As we reach the end of September 2024, ThreadFix version 3.x on-premises has officially reached its End-of-Life. Therefore, there is no longer support or updates for this version of the product. We have fully transitioned our product and development teams to focus ThreadFix SaaS and migrating all customers over from the on-premises versions. Our Customer Success and Support teams are here to help you in migrating to ThreadFix SaaS and maximizing the value you see from this improved offering from Coalfire. This is the next phase of ThreadFix and our team is looking forward to continuing to support you on this journey.
Remote Providers 3.X
You will learn
About Remote Providers, how to create new providers, import scans, and schedule imports.
Prerequisites
Audience: IT Professional, or End User
Difficulty: Intermediate
Time needed: Approximately 5 minutes
Tools required: N/A
Table of Contents
Introduction
Remote Providers are an interface that ThreadFix uses to import scans from SaaS platforms. Not all Remote Providers operate in the same manner, please refer to each Remote Provider guide below for further details as well as the ThreadFix Integrations page.
Note ThreadFix Bidirectional Sync has been deprecated.
Create New Provider
Remote Providers are accessed by clicking on the Application menu on the Navigation sidebar, then clicking on Integrations and selecting the Remote Providers page.
To add a Remote Provider instance to ThreadFix, click the Create New Provider button, a modal with pop-up requesting details to be filled out.
Select the desired scanner from the Type drop-down field, and fill the required Name field at a minimum. Depending on what Type was selected the remaining entry fields will vary. The Force Last Scan checkbox is an option that will force ThreadFix to always retrieve the last scan from the Remote Provider. Note: in 3.1 the 'Force Last Scan' checkbox option has been removed.
ThreadFix will import all of the integration's existing applications (even if there are no scans assigned to them):
Edit Remote Provider
To edit a Remote Provider's configuration, click on its blue edit button on the right edge of the integration listing, which will pop up an Edit Provider dialog. Note the edit icon appears as below:
Must Re-enter Password
In order to save changes to the integration's configuration, the user will need to re-enter the account's password, otherwise the Save button will remain disabled.
Import Scans
In order to import scans into ThreadFix, the Remote Provider applications need to be mapped to a Team/Application combo. A user can either:
From the Application Menu, expand the Integration sub-menu and select the Remote Providers page. From the Remote Providers tab select a Remote Provider and expand it. Click the Create ThreadFix Applications button.
Manually create applications in ThreadFix and select Edit Mapping. Selecting Create ThreadFix Applications will ask for ThreadFix Teams to assign each AppScan Application to:
When clicking the Create Applications button, ThreadFix will create a new ThreadFix application with the same name as its Remote Provider application counterpart and assign it to the selected Team. Selecting Edit Mapping will ask for the Team/Application Combo to which the Remote Provider application will be mapped:
Only teams that have at least one application will appear in the 'Team' list. ThreadFix does not allow mapping a ThreadFix application to Remote Provider applications from different instances of the same Remote Provider.
Sync Remote Provider Applications
As applications are added/removed/renamed on the Remote Provider side, users can click the Sync Remote Provider Applications button to add or remove applications from the list of Remote Provider applications.
ThreadFix will provide a banner indicating what, if any, applications were added/removed.
If a Remote Provider application has been renamed on the Remote Provider side, the sync function will remove the Remote Provider application and add a new one corresponding with the new name.
If the renamed Remote Provider application had been mapped to a ThreadFix application, the mapping will not be preserved, so the newly-added Remote Provider application will need to be re-mapped again.
Import to ThreadFix
Users can either import scan data for all of a remote provider's mapped applications at once (Import All Scans button) or for a particular application (individual Importing buttons):
Once the scans have finished importing, the user will be directed to the corresponding Application Details page. The Scans tab will display the scans that were imported:
The Remote Provider Application tab will show the import status:
Scheduled Imports
Through the Scheduled Imports tab, users can schedule Remote Provider scans.
Click the Schedule New Import button.
A modal will pop-up, select the Scheduling Method, Frequency, and Time the import should occur. Specify the Remote Provider and ThreadFix application, then click the Add Scheduled Import button.
When scheduling a Remote Provider Import, a time zone drop down will allow users to set a desired time zone region for the scheduled job. This is applicable for both Select and Cron Expression scheduling methods.
The scheduled import will then be reflected in the list.
Scheduled Sync Tasks
Through the Scheduled Sync Tasks tab, users can schedule Remote Provider scans.
Click the Schedule New Sync Task button.
A modal will pop-up, select the Scheduling Method, Frequency, Time, and Timezone the import should occur. Specify the Remote Provider (optional) then click the Add Scheduled Sync button.
The scheduled sync task will then be reflected in the list.
Scan Orchestration
ThreadFix supports scan orchestration via the UI for Netsparker Enterprise. In order to use the Scan Orchestration feature the ThreadFix user must have “Manage Remote Provider Scans” permission. After having configured the Remote Provider and mapped it to a ThreadFix application, click the Request button to initiate a scan, after which users can click the Import button to import the result.
Another method to initiate a scan orchestration is to click the Scan Orchestration (rocket) button within the Remove Provider Application tab as seen below.
Note an import for an application must be run before scans orchestration can be utilized.
www.threadfix.it | www.coalfire.com
Copyright © 2024 Coalfire. All rights reserved.
This Information Security Policy is CoalFire - Public: Distribution of this material is not limited.