Attack Surface Management: Step 3 - Inbound Integr...

nathanael_s · ‎04-17-2024

Inside of Collections in Attack Surface Management, our customers utilize Workflows to scan their assets for vulnerabilities. Those Workflows can use a number of internally available solutions for scanning, but there are a number of ways customers can utilize Inbound Integrations to gain better insight into their entire Attack Surface. In this section we will explore Inbound Integrations for DNS & CDN, Cloud, and Github.

Prerequisites

Project Owner level access.
Admin access to Integration platform.

Actions

DNS & CDN

In this section we will walk you through setting up Cloudflare as an Inbound Integration.

Prerequisites

See the Relevant Links section for more documentation regarding the prerequisites.

Existing Project(s)
Existing Collection(s)
Project Admin rights for Project(s)
Admin access in Cloudflare

Steps

Create an API Token by following the steps outlined in the link. | Docs
From the Attack Surface Management console, click Projects & Settings, choose a Project, click Account Settings.
Click the Integrations tab.
Under Inbound Integrations, click Add New for Cloudflare.
Paste the API Token from step 1 and then click Connect.
Click Collections, then click Collections Settings next to the Collection you'd like to connect the integration to.
Select the Integrations tab, select Connect Integration, then link the Cloudflare integration.
Close the window, then click Scan Collection to begin scanning utilizing the Cloudflare integration.

Relevant Links

Prerequisites See the Relevant Links section for more documentation regarding the prerequisites. Existing Project(s) Existing Collection(s) Project Admin rights for Project(s) Admin access in Cloudflare Steps Create an API Token by following the steps outlined in the link. | Docs From the Attack Surface Management console, click Projects & Settings, choose a Project, click Account Settings. Click the Integrations tab. Under Inbound Integrations, click Add New for Cloudflare. Paste the API Token from step 1 and then click Connect. Click Collections, then click Collections Settings next to the Collection you'd like to connect the integration to. Select the Integrations tab, select Connect Integration, then link the Cloudflare integration. Close the window, then click Scan Collection to begin scanning utilizing the Cloudflare integration. Relevant Links All Steps: https://docs.mandiant.com/home/asm-cloudflare-integration 1: https://docs.mandiant.com/home/asm-cloudflare-integration#create-cloudflare-api-token 2-8: https://docs.mandiant.com/home/asm-cloudflare-integration#provide

Cloud

In this section we will walk you through setting up Google Cloud as an Inbound Integration. In addition to Google Cloud, Attack Surface Management has integrations for AWS and Azure.

Prerequisites

See the Relevant Links section for more documentation regarding the prerequisites.

Existing Project(s)
Existing Collection(s)
Project Admin rights for Project(s)
Admin rights in Google Cloud

Steps

Create a Google Cloud Service Account by following the steps identified in the linked docs for this step. Ensure to note the email address associated with the Service Account that you create in these linked steps. | Docs
From the Attack Surface Management console, click Projects & Settings, choose a Project, click Account Settings.
Click the Integrations tab.
Under Inbound Integrations, click Add New for Google Cloud.
In the Email field, provide the email address associated with the Service Account, created in Step 1. Click Connect.
Click Collections, then click Collections Settings next to the Collection you'd like to connect the integration to.
Select the Integrations tab, select Connect Integration, then link the Google Cloud integration.
Close the window, then click Scan Collection to begin scanning utilizing the Google Cloud integration.

Relevant Links

Prerequisites See the Relevant Links section for more documentation regarding the prerequisites. Existing Project(s) Existing Collection(s) Project Admin rights for Project(s) Admin rights in Google Cloud Steps Create a Google Cloud Service Account by following the steps identified in the linked docs for this step. Ensure to note the email address associated with the Service Account that you create in these linked steps. | Docs From the Attack Surface Management console, click Projects & Settings, choose a Project, click Account Settings. Click the Integrations tab. Under Inbound Integrations, click Add New for Google Cloud. In the Email field, provide the email address associated with the Service Account, created in Step 1. Click Connect. Click Collections, then click Collections Settings next to the Collection you'd like to connect the integration to. Select the Integrations tab, select Connect Integration, then link the Google Cloud integration. Close the window, then click Scan Collection to begin scanning utilizing the Google Cloud integration. Relevant Links 1: https://docs.mandiant.com/home/asm-gcp-integration#method-a 2-8: https://docs.mandiant.com/home/asm-gcp-integration#gcp-creating-google-cloud-integration

Github

In this section we will walk you through setting up Github as an Inbound Integration.

Prerequisites

See the Relevant Links section for more documentation regarding the prerequisites.

Existing Project(s)
Existing Collection(s)
Project Admin rights for Project(s)
Admin rights in Github

Steps

Create a Github Access Token by following the steps identified in the linked documentation. Ensure to note the Access Token once created because it will not be displayed again. | Docs
From the Attack Surface Management console, click Projects & Settings, choose a Project, click Account Settings.
Click the Integrations tab.
Under Inbound Integrations, click Add New for Github.
In the Github Access Token field, provide the Access Token, created in Step 1. Click Connect.
Click Collections, then click Collections Settings next to the Collection you'd like to connect the integration to.
Select the Integrations tab, select Connect Integration, then link the Github integration.
Close the window, then click Scan Collection to begin scanning utilizing the Gtihub integration.

Relevant Links

Prerequisites See the Relevant Links section for more documentation regarding the prerequisites. Existing Project(s) Existing Collection(s) Project Admin rights for Project(s) Admin rights in Github Steps Create a Github Access Token by following the steps identified in the linked documentation. Ensure to note the Access Token once created because it will not be displayed again. | Docs From the Attack Surface Management console, click Projects & Settings, choose a Project, click Account Settings. Click the Integrations tab. Under Inbound Integrations, click Add New for Github. In the Github Access Token field, provide the Access Token, created in Step 1. Click Connect. Click Collections, then click Collections Settings next to the Collection you'd like to connect the integration to. Select the Integrations tab, select Connect Integration, then link the Github integration. Close the window, then click Scan Collection to begin scanning utilizing the Gtihub integration. Relevant Links 1: https://docs.mandiant.com/home/asm-github-integration#Create-a-GitHub-Access-Token 2-8: https://docs.mandiant.com/home/asm-github-integration#Use-GitHub-Access-Token-for-MA-ASM-Integration

Next Step: Attack Surface Management: Step 4 - Outbound Integrations