Synack

Import Synack Vulns

The purpose of this example is to import vulnerabilities from Synack on a time-based schedule.

This example Flow can be downloaded from our Flows GitHub Repository and imported into your AttackForge.

Initial Set Up

• Type: Schedule

• Cron String: Recommend at start of day, every 24-hours (0 9 * * *)

• Secrets:

  • af_auth - your AttackForge API key

  • af_synack_asset_library_key - if assets module is enabled, specify the library where Synack assets will be created. This key can be extracted from the Assets module by navigating to the relevant library.

  • af_synack_project_custom_field_key - custom field key used to determine if an AF project is a Synack project. Used for correlating Synack vulns through Listing Codename -> Project Code.

  • af_synack_project_custom_field_type - custom field type used to determine if an AF project is a Synack project. Must be "multi-select" or "select" depending on your custom field configuration. Used for correlating Synack vulns through Listing Codename -> Project Code.

  • af_synack_project_custom_field_value - custom field value used to determine if an AF project is a Synack project. Used for correlating Synack vulns through Listing Codename -> Project Code.

  • af_synack_writeups_library_key - specify the Writeups library where Synack vulns will be created. This key can be extracted from the Writeups module by navigating to the relevant library.

  • af_tenant - your AF tenant hostname e.g. "demo.attackforge.com"

  • skip_updating_synack_status - set to "yes" to skip updating Synack vulns to "Ticketed" status

  • synack_fetch_changes_from_in_days - the number of days (in the past) to fetch vulnerabilities e.g. set to "1" for fetching new/updated Synack vulns in past 24-hours. Should match your Flow Cron String.

  • synack_tenant - for prod use "api.synack.com". For non-prod - seek guidance from your Synack account manager.

  • synack_token - the API token created in Synack. E.g. "Bearer BLJZ_clib-mzHkBKwauhiQkma...."

  • synack_vuln_acknowledged_status_id - the id for the Synack vuln status for new vulnerabilities. For example, the id for the "Pending Review" status in prod could be "4024". Check this with your Synack account manager.

  • synack_vuln_acknowledged_status_name - the name for the Synack vuln status for new vulnerabilities. E.g. "Pending Review". Check this with your Synack account manager.

  • synack_vuln_identified_status_id - the id for the Synack vuln status for Ticketed vulnerabilities. For example, the id for the "Ticketed" status in prod could be "4025". Check this with your Synack account manager.

Action 1 - Get Synack Vulns

• Method: GET

• URL: https://{{synack-tenant}}/v1/vulnerabilities?filter[status_id][]={{synack_vuln_identified_status_id}}&page[size]=5&page[number]={page}&filter[updated_since]={isoDate}

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = Authorization; Type = Secret; Value = synack_token

• Request Script:

• Response Script:

Action 2 - Get Synack AF Projects

• Method: GET

• URL: https://{{af-tenant}}/api/ss/projects?skip={skip}&limit=50&q={<CUSTOM-QUERY>}

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = X-SSAPI-KEY; Type = Secret; Value = af_auth

• Request Script:

• Response Script:

Action 3 - Get Pending AF Synack Vulns

• Method: GET

• URL: https://{{af-tenant}}/api/ss/vulnerabilities?pendingVulnerabilities=true&skip={skip}&limit=50&q_vulnerability={<CUSTOM-QUERY>}

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = X-SSAPI-KEY; Type = Secret; Value = af_auth

• Request Script:

• Response Script:

Action 4 - Get Visible AF Synack Vulns

• Method: GET

• URL: https://{{af-tenant}}/api/ss/vulnerabilities?skip={skip}&limit=50&q_vulnerability={<CUSTOM-QUERY>}

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = X-SSAPI-KEY; Type = Secret; Value = af_auth

• Request Script:

• Response Script:

Action 5 - Convert Markdown to Rich Text for Update Vulns

• Method: POST

• URL: https://{{af-tenant}}/api/ss/utils/markdown-to-richtext

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = X-SSAPI-KEY; Type = Secret; Value = af_auth

• Request Script:

• Response Script:

Action 6 - Update AF Vulnerabilities

• Method: PUT

• URL: https://{{af-tenant}}/api/ss/vulnerability/{id}

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = X-SSAPI-KEY; Type = Secret; Value = af_auth

• Request Script:

• Response Script:

Action 7 - Convert Markdown to Rich Text for Create Vulns

• Method: POST

• URL: https://{{af-tenant}}/api/ss/utils/markdown-to-richtext

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = X-SSAPI-KEY; Type = Secret; Value = af_auth

• Request Script:

• Response Script:

Action 8 - Create AF Vulnerabilities

• Method: POST

• URL: https://{{af-tenant}}/api/ss/vulnerabilities

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = X-SSAPI-KEY; Type = Secret; Value = af_auth

• Request Script:

• Response Script:

Action 9 - Update Synack Vulns to Ticketed Status

• Method: PUT

• URL: https://{{synack-tenant}}/v1/vulnerabilities/{id}

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = Authorization; Type = Secret; Value = synack_token

• Request Script:

• Response Script:

Action 10 - Update AF Vulns to Ticketed Status

• Method: PUT

• URL: https://{{af-tenant}}/api/ss/vulnerability/{id}

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = X-SSAPI-KEY; Type = Secret; Value = af_auth

• Request Script:

• Response Script:

Update Synack when Vuln is Ready for Retest

The purpose of this example is to update a vulnerability in Synack when a vulnerability is marked as Ready for Retest in AF.

This example Flow can be downloaded from our Flows GitHub Repository and imported into your AttackForge.

Initial Set Up

• Type: Event - vulnerability-updated

• Secrets:

  • af_auth - your AttackForge API key

  • af_tenant - your AF tenant hostname e.g. "demo.attackforge.com"

  • synack_tenant - for prod use "api.synack.com". For non-prod - seek guidance from your Synack account manager.

  • synack_token - the API token created in Synack. E.g. "Bearer BLJZ_clib-mzHkBKwauhiQkma...."

Action 1 - Update Synack Vuln to Retest Status

• Method: POST

• URL: https://{{synack-tenant}}/v1/vulnerabilities/{id}/patch_verifications

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = Authorization; Type = Secret; Value = synack_token

• Request Script:

• Response Script:

Action 2 - Update AF Vuln with Synack Retest Status

• Method: PUT

• URL: https://{{af-tenant}}/api/ss/vulnerability/{id}

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = X-SSAPI-KEY; Type = Secret; Value = af_auth

• Request Script:

• Response Script:

Close Vuln in AF when Synack Vuln is Fixed

The purpose of this example is to close a vulnerability in AF when its fixed in Synack.

This example Flow can be downloaded from our Flows GitHub Repository and imported into your AttackForge.

Initial Set Up

• Type: Schedule

• Cron String: Recommend at start of day, every 24-hours (15 9 * * *)

• Secrets:

  • af_auth - your AttackForge API key

  • af_tenant - your AF tenant hostname e.g. "demo.attackforge.com"

  • synack_tenant - for prod use "api.synack.com". For non-prod - seek guidance from your Synack account manager.

  • synack_token - the API token created in Synack. E.g. "Bearer BLJZ_clib-mzHkBKwauhiQkma...."

  • synack_fetch_changes_from_in_days - the number of days (in the past) to fetch vulnerabilities e.g. set to "1" for fetching updated Synack vulns in past 24-hours. Should match your Flow Cron String.

Action 1 - Get Synack Vulns

• Method: GET

• URL: https://{{synack-tenant}}/v1/vulnerabilities?page[size]=5&page[number]={page}&filter[updated_since]={isoDate}

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = Authorization; Type = Secret; Value = synack_token

• Request Script:

• Response Script:

Action 2 - Get Synack Patch Verified Vulns

• Method: GET

• URL: https://{{synack-tenant}}/v1/vulnerabilities/{id}/patch_verifications

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = Authorization; Type = Secret; Value = synack_token

• Request Script:

• Response Script:

Action 3 - Get Pending AF Synack Vulns

• Method: GET

• URL: https://{{af-tenant}}/api/ss/vulnerabilities?pendingVulnerabilities=true&skip={skip}&limit=50&q_vulnerability={<CUSTOM-QUERY>}

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = X-SSAPI-KEY; Type = Secret; Value = af_auth

• Request Script:

• Response Script:

Action 4 - Get Visible AF Synack Vulns

• Method: GET

• URL: https://{{af-tenant}}/api/ss/vulnerabilities?skip={skip}&limit=50&q_vulnerability={<CUSTOM-QUERY>}

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = X-SSAPI-KEY; Type = Secret; Value = af_auth

• Request Script:

• Response Script:

Action 5 - Close AF Vulns

• Method: PUT

• URL: https://{{af-tenant}}/api/ss/vulnerability/{id}

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = X-SSAPI-KEY; Type = Secret; Value = af_auth

• Request Script:

• Response Script:

Get Latest Synack Vuln Comments

The purpose of this example is to fetch vulnerability comments in Synack and create remediation notes in AF.

This example Flow can be downloaded from our Flows GitHub Repository and imported into your AttackForge.

Initial Set Up

• Type: Schedule

• Cron String: Recommend at start of day, every 24-hours (30 9 * * *)

• Secrets:

  • af_auth - your AttackForge API key

  • af_tenant - your AF tenant hostname e.g. "demo.attackforge.com"

  • synack_tenant - for prod use "api.synack.com". For non-prod - seek guidance from your Synack account manager.

  • synack_token - the API token created in Synack. E.g. "Bearer BLJZ_clib-mzHkBKwauhiQkma...."

Action 1 - Get Pending AF Synack Vulns

• Method: GET

• URL: https://{{af-tenant}}/api/ss/vulnerabilities?pendingVulnerabilities=true&skip={skip}&limit=50&q_vulnerability={<CUSTOM-QUERY>}

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = X-SSAPI-KEY; Type = Secret; Value = af_auth

• Request Script:

• Response Script:

Action 2 - Get Visible AF Synack Vulns

• Method: GET

• URL: https://{{af-tenant}}/api/ss/vulnerabilities?skip={skip}&limit=50&q_vulnerability={<CUSTOM-QUERY>}

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = X-SSAPI-KEY; Type = Secret; Value = af_auth

• Request Script:

• Response Script:

Action 3 - Get Synack Vuln Comments

• Method: GET

• URL: https://{{synack-tenant}}/v1/vulnerabilities/{id}/comments

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = Authorization; Type = Secret; Value = synack_token

• Request Script:

• Response Script:

Action 4 - Convert Markdown to Rich Text for Comments

• Method: POST

• URL: https://{{af-tenant}}/api/ss/utils/markdown-to-richtext

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = X-SSAPI-KEY; Type = Secret; Value = af_auth

• Request Script:

• Response Script:

Action 5 - Create Remediation Notes

• Method: POST

• URL: https://{{af-tenant}}/api/ss/vulnerability/{id}/remediationNote

• Headers:

  • Key = Content-Type; Type = Value; Value = application/json

  • Key = X-SSAPI-KEY; Type = Secret; Value = af_auth

• Request Script:

• Response Script: