecard
To complete this task:
-
In VRM, from the left navigation menu, select the Settings icon
, and then select Add Connector. -
Select SecurityScorecard. A stripe in the top-right corner of the tile indicates that it is supported by the Universal Connector.
-
On the connector page, enter a name for the connector.
-
Enter your SecurityScorecard base API URL. By default, it is
https://api.securityscorecard.io. -
Enter your SecurityScorecard API token.
-
Enter your company's domain name used in SecurityScorecard.
-
Select Add Connector.
-
Select your connector from the Connectors table.
-
On the Connection Details screen in VRM, select Actions > Launch Discovery Scan to initiate data ingestion.
To view the progress of the data ingestion, on the Connection Details screen, select Actions > Integration Stats.
If you experience issues launching the scan, reach out to your Veracode customer success representative.
Data ingestion
This section provides context and details on how VRM maps the findings and assets it ingests from SecurityScorecard.
Findings
In SecurityScorecard, for a given company, there are many issue types and issues categorized by factor, a scoring group that analyzes a certain area of risk. For an issue, there can be any number of findings. For example, the DMARC Record Missing issue may have six findings.
The connector ingests all active findings for all issue types, as the SecurityScorecard API has data for only active findings. Each finding generates an issue in VRM.
When VRM ingests the findings, they have a Finding Type of Compliance Findings or Vulnerability Findings. They are considered Vulnerability Findings if they involve a CVE and are in the Patching Cadence or Application Security factor.
There are generally three asset types in SecurityScorecard that get tied to findings: domain, IP address, and URL.
Assets
SecurityScorecard typically associates three asset types with findings: domain, IP address, and URL. VRM fetches data for domains and IP addresses from two API calls that provide a digital footprint report.
However, you cannot fetch URL data via API. To ingest them into VRM, the asset data is generated off findings that are tied to the URL.
Data validation
Once the SecurityScorecard data is ingested, you can find the findings, the issues generated off findings, and assets through VRM filters either in the UI or API. This section shows how to filter for the data in the UI.
Findings
To view only the findings ingested by the SecurityScorecard connector:
- In VRM, select the Findings icon
. - Select the Finding Source filter.
- Select UniversalConnector SecurityScorecard.
Issues
To view only the issues ingested by the SecurityScorecard connector:
- In VRM, select the Issues icon
. - Select the Issue Source filter.
- Select UniversalConnector SecurityScorecard.
Assets
To view only the asset data ingested by the SecurityScorecard connector:
- In VRM, select the Assets icon
. - Select the Asset Type filter.
- Select one or more of the following types:
- UniversalConnector SecurityScorecard Domain
- UniversalConnector SecurityScorecard IP Address
- UniversalConnector SecurityScorecard URL
