Fortinet Document Library

Version:


Table of Contents

1.1.0
Copy Link

About the connector

ThreadFix is an application vulnerability management platform that provides a window into the state of your application security program and helps bridge the communications gap between security and software development teams. ThreadFix vulnerability resolution platform consolidates and prioritizes scan results for faster application vulnerability correlation. Vulnerability data is normalized to an internal data format to identify duplicated static and dynamic scan results. For certain platforms we can also consolidate static and dynamic mapping results based on Hybrid Analysis Mapping (HAM) technology.

This document provides information about the ThreadFix connector, which facilitates automated interactions, with a ThreadFix server using FortiSOAR™ playbooks. Add the ThreadFix connector as a step in FortiSOAR™ playbooks and perform automated operations, related to teams, scans, policies, and vulnerabilities in the ThreadFix system or performing a search in the ThreadFix database based on the search parameters that you have specified.

 

Version information

Connector Version: 1.1.0

Compatibility with FortiSOAR™ Versions: 4.10.2-225 and later

Compatibility with ThreadFix Versions: 2.3.0 to 2.5.1.7

 

Release Notes for version 1.1.0

Following enhancements have been made to the Threadfix Connector in version 1.1.0:

  • Enhanced the API Version configuration parameter from a text field to a drop-down list so that you can now choose the ThreatFix API version you are using.
  • Updated annotation names and operation names for existing operations.
  • Added the following new operations: Create Application, Get Application By ID, Get Application By Name, Create Static Finding, Create Dynamic Finding, and Get All Tags.
  • Added the following new playbooks: TF: Create Application, TF: Get Application By ID, TF: Get Application By Name, TF: Create Static Finding, TF: Create Dynamic Finding, and TF: Get All Tags.

 

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

  • You must have the URL of the ThreadFix server to which you will connect and perform the automated operations.
  • You must have the API Key used to access the ThreadFix REST API.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, select the ThreadFix connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL IP address or Hostname of the ThreadFix server to which you will connect and perform automated operations.
If you not specify either the http or https protocol in this field, then by default the https protocol is used.
Port Port number used to connect to the ThreadFix server.
API Key API key that is provided to you by the ThreadFix administrator to access the ThreadFix REST API.
API Version Select the version of the ThreadFix API from the drop-down list. The API version allow us to adjust the parameters and responses of REST calls.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Create Team Creates a team with the name that you have specified on the ThreadFix server. create_team
Investigation
Get All Teams Retrieves a list and details of all the teams from the ThreadFix server. search_team
Investigation
Get Team Details Retrieves details of a team from the ThreadFix server, based on the team ID or team name you have specified. search_team
Investigation
Get Scan Details Retrieves details of a scan from the ThreadFix server, based on the scan ID you have specified. search_scans
Investigation
Check Pending Scan Status Retrieves the status and other details of a scan that is queued from the ThreadFix server, based on the application ID and the pending scan ID you have specified. get_scan_status
Investigation
Get Scan List Retrieves a list of all scans associated with an application from the ThreadFix server, based on the application ID you have specified. search_scans
Investigation
Get Policy Details Retrieves details of the policy from the ThreadFix server, based on the policy ID you have specified. search_policy
Investigation
Get All Policies Retrieves a list and details of all policies from the ThreadFix server. search_policy
Investigation
Get Application Policy Status Retrieves the status for the policies associated with a particular application from the ThreadFix server, based on the application ID you have specified. get_policy_status
Investigation
Add Application To Policy Adds an application to a policy on the Threadfix server, based on the the application ID and the policy ID you have specified. update_policy
Investigation
Get Severity List Retrieves a list of severity levels in ThreadFix along with their custom names. list_severities
Investigation
Search Vulnerabilities Returns a filtered list of vulnerabilities from the ThreadFix server, based on the parameters you have specified. search_vulnerability
Investigation
Add Comment To Vulnerability Adds a comment to a vulnerability on the ThreadFix server, based on the vulnerability ID you have specified. add_comment
Investigation
Update Vulnerability Severity Changes the severity of the vulnerability on the ThreadFix server, based on the vulnerability ID and the severity you have specified. update_vulnerability
Investigation
Close Vulnerabilities Closes vulnerabilities on the ThreadFix server, based on the vulnerability IDs you have specified. close_vulnerability
Investigation
Create Application Creates an application on the ThreadFix server, based on the parameters you have specified. create_application
Investigation
Get Application By ID Retrieves details of an application from the ThreadFix server, based on the application ID you have specified. search_application
Investigation
Get Application By Name Retrieves details of an application from the ThreadFix server, based on the application name and team name you have specified. search_application
Investigation
Create Static Finding Creates a static finding on the ThreadFix server, based on the parameters you have specified. add_vulnerability
Investigation
Create Dynamic Finding Creates a dynamic finding on the ThreadFix server, based on the parameters you have specified. add_vulnerability
Investigation
Get All Tags Retrieves a list and details of all Vulnerability Tags, Application Tags, and Vulnerability Comment Tags from the ThreadFix server. search_tags
Investigation

 

operation: Create Team

Input parameters

 

Parameter Description
Team Name Name of the team that you want to create on the ThreadFix server.

 

Output

The JSON output retrieves team details, such as name, total vulnerability count, low vulnerability count, medium vulnerability count, high vulnerability count, and applications, of the newly created team on the ThreadFix server.

Following image displays a sample output:

 

Sample output of the Create Team operation

 

operation: Get All Teams

Input parameters

None.

Output

The JSON output retrieves a list of teams along with their details, such as name, total vulnerability count, low vulnerability count, medium vulnerability count, high vulnerability count, and applications, from the ThreadFix server.

Following image displays a sample output:

 

Sample output of the Get All Teams operation

 

operation: Get Team Details

Input parameters

 

Parameter Description
Team By Parameter associated with the team based on which you want to retrieve details from the ThreatFix server. Choose between Team Name or Team ID.
Value Value of the parameter you have selected.
For example, if you select Team ID, then enter the ID of the team whose details you want to retrieve from the ThreatFix server.

 

Output

The JSON output retrieves details, such as name, total vulnerability count, low vulnerability count, medium vulnerability count, high vulnerability count, and applications of the team from the ThreadFix server, based on the team details you have specified.

Following image displays a sample output:

 

Sample output of the Get Team Details operation

 

operation: Get Scan Details

Input parameters

 

Parameter Description
Scan ID ID of the scan whose details you want to retrieve from the ThreadFix server.

 

Output

The JSON output retrieves details, such as total vulnerability count, low vulnerability count, medium vulnerability count, and high vulnerability count of the scan from the ThreadFix server, based on the scan ID you have specified.

Following image displays a sample output:

 

Sample output of the Get Scan Details operation

 

operation: Check Pending Scan Status

Input parameters

 

Parameter Description
Application ID ID of the application from which you want to retrieve the status of a queued scan from the ThreadFix server.
Pending Scan ID ID of the scan that is queued whose details you want to retrieve from the ThreadFix server.

 

Output

The JSON output retrieves details of the pending scan, such as status, ID, and type from the ThreadFix server, based on the application ID and pending scan ID you have specified.

Following image displays a sample output:

 

Sample output of the Check Pending Scan Status operation

 

operation: Get Scan List

Input parameters

 

Parameter Description
Application ID ID of the application for which you want to retrieve the list of scans from the ThreadFix server.

 

Output

The JSON output retrieves a list of scans along with their details with details, such as scan ID, scanner name, import time, and updated time of the application from the ThreadFix server, based on the application ID you have specified.

Following image displays a sample output:

 

Sample output of the Get Scan List operation

 

operation: Get Policy Details

Input parameters

 

Parameter Description
Policy ID ID of the policy whose details you want to retrieve from the ThreadFix server.

 

Output

The JSON output retrieves details, such as name, ID, status, applications, and email list of the policy from the ThreadFix server, based on the application ID you have specified.

Following image displays a sample output:

 

Sample output of the Get Policy Details operation

 

operation: Get All Policies

Input parameters

None.

Output

The JSON output retrieves a list of policies along with their details, such as name, ID, status, applications, and email list from the ThreadFix server.

Following image displays a sample output:

 

Sample output of the Get All Policies operation

 

operation: Get Application Policy Status

Input parameters

 

Parameter Description
Application ID ID of the application for which you want to retrieve the list of policies from the ThreadFix server.

 

Output

The JSON output retrieves a list of applications on which policies are applied from the ThreadFix server. The output also contains the details of each application such as application name and ID, and policy name and ID.

Following image displays a sample output:

 

Sample output of the Get Application Policy Status operation

 

operation: Add Application To Policy

Input parameters

 

Parameter Description
Application ID ID of the application to which the policy needs to be added on the ThreadFix server.
Policy ID ID of the policy that requires to be added on the ThreadFix server.

 

Output

The JSON output retrieves the policy details of the policy that has been added to the specified application from the ThreadFix server. The policy details contain the application ID and the policy ID.

Following image displays a sample output:

 

Sample output of the Add Application To Policy operation

 

operation: Get Severity List

Input parameters

None.

Output

The JSON output retrieves a list of all severities from the ThreadFix server.

Following image displays a sample output:

 

Sample output of the Get Severity List operation

 

operation: Search Vulnerabilities

Input parameters

 

Parameter Description
Vulnerability IDs (In CSV or List Format) Serialized list containing vulnerability IDs on which you want to search for vulnerabilities.
For example: 201, 324, 432
Team IDs (In CSV or List Format) Serialized list containing team IDs on which you want to search for vulnerabilities.
For example: 1, 3, 5
Application IDs (In CSV or List Format) Serialized list containing application IDs for which you want to search for vulnerabilities.
For example: 2, 4, 6
Scanner Names Serialized list containing scanner names for which you want to search for vulnerabilities.
For example: WebInspect, SSVL
Severity Severity values for which you want to search for vulnerabilities. You can select multiple severities from the Severity list.
Choose from the following severity values: Critical, High, Medium, Low, and Info.
Filter String From Path Filter to return only those vulnerabilities that contain this string in their path.
Filter String From Parameter Filter to return only those vulnerabilities that contain this string in their parameter.
Start Date Lower bound on scan dates.
End Date Upper bound on scan dates.
Number of Vulnerabilities Merged from Scan Maximum number of vulnerabilities merged from different scans that the search result can contain.
Number of Vulnerabilities Per Page Maximum number of vulnerabilities that the search result can contain per page.
By default, up to 10 vulnerabilities are returned.
Page Number Returns a different page of vulnerabilities, with each page of vulnerabilities containing {numberVulnerabilities} vulnerabilities.
Show Open Click Show Open to include open vulnerabilities in the search result.
Show Closed Click Show Closed to include closed vulnerabilities in the search result.
Show Defect Present Click Show Defect Present to include vulnerabilities with defects in the search result.
Show Defect Not Present Click Show Defect Not Present to include vulnerabilities without defects in the search result.
Show False Positive Click False Positive to include false positive vulnerabilities in the search result.
Show Hidden Click Show Hidden to include hidden vulnerabilities in the search result.
Show Inconsistent Closed Defect Needs Scan Click Show Inconsistent Closed Defect Needs Scan to include vulnerabilities that have closed defects but have not yet been closed by a scan, in the search result.
Show Inconsistent Closed Defect Open In Scan Click Show Inconsistent Closed Defect Open In Scan to include vulnerabilities that have closed defects but were found open in a scan since the defect was closed, in the search result.
Show Inconsistent Open Defect Click Show Inconsistent Open Defect to include vulnerabilities that have open defects but have been closed by scans, in the search result.
Include Custom Text Click Include Custom Text to include Custom CWE text in the response for each vulnerability.

 

Note: None of the above parameters are mandatory. However, if you do not provide any parameter then this operation will return unfiltered results, i.e. it will search for all vulnerabilities from the ThreatFix server. Therefore, you must specify at least one parameter as a search parameter.

Output

The JSON output contains a filtered list of vulnerabilities along with details, such as id, findings, teams, channel name, and generic severity for each vulnerability from the ThreadFix server, based on the parameters you have specified.

Following image displays a sample output:

 

Sample output of the Search Vulnerabilities operation

 

operation: Add Comment To Vulnerability

Input parameters

 

Parameter Description
Vulnerability ID ID of the vulnerability to which you want to add a comment on the ThreadFix server.
Comment Message of the comment.
Comment Tag ID (In CSV or List Format) (Optional) Serialized list containing IDs for any comment tags you want to attach to the comment.

 

Output

The JSON output returns a Success message if the comment is added successfully to the specified vulnerability on the ThreatFix server, or an Error message containing the reason for failure.

Following image displays a sample output:

 

Sample output of the Add Comment To Vulnerability operation

 

operation: Update Vulnerability Severity

Input parameters

 

Parameter Description
Vulnerability ID ID of the vulnerability whose severity you want to update on the ThreadFix server.
Severity Severity type to which the vulnerability you have specified requires to be updated on the ThreadFix server.

 

Output

The JSON output retrieves the details of the updated vulnerability, such as channel name, findings, open time, and generic severity from the ThreadFix server, based on the vulnerability ID and severity you have specified.

Following image displays a sample output:

 

Sample output of the Update Vulnerability Severity operation

 

operation: Close Vulnerabilities

Input parameters

 

Parameter Description
Vulnerability IDs (In CSV or List Format) IDs of the vulnerabilities that you want to close on the ThreadFix server. To close a number of vulnerabilities at the same time, enter the IDs of the vulnerabilities in the list or csv format.

 

Output

The JSON output retrieves the IDs of the closed vulnerabilities from the ThreadFix server, based on the vulnerability IDs you have specified.

Following image displays a sample output:

 

Sample output of the Close Vulnerabilities operation

 

operation: Create Application

Input parameters

 

Parameter Description
Team ID ID of the team in which you want to create the application on the ThreadFix server.
Application Name Name of the application that you want to create on the ThreadFix server.
Application URL (Optional) URL location of the application that you want to create on the ThreadFix server.

 

Output

The JSON output retrieves application details, such as url, name, id, application criticality, of the newly created application on the ThreadFix server.

Following image displays a sample output:

 

Sample output of the Create Application operation

 

operation: Get Application By ID

Input parameters

 

Parameter Description
Application ID ID of the application for which you want to retrieve details from the ThreadFix server.

 

Output

The JSON output retrieves details, such as url, name, id, scans, and total vulnerability count from the ThreadFix server, based on the application ID you have specified.

Following image displays a sample output:

 

Sample output of the Get Application By ID operation

 

operation: Get Application By Name

Input parameters

 

Parameter Description
Team Name Name of the team from which you want to retrieve application details from the ThreadFix server.
Application Name Name of the application for which you want to retrieve details from the ThreadFix server.

 

Output

The JSON output retrieves details, such as url, name, id, scans, and total vulnerability count from the ThreadFix server, based on the team name and application name you have specified.

Following image displays a sample output:

 

Sample output of the Get Application By Name operation

 

operation: Create Static Finding

Input parameters

 

Parameter Description
Application ID ID of the application in which you want to add the static finding on the ThreadFix server.
Vulnerability Type Name of the CWE vulnerability that you want to add on the ThreadFix server.
Description Short description of the vulnerability that you want to add on the ThreadFix server.
Severity Severity of the vulnerability that you want to add on the ThreadFix server.
Choose from the following severity values: Critical, High, Medium, Low, or Info.
Parameter (Optional) Request parameter for the vulnerability that you want to add on the ThreadFix server.
Source File (Optional) Location of the source file for the vulnerability that you want to add on the ThreadFix server.
Vulnerability ID (Optional) ID of the vulnerability that you want to add on the ThreadFix server.
Column (Optional) Column number that is used for finding the vulnerability source on the ThreadFix server.
Line Text (Optional) Line text that is used for finding the vulnerability source on the ThreadFix server.
Line Number (Optional) Line number that is used for finding the vulnerability source on the ThreadFix server.

 

Output

The JSON output retrieves details, such as attack response, id, attack string, vulnerability type, and long description, of the newly created static finding on the ThreadFix server, based on the parameters you have specified.

Following image displays a sample output:

 

Sample output of the Create Static Finding operation

 

operation: Create Dynamic Finding

Input parameters

 

Parameter Description
Application ID ID of the application in which you want to add the dynamic finding on the ThreadFix server.
Vulnerability Type Name of the CWE vulnerability that you want to add on the ThreadFix server.
Description Short description of the vulnerability that you want to add on the ThreadFix server.
Severity Severity of the vulnerability that you want to add on the ThreadFix server.
Choose from the following severity values: Critical, High, Medium, Low, or Info.
Parameter (Optional) Request parameter for the vulnerability that you want to add on the ThreadFix server.
Vulnerability ID (Optional) ID of the vulnerability that you want to add on the ThreadFix server.
Full URL (Optional) Absolute URL to the page with the vulnerability.
Path to Page (Optional) Relative path to the page with the vulnerability.

 

Output

The JSON output retrieves details, such as attack response, id, attack string, vulnerability type, and long description, of the newly created dynamic finding on the ThreadFix server, based on the parameters you have specified.

Following image displays a sample output:

 

Sample output of the Create Dynamic Finding operation

 

operation: Get All Tags

Input parameters

None.

Output

The JSON output retrieves a list of Vulnerability Tags, Application Tags, and Vulnerability Comment Tags, along with their details from the ThreadFix server.

Following image displays a sample output:

 

Sample output of the Get All Tags operation

 

Included playbooks

The Sample-ThreadFix- 1.1.0 playbook collection comes bundled with the ThreadFix connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the ThreadFix connector.

  • TF: Add Application to Policy
  • TF: Add Comment to Vulnerability
  • TF: Check Pending Scan Status
  • TF: Close Vulnerabilities
  • TF: Create Application
  • TF: Create Dynamic Finding
  • TF: Create Static Finding
  • TF: Create Team
  • TF: Get All Policies
  • TF: Get All Tags
  • TF: Get All Teams
  • TF: Get Application By ID
  • TF: Get Application By Name
  • TF: Get Application Policy Status
  • TF: Get Policy Details
  • TF: Get Scan Details
  • TF: Get Scan List
  • TF: Get Severity List
  • TF: Get Team Details
  • TF: Update Vulnerability Severity
  • TF: Vulnerability Search

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

ThreadFix is an application vulnerability management platform that provides a window into the state of your application security program and helps bridge the communications gap between security and software development teams. ThreadFix vulnerability resolution platform consolidates and prioritizes scan results for faster application vulnerability correlation. Vulnerability data is normalized to an internal data format to identify duplicated static and dynamic scan results. For certain platforms we can also consolidate static and dynamic mapping results based on Hybrid Analysis Mapping (HAM) technology.

This document provides information about the ThreadFix connector, which facilitates automated interactions, with a ThreadFix server using FortiSOAR™ playbooks. Add the ThreadFix connector as a step in FortiSOAR™ playbooks and perform automated operations, related to teams, scans, policies, and vulnerabilities in the ThreadFix system or performing a search in the ThreadFix database based on the search parameters that you have specified.

 

Version information

Connector Version: 1.1.0

Compatibility with FortiSOAR™ Versions: 4.10.2-225 and later

Compatibility with ThreadFix Versions: 2.3.0 to 2.5.1.7

 

Release Notes for version 1.1.0

Following enhancements have been made to the Threadfix Connector in version 1.1.0:

 

Installing the connector

For the procedure to install a connector, click here.

 

Prerequisites to configuring the connector

 

Configuring the connector

For the procedure to configure a connector, click here.

 

Configuration parameters

In FortiSOAR™, on the Connectors page, select the ThreadFix connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL IP address or Hostname of the ThreadFix server to which you will connect and perform automated operations.
If you not specify either the http or https protocol in this field, then by default the https protocol is used.
Port Port number used to connect to the ThreadFix server.
API Key API key that is provided to you by the ThreadFix administrator to access the ThreadFix REST API.
API Version Select the version of the ThreadFix API from the drop-down list. The API version allow us to adjust the parameters and responses of REST calls.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

 

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
Create Team Creates a team with the name that you have specified on the ThreadFix server. create_team
Investigation
Get All Teams Retrieves a list and details of all the teams from the ThreadFix server. search_team
Investigation
Get Team Details Retrieves details of a team from the ThreadFix server, based on the team ID or team name you have specified. search_team
Investigation
Get Scan Details Retrieves details of a scan from the ThreadFix server, based on the scan ID you have specified. search_scans
Investigation
Check Pending Scan Status Retrieves the status and other details of a scan that is queued from the ThreadFix server, based on the application ID and the pending scan ID you have specified. get_scan_status
Investigation
Get Scan List Retrieves a list of all scans associated with an application from the ThreadFix server, based on the application ID you have specified. search_scans
Investigation
Get Policy Details Retrieves details of the policy from the ThreadFix server, based on the policy ID you have specified. search_policy
Investigation
Get All Policies Retrieves a list and details of all policies from the ThreadFix server. search_policy
Investigation
Get Application Policy Status Retrieves the status for the policies associated with a particular application from the ThreadFix server, based on the application ID you have specified. get_policy_status
Investigation
Add Application To Policy Adds an application to a policy on the Threadfix server, based on the the application ID and the policy ID you have specified. update_policy
Investigation
Get Severity List Retrieves a list of severity levels in ThreadFix along with their custom names. list_severities
Investigation
Search Vulnerabilities Returns a filtered list of vulnerabilities from the ThreadFix server, based on the parameters you have specified. search_vulnerability
Investigation
Add Comment To Vulnerability Adds a comment to a vulnerability on the ThreadFix server, based on the vulnerability ID you have specified. add_comment
Investigation
Update Vulnerability Severity Changes the severity of the vulnerability on the ThreadFix server, based on the vulnerability ID and the severity you have specified. update_vulnerability
Investigation
Close Vulnerabilities Closes vulnerabilities on the ThreadFix server, based on the vulnerability IDs you have specified. close_vulnerability
Investigation
Create Application Creates an application on the ThreadFix server, based on the parameters you have specified. create_application
Investigation
Get Application By ID Retrieves details of an application from the ThreadFix server, based on the application ID you have specified. search_application
Investigation
Get Application By Name Retrieves details of an application from the ThreadFix server, based on the application name and team name you have specified. search_application
Investigation
Create Static Finding Creates a static finding on the ThreadFix server, based on the parameters you have specified. add_vulnerability
Investigation
Create Dynamic Finding Creates a dynamic finding on the ThreadFix server, based on the parameters you have specified. add_vulnerability
Investigation
Get All Tags Retrieves a list and details of all Vulnerability Tags, Application Tags, and Vulnerability Comment Tags from the ThreadFix server. search_tags
Investigation

 

operation: Create Team

Input parameters

 

Parameter Description
Team Name Name of the team that you want to create on the ThreadFix server.

 

Output

The JSON output retrieves team details, such as name, total vulnerability count, low vulnerability count, medium vulnerability count, high vulnerability count, and applications, of the newly created team on the ThreadFix server.

Following image displays a sample output:

 

Sample output of the Create Team operation

 

operation: Get All Teams

Input parameters

None.

Output

The JSON output retrieves a list of teams along with their details, such as name, total vulnerability count, low vulnerability count, medium vulnerability count, high vulnerability count, and applications, from the ThreadFix server.

Following image displays a sample output:

 

Sample output of the Get All Teams operation

 

operation: Get Team Details

Input parameters

 

Parameter Description
Team By Parameter associated with the team based on which you want to retrieve details from the ThreatFix server. Choose between Team Name or Team ID.
Value Value of the parameter you have selected.
For example, if you select Team ID, then enter the ID of the team whose details you want to retrieve from the ThreatFix server.

 

Output

The JSON output retrieves details, such as name, total vulnerability count, low vulnerability count, medium vulnerability count, high vulnerability count, and applications of the team from the ThreadFix server, based on the team details you have specified.

Following image displays a sample output:

 

Sample output of the Get Team Details operation

 

operation: Get Scan Details

Input parameters

 

Parameter Description
Scan ID ID of the scan whose details you want to retrieve from the ThreadFix server.

 

Output

The JSON output retrieves details, such as total vulnerability count, low vulnerability count, medium vulnerability count, and high vulnerability count of the scan from the ThreadFix server, based on the scan ID you have specified.

Following image displays a sample output:

 

Sample output of the Get Scan Details operation

 

operation: Check Pending Scan Status

Input parameters

 

Parameter Description
Application ID ID of the application from which you want to retrieve the status of a queued scan from the ThreadFix server.
Pending Scan ID ID of the scan that is queued whose details you want to retrieve from the ThreadFix server.

 

Output

The JSON output retrieves details of the pending scan, such as status, ID, and type from the ThreadFix server, based on the application ID and pending scan ID you have specified.

Following image displays a sample output:

 

Sample output of the Check Pending Scan Status operation

 

operation: Get Scan List

Input parameters

 

Parameter Description
Application ID ID of the application for which you want to retrieve the list of scans from the ThreadFix server.

 

Output

The JSON output retrieves a list of scans along with their details with details, such as scan ID, scanner name, import time, and updated time of the application from the ThreadFix server, based on the application ID you have specified.

Following image displays a sample output:

 

Sample output of the Get Scan List operation

 

operation: Get Policy Details

Input parameters

 

Parameter Description
Policy ID ID of the policy whose details you want to retrieve from the ThreadFix server.

 

Output

The JSON output retrieves details, such as name, ID, status, applications, and email list of the policy from the ThreadFix server, based on the application ID you have specified.

Following image displays a sample output:

 

Sample output of the Get Policy Details operation

 

operation: Get All Policies

Input parameters

None.

Output

The JSON output retrieves a list of policies along with their details, such as name, ID, status, applications, and email list from the ThreadFix server.

Following image displays a sample output:

 

Sample output of the Get All Policies operation

 

operation: Get Application Policy Status

Input parameters

 

Parameter Description
Application ID ID of the application for which you want to retrieve the list of policies from the ThreadFix server.

 

Output

The JSON output retrieves a list of applications on which policies are applied from the ThreadFix server. The output also contains the details of each application such as application name and ID, and policy name and ID.

Following image displays a sample output:

 

Sample output of the Get Application Policy Status operation

 

operation: Add Application To Policy

Input parameters

 

Parameter Description
Application ID ID of the application to which the policy needs to be added on the ThreadFix server.
Policy ID ID of the policy that requires to be added on the ThreadFix server.

 

Output

The JSON output retrieves the policy details of the policy that has been added to the specified application from the ThreadFix server. The policy details contain the application ID and the policy ID.

Following image displays a sample output:

 

Sample output of the Add Application To Policy operation

 

operation: Get Severity List

Input parameters

None.

Output

The JSON output retrieves a list of all severities from the ThreadFix server.

Following image displays a sample output:

 

Sample output of the Get Severity List operation

 

operation: Search Vulnerabilities

Input parameters

 

Parameter Description
Vulnerability IDs (In CSV or List Format) Serialized list containing vulnerability IDs on which you want to search for vulnerabilities.
For example: 201, 324, 432
Team IDs (In CSV or List Format) Serialized list containing team IDs on which you want to search for vulnerabilities.
For example: 1, 3, 5
Application IDs (In CSV or List Format) Serialized list containing application IDs for which you want to search for vulnerabilities.
For example: 2, 4, 6
Scanner Names Serialized list containing scanner names for which you want to search for vulnerabilities.
For example: WebInspect, SSVL
Severity Severity values for which you want to search for vulnerabilities. You can select multiple severities from the Severity list.
Choose from the following severity values: Critical, High, Medium, Low, and Info.
Filter String From Path Filter to return only those vulnerabilities that contain this string in their path.
Filter String From Parameter Filter to return only those vulnerabilities that contain this string in their parameter.
Start Date Lower bound on scan dates.
End Date Upper bound on scan dates.
Number of Vulnerabilities Merged from Scan Maximum number of vulnerabilities merged from different scans that the search result can contain.
Number of Vulnerabilities Per Page Maximum number of vulnerabilities that the search result can contain per page.
By default, up to 10 vulnerabilities are returned.
Page Number Returns a different page of vulnerabilities, with each page of vulnerabilities containing {numberVulnerabilities} vulnerabilities.
Show Open Click Show Open to include open vulnerabilities in the search result.
Show Closed Click Show Closed to include closed vulnerabilities in the search result.
Show Defect Present Click Show Defect Present to include vulnerabilities with defects in the search result.
Show Defect Not Present Click Show Defect Not Present to include vulnerabilities without defects in the search result.
Show False Positive Click False Positive to include false positive vulnerabilities in the search result.
Show Hidden Click Show Hidden to include hidden vulnerabilities in the search result.
Show Inconsistent Closed Defect Needs Scan Click Show Inconsistent Closed Defect Needs Scan to include vulnerabilities that have closed defects but have not yet been closed by a scan, in the search result.
Show Inconsistent Closed Defect Open In Scan Click Show Inconsistent Closed Defect Open In Scan to include vulnerabilities that have closed defects but were found open in a scan since the defect was closed, in the search result.
Show Inconsistent Open Defect Click Show Inconsistent Open Defect to include vulnerabilities that have open defects but have been closed by scans, in the search result.
Include Custom Text Click Include Custom Text to include Custom CWE text in the response for each vulnerability.

 

Note: None of the above parameters are mandatory. However, if you do not provide any parameter then this operation will return unfiltered results, i.e. it will search for all vulnerabilities from the ThreatFix server. Therefore, you must specify at least one parameter as a search parameter.

Output

The JSON output contains a filtered list of vulnerabilities along with details, such as id, findings, teams, channel name, and generic severity for each vulnerability from the ThreadFix server, based on the parameters you have specified.

Following image displays a sample output:

 

Sample output of the Search Vulnerabilities operation

 

operation: Add Comment To Vulnerability

Input parameters

 

Parameter Description
Vulnerability ID ID of the vulnerability to which you want to add a comment on the ThreadFix server.
Comment Message of the comment.
Comment Tag ID (In CSV or List Format) (Optional) Serialized list containing IDs for any comment tags you want to attach to the comment.

 

Output

The JSON output returns a Success message if the comment is added successfully to the specified vulnerability on the ThreatFix server, or an Error message containing the reason for failure.

Following image displays a sample output:

 

Sample output of the Add Comment To Vulnerability operation

 

operation: Update Vulnerability Severity

Input parameters

 

Parameter Description
Vulnerability ID ID of the vulnerability whose severity you want to update on the ThreadFix server.
Severity Severity type to which the vulnerability you have specified requires to be updated on the ThreadFix server.

 

Output

The JSON output retrieves the details of the updated vulnerability, such as channel name, findings, open time, and generic severity from the ThreadFix server, based on the vulnerability ID and severity you have specified.

Following image displays a sample output:

 

Sample output of the Update Vulnerability Severity operation

 

operation: Close Vulnerabilities

Input parameters

 

Parameter Description
Vulnerability IDs (In CSV or List Format) IDs of the vulnerabilities that you want to close on the ThreadFix server. To close a number of vulnerabilities at the same time, enter the IDs of the vulnerabilities in the list or csv format.

 

Output

The JSON output retrieves the IDs of the closed vulnerabilities from the ThreadFix server, based on the vulnerability IDs you have specified.

Following image displays a sample output:

 

Sample output of the Close Vulnerabilities operation

 

operation: Create Application

Input parameters

 

Parameter Description
Team ID ID of the team in which you want to create the application on the ThreadFix server.
Application Name Name of the application that you want to create on the ThreadFix server.
Application URL (Optional) URL location of the application that you want to create on the ThreadFix server.

 

Output

The JSON output retrieves application details, such as url, name, id, application criticality, of the newly created application on the ThreadFix server.

Following image displays a sample output:

 

Sample output of the Create Application operation

 

operation: Get Application By ID

Input parameters

 

Parameter Description
Application ID ID of the application for which you want to retrieve details from the ThreadFix server.

 

Output

The JSON output retrieves details, such as url, name, id, scans, and total vulnerability count from the ThreadFix server, based on the application ID you have specified.

Following image displays a sample output:

 

Sample output of the Get Application By ID operation

 

operation: Get Application By Name

Input parameters

 

Parameter Description
Team Name Name of the team from which you want to retrieve application details from the ThreadFix server.
Application Name Name of the application for which you want to retrieve details from the ThreadFix server.

 

Output

The JSON output retrieves details, such as url, name, id, scans, and total vulnerability count from the ThreadFix server, based on the team name and application name you have specified.

Following image displays a sample output:

 

Sample output of the Get Application By Name operation

 

operation: Create Static Finding

Input parameters

 

Parameter Description
Application ID ID of the application in which you want to add the static finding on the ThreadFix server.
Vulnerability Type Name of the CWE vulnerability that you want to add on the ThreadFix server.
Description Short description of the vulnerability that you want to add on the ThreadFix server.
Severity Severity of the vulnerability that you want to add on the ThreadFix server.
Choose from the following severity values: Critical, High, Medium, Low, or Info.
Parameter (Optional) Request parameter for the vulnerability that you want to add on the ThreadFix server.
Source File (Optional) Location of the source file for the vulnerability that you want to add on the ThreadFix server.
Vulnerability ID (Optional) ID of the vulnerability that you want to add on the ThreadFix server.
Column (Optional) Column number that is used for finding the vulnerability source on the ThreadFix server.
Line Text (Optional) Line text that is used for finding the vulnerability source on the ThreadFix server.
Line Number (Optional) Line number that is used for finding the vulnerability source on the ThreadFix server.

 

Output

The JSON output retrieves details, such as attack response, id, attack string, vulnerability type, and long description, of the newly created static finding on the ThreadFix server, based on the parameters you have specified.

Following image displays a sample output:

 

Sample output of the Create Static Finding operation

 

operation: Create Dynamic Finding

Input parameters

 

Parameter Description
Application ID ID of the application in which you want to add the dynamic finding on the ThreadFix server.
Vulnerability Type Name of the CWE vulnerability that you want to add on the ThreadFix server.
Description Short description of the vulnerability that you want to add on the ThreadFix server.
Severity Severity of the vulnerability that you want to add on the ThreadFix server.
Choose from the following severity values: Critical, High, Medium, Low, or Info.
Parameter (Optional) Request parameter for the vulnerability that you want to add on the ThreadFix server.
Vulnerability ID (Optional) ID of the vulnerability that you want to add on the ThreadFix server.
Full URL (Optional) Absolute URL to the page with the vulnerability.
Path to Page (Optional) Relative path to the page with the vulnerability.

 

Output

The JSON output retrieves details, such as attack response, id, attack string, vulnerability type, and long description, of the newly created dynamic finding on the ThreadFix server, based on the parameters you have specified.

Following image displays a sample output:

 

Sample output of the Create Dynamic Finding operation

 

operation: Get All Tags

Input parameters

None.

Output

The JSON output retrieves a list of Vulnerability Tags, Application Tags, and Vulnerability Comment Tags, along with their details from the ThreadFix server.

Following image displays a sample output:

 

Sample output of the Get All Tags operation

 

Included playbooks

The Sample-ThreadFix- 1.1.0 playbook collection comes bundled with the ThreadFix connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the ThreadFix connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.