Prancer的动态

Transcript

Hello and welcome to the Rancer Platform. Today we'll take a look at a sample user flow for someone brand new to the platform. We will take a look at things like the Autonomous Wizard, the Pack Wizard, inventory management, findings, and report generation. Let's start with the Autonomous Wizard. It's where most people begin and it's the easiest way to start creating your scans on the platform. We essentially allow you to just connect to your environment and go. In order to get started, select your cloud environment that you would like to scan. You can select any additional domains that you would like to scan and then create a collection name. A collection name and prancer is essentially like folder or a bucket for all the information related to your scan. Later on we can add more details and more scans through this, but when you go through the Autonomous Wizard, setting a collection here allows you to create a folder structure for all of your other assets to live inside of. Now, once you've provided these information, click Next. Because I selected Azure as my cloud environment, the next page here asks me for my connection details to the Azure cloud. For Azure, we have the tenant ID, the service principal ID, and the service principal key. If I had selected Google, I would have been asked for information regarding my service account, and if I had selected AWS I would have been asked for information regarding my IM user account. The next option I have here is to select whether I want to just auto discover or auto discover and emulate attack. It's the autodiscover. Option. The scanner will then go and create an inventory of all of the resources in this cloud environment and then it will run a CPM scan for all the security misconfigurations and so on. And then finally it will create a pack file for all the scanners that we need to run in the second phase of this test, which is the penetration testing part. The PAC file is essentially a manifest file that tells the second round of scanners what discan and how to scan. So when the autodiscover phase it will just go and create these PAC files. But if I had selected autodiscover and emulate attacks then what would have happened is that the PAC files would actually get run and new scanners would get spun up in order to conduct the penetration testing phase. Next I can select Connect to choose exactly where I want my initial scanner to be placed inside of my environment, and then once I've selected the location I can select finish and the platform will then go off and start the auto discovery process. Now let's go to the pack wizard. This is where we can configure individual Penta scans with a little bit more control than what we went through with the autonomous wizard. So first, let's select the target environment where we would like to stage our scanner. Next, we can set the application profile for the scan. So I can set the name for this application test. I can set whether this is a web scan or an API scan. The severity of the application. I would like to test whether I would like my scan to be intrusive or safe. Then I can set the compliance standards so I can select things like HIPAA or Sock 2 compliance, and this tells the scanner to maybe add some additional modules to the scanner, or take off things that aren't necessary and so on and so forth. And then I can set a schedule so I can have this either be a one time scan or continuously monitor this on a set basis. And then the last item here is our scanner instance. So this essentially just determines what happens to the scanner after it's done scanning. So in this instance, I will just keep it at, delete the scanner, and then I can select next. Next I can go and select where I want my scanner to be staged. And here we have a couple options in different ways to do this. I can either to have it in my environment, I can choose which resource group I would like my scanner to be put in. But if let's say there's a resource that's behind a firewall or doesn't have access to the public Internet, then I can also choose the internal scanner option and specify exactly which Bnet. In this instance I want my scanner to be inside of so that there are no issues connecting to the resource that I would like to scan. Next we have the target selection page, and this is a pretty straightforward page. I can just choose to either input a URL location for the application that I'd like to test, or I can browse through all the resources that I have in my environment from the inventory that was created by the autonomous wizard to select which resource I would like to point the scanner at. And the final configuration section we have here is the authentication section. So here I can choose to add any authentication format I would require for my application. So I can select methods like JWT, form based, cookie based, Owatta based and then we have a custom section here for Http://token injections. And then there's also no authentication which is what I will select in this example. Finally, we haven't finished PAC file. And as you can see, these are all the configuration information that we had input in the past several pages. And this pack file is essentially what tells our pentest scanner what it needs to scan and how it needs to do it. So now if I hit submit, the system will then go and spin up the scanner and the location we've provided and start the process of conducting the pen test scan. Now that we've gone through and configured some scanners in both the autonomous and Pack Wizard, let's go and look at the findings that they've provided O We'll first start with the infra finding sections U here. We can see some filters for our findings here at the top, and if I Scroll down a little bit more we can see some overall information about the scan that was done. So there were 33 cloud resources that were scanned, about 200 past scenarios and 59 scenarios or tests that failed. O let's select, for example, this one here. Now, when we go into it, we can see some description, the paths to the resources and some remediation options. And depending on the permissions given to Prancer, there are some items that we can immediately remediate in your life environment. But if not, there are always through mediation steps and remediation code options provided. By our very own siloed instance of Open AI. So I can select the remediation steps option here to see the exact steps you would need in order to fix this cloud vulnerability. And if I had selected mediation code, I would see the code required to fix the vulnerability and make those changes through the Azure API. But if I choose that I don't want or need this finding, I can also always go up to this action section here to exclude either this resource or this test from my findings. Now let's go over to the inventory management page. Here I can see all of the scans that were created in this tenant. We can see the one scan that I created in the pack wizard earlier, and we can also see all the other scans that were created by the autonomous wizard. I can then select the pack configuration on any of these scans to take a look at that pack file that we created earlier. O these are the instructions that the pen test scanner will use when it gets spun up in order to conduct the scan. So if I need to edit this configuration, I can either just directly make the changes in the YAML file or I can go back and select the hamburger menu here and I have options to go back into the pack wizard that we looked at earlier and make the changes there. Or I can also select this miter attack option. To go into the minor attack framework and add specific techniques that I would like my scanner to look for. Let's go and look at the findings from the scanner. I can go and select see latest results and it will take me to the Application Security findings page for this scam. I see some basic filter information about the scan and I can Scroll down to see all of the vulnerabilities that were found in the skin. I can choose to filter them by severity scan type, or I can also choose to go into this miter attack option here to filter the findings based on miter attack techniques. When we go into the vulnerability, there's some ID information. We can Scroll down to see some description and solutions. There are tags associated with the vulnerability as well as some resources about it. We can also see some CVS score calculations to see how Prancer came up with the severity score for this vulnerability. And finally at the bottom here are all the individual instances of this vulnerability. Now when I select an instance, the platform will then show me the request and response information for this specific instance of the vulnerability and if I need to verify it, I can go up here to select the validate option to then get a curl command that I can run separately on my personal machine. Now that we've seen the vulnerability information, if I need to make any changes to any of this, I can select this action option here to go and either assign A tag to this instance, edit the instance, or delete the instance. And if I need to add more instances of this or other vulnerabilities to this scam, I can then go back to the inventory management page, select the hamburger menu for the scan, and then I can either add an individual finding or I can import findings from different tools such as ZAP. Or suite or nuclei and then these findings will also show up in my results. The last item that you would typically need to do is report generation. Let me go back into the Application Security findings page here and then I can select download and I have two options. I can either download a CSV or download pack report. I'll choose Download Pack Report and then select Generate Report and as we can see here a security report for the scan gets generated. Now, if I open the report, I get an HTML file. And because it's an HTML file, if the report needs to have a different letterhead or a different formatting for any company needs, we can easily do that with the report template options. We'll let me Scroll down here and we can see the executive summary, the test scope methodology, and we have the table for our findings. So we see all the different findings here, and then I can Scroll down a little bit more to the individual findings to see their severity, description, impact, remediation. Miter IDs to the findings fall into and the instances of this vulnerability. If I keep scrolling down, I can see more and more of these vulnerabilities. And if I Scroll down all the way to the bottom here, we can see the closing summary of this report. And that's essentially what a pack report looks like. And you can easily send this off to the responsible people for more analysis. And with that, we've now completed a sample user flow for new users to the platform. Hopefully this demo has been helpful in getting you started with the platform and thank you for watching.