Fortinet black logo

Handbook

Scan Integration

Scan Integration

FortiADC generates a WAF profile based on the results of the scan report. For example, if the scan report detects an SQL injection vulnerability, a WAF profile containing SQL/XSS Injection Detection settings will be generated and attached to the VIP to protect servers behind VS.

The Automatic Policy contains the automatically generated WAF profile and specify the actions to be taken on the attacks. It is displayed on Scan Integration page.

You can also manually generate an Automatic Policy by importing a scan report . FortiADC supports scan reports from the following products:

  • Acunetix
  • IBM AppScan Standard
  • WhiteHat
  • HP WebInspect
  • Qualys
  • Telefonica FAAST
  • ImmuniWeb
  • FortiWeb
  • FortiADC
To import a scan report:
  1. Go to Web Application Firewall > Web Vulnerability Scanner > Scan Integration.
  2. Click Scanner File Import.
  3. Configure the following settings.
    Scanner Type Select the type of scanner report you want to import.
    • Acunetix
    • IBM AppScan Standard
    • WhiteHat
    • HP WebInspect
    • Qualys
    • Telefonica FAAST
    • ImmuniWeb
    • FortiWeb Scanner
    • FortiADC Scanner
    Some types of reports have specific requirements. For details, see WhiteHat Sentinel scanner report requirements, Telefónica FAAST scanner report requirements, and HP WebInspect scanner report requirements.
    Upload File Upload the scanner report file.
    Generate Policies Automatically

    This is by default enabled.

    If disabled, FortiADC will not generate an Automatic Policy the next time it runs Web Vulnerability Scan.

    Merge the Report to Existing Profile

    If disabled, FortiADC generates a new WAF profile based on the scan results.

    If enabled, the WAF settings based on the scan results will be merged to an existing WAF profile. If there are conflict settings, the new ones will overwrite the existing ones.

    Profile Name Enter a name for the newly generated WAF profile, and select an existing WAF profile.
    Action - High Select the action that FortiADC will take if High severity attacks are detected.
    Action - Medium Select the action that FortiADC will take if Medium severity attacks are detected.
    Action - Low Select the action that FortiADC will take if Low severity attacks are detected.
  4. Click Save.
WhiteHat Sentinel scanner report requirements

To allow (Undefined variable: FortiWebVariables.FortiWeb) to generate rules using a WhiteHat Sentinel scanner report, ensure that the parameters “display_vulnerabilities” and “display_description” are enabled when you run the scan.

You can upload a WhiteHat Sentinel scanner report using either a report file you have downloaded manually or directly import the file from the WhiteHat portal using the RESTful API. Importing a scanner file from the WhiteHat portal requires the API key and application name that WhiteHat provides.

To retrieve the WhiteHat API key and application name
  1. Go to the following location and log in:
  2. https://source.whitehatsec.com/summary.html#dashboard

  3. In the top right corner, click My Profile.
  4. Click View My API Key and enter your password.
  5. Your API key is displayed. For example:

  6. To view the application name, navigate to the Assets tab. The application name is the NAME value. For example:

Telefónica FAAST scanner report requirements

You can upload a Telefónica FAAST scanner report using either a report file you have downloaded manually or directly import the file from the Telefónica FAAST portal using the RESTful API. Importing a scanner file from the Telefónica FAAST portal requires the API key that Telefónica FAAST provides. One Telefónica FAAST scanner account can apply for an API key.

To apply for a Telefónica FAAST API key
  1. Go to the following location and log in:
  2. https://cybersecurity.telefonica.com/vulnerabilities/es/api_docs

  3. In the session : Authentication page, please select POST > api/session for the method, and fill in the blanks for username and password. Then click Try it out.
  4. The API key will be gave in the Response Body if the username and password are authorized.

HP WebInspect scanner report requirements

To generate rules from HP WebInspect, when you export the report, for the Details option, select either Full or Vulnerabilities.

Scan Integration

FortiADC generates a WAF profile based on the results of the scan report. For example, if the scan report detects an SQL injection vulnerability, a WAF profile containing SQL/XSS Injection Detection settings will be generated and attached to the VIP to protect servers behind VS.

The Automatic Policy contains the automatically generated WAF profile and specify the actions to be taken on the attacks. It is displayed on Scan Integration page.

You can also manually generate an Automatic Policy by importing a scan report . FortiADC supports scan reports from the following products:

  • Acunetix
  • IBM AppScan Standard
  • WhiteHat
  • HP WebInspect
  • Qualys
  • Telefonica FAAST
  • ImmuniWeb
  • FortiWeb
  • FortiADC
To import a scan report:
  1. Go to Web Application Firewall > Web Vulnerability Scanner > Scan Integration.
  2. Click Scanner File Import.
  3. Configure the following settings.
    Scanner Type Select the type of scanner report you want to import.
    • Acunetix
    • IBM AppScan Standard
    • WhiteHat
    • HP WebInspect
    • Qualys
    • Telefonica FAAST
    • ImmuniWeb
    • FortiWeb Scanner
    • FortiADC Scanner
    Some types of reports have specific requirements. For details, see WhiteHat Sentinel scanner report requirements, Telefónica FAAST scanner report requirements, and HP WebInspect scanner report requirements.
    Upload File Upload the scanner report file.
    Generate Policies Automatically

    This is by default enabled.

    If disabled, FortiADC will not generate an Automatic Policy the next time it runs Web Vulnerability Scan.

    Merge the Report to Existing Profile

    If disabled, FortiADC generates a new WAF profile based on the scan results.

    If enabled, the WAF settings based on the scan results will be merged to an existing WAF profile. If there are conflict settings, the new ones will overwrite the existing ones.

    Profile Name Enter a name for the newly generated WAF profile, and select an existing WAF profile.
    Action - High Select the action that FortiADC will take if High severity attacks are detected.
    Action - Medium Select the action that FortiADC will take if Medium severity attacks are detected.
    Action - Low Select the action that FortiADC will take if Low severity attacks are detected.
  4. Click Save.
WhiteHat Sentinel scanner report requirements

To allow (Undefined variable: FortiWebVariables.FortiWeb) to generate rules using a WhiteHat Sentinel scanner report, ensure that the parameters “display_vulnerabilities” and “display_description” are enabled when you run the scan.

You can upload a WhiteHat Sentinel scanner report using either a report file you have downloaded manually or directly import the file from the WhiteHat portal using the RESTful API. Importing a scanner file from the WhiteHat portal requires the API key and application name that WhiteHat provides.

To retrieve the WhiteHat API key and application name
  1. Go to the following location and log in:
  2. https://source.whitehatsec.com/summary.html#dashboard

  3. In the top right corner, click My Profile.
  4. Click View My API Key and enter your password.
  5. Your API key is displayed. For example:

  6. To view the application name, navigate to the Assets tab. The application name is the NAME value. For example:

Telefónica FAAST scanner report requirements

You can upload a Telefónica FAAST scanner report using either a report file you have downloaded manually or directly import the file from the Telefónica FAAST portal using the RESTful API. Importing a scanner file from the Telefónica FAAST portal requires the API key that Telefónica FAAST provides. One Telefónica FAAST scanner account can apply for an API key.

To apply for a Telefónica FAAST API key
  1. Go to the following location and log in:
  2. https://cybersecurity.telefonica.com/vulnerabilities/es/api_docs

  3. In the session : Authentication page, please select POST > api/session for the method, and fill in the blanks for username and password. Then click Try it out.
  4. The API key will be gave in the Response Body if the username and password are authorized.

HP WebInspect scanner report requirements

To generate rules from HP WebInspect, when you export the report, for the Details option, select either Full or Vulnerabilities.