Configure the Fortify SSC Source Adapter:
The following should be done under the account svc-saltminer (using sudo su as shown below):
$ sudo su svc-saltminer
Edit the SSC configuration file and set the fields shown below:
$ nano /etc/saltworks/saltminer-2.5.0/Sources/Ssc1.json
SSC Configuration Example Field Values:
“BaseUrl”: “https://ssc.saltminer.io/ssc”
“Username”: “MyUserName”
“Password”: “someGoodPassword!”
“FilterSetID”: “a243b195-0a59-3f8b-1403-d55b7a7d78e6”
- The FiltersetId can be determined by looking at the URL when accessing any application in SSC. For example:
- https://ssc.saltminer.io/ssc/html/ssc/version/10046/fix/d0/s0?filterSet=babb745a-375a-32fd-adfc-b9d14feef22d
Further details on all SSC Source Adapter settings can be found here.
Test the Adapter Connections:
Once configured for Fortify SSC and/or FOD, run RunTestConnections.py from /usr/share/saltworks/saltminer-2.5.0. Be sure to change to the svc-saltminer user and export the environment variable for the configuration directory.
$ sudo su svc-saltminer $ export 'SALTMINER_2_CONFIG_PATH=/etc/saltworks/saltminer-2.5.0' $ cd /usr/share/saltworks/saltminer-2.5.0 $ python3 ./RunTestConnections.pyShould get the following result:
****************************
** Results:
** Elasticsearch: OK
** SSC: OK
** FOD: ???
****************************
Run the Source Adapters and the SaltMiner Manager:
To manually run the script to ingest all data from SSC, change to the below directory and run agentcron25.sh followed by managercron25.sh :
$ python3 RunDevToolsUtility.py install_script.dev_tools
$ cd /usr/share/saltworks/saltminer-3.0.0/
$ ./agentcron25.sh
$ ./managercron.sh
$ ./managercron.sh snapshot
- If there is SSC History it can be created by running the following:
$ cd /usr/share/saltworks/saltminer-2.5.0
$ python3 ./RunUtilSscSnapshotHistory.pyThe following files are found in /etc/saltworks/saltminer-2.5.0 Only the key settings are shown below with their default settings which should be changed to match the installation.
Elastic.json Configures the connection to ElasticSearch
“Host”: “localhost”,
“Password”: “”,
“Scheme”: “http”,
“Port”: “9200”,
“Username”: “elastic”,
“SslVerify”: “False”,
“RequestTimeout”: 30,
“BulkRequestTimeout”: 120,
“DefaultScrollSize”: 1000,
“RetryDelaySecs”: 90,
“MappingsPath”: “Mappings/”, Path to .json mapping file
“TemplateMappingsPath”: “Template/Mappings/”, Path to .json template mapping file
“QueryTemplates”: { }
Logging.json Sets the level of logging in the SaltMiner 2.5 module.
“LogLevel”: “INFO”, Can be set to INFO, WARN, DEBUG, or ERROR
“Folder”: “/var/log/saltworks/saltminer-2.5.0/”,
“LogFileRemoveAfterDays”: 7, Removes log files after the specified number of days.
Main.json Configuration of attributes for the source adapter. These are modified to match the attributes in SSC which are loaded into SaltMiner. These must also be modified in the mappings file for both SM2.5 and SM3.0.
“Attributes”: {
“Risk Level”: {
“type”: “keyword”
},
“Business Owner”: {
“type”: “keyword”
},
“Business Risk”: {
“type”: “keyword”
},
“Headquarters”: {
“type”: “keyword”
},
“Industry”: {
“type”: “keyword”
}
}
SMv3.json Configures the connection to SaltMiner 3 module.
“ApiUrl”: “http://localhost:5000”,
“ApiKey”: “e$Fernet$gAAAAABjK5COv…”,
Sources/Ssc1.json Configures the connection to SSC . FiltersetId is set to the default filterset which can be found in the SSC URL when accessing an application.
“Source”: “SSC”,
“SourceName”: “SSC1”,
“BaseUrl”: “https://ssc.saltworks.io/ssc”,
“Username”: “”,
“Password”: “”,
“FiltersetId”: “babb745a-375a-32fd-adfc-b9d14feef22d”,
“SslVerify”: “False”,
“IssueBatchSize”: 500,
“ElasticBatchSize”: 500,
“IssueDetailsBatchSize”: 100,
“IssueDetailsUseBulkApi”: true,
“IssueCustomTagsToCustomAttributes”: true,
“EnableSyncTagCounts”: false,
“AttributesEnrichmentPolicy”: “sidecar_ssc_attributes-policy”,
“EnableHistoryImportToV3”: false,
“ImportPurgedScans”: true,
“AssessmentTypeMap”: {
“SCA”: “Static”,
“WHITESOURCE”: “OpenSource”,
“SONATYPE”: “OpenSource”,
“BLACKDUCK”: “OpenSource”,
“WEBINSPECT”: “Dynamic”,
“MOBILE”: “Mobile”,
“PENTEST”: “PenTest”
}
SscAuth.json Allows SaltMiner to integrate users and authentication from SSC.