Bring-Your-Own-Data (BYOD) to the Kondukto Platform

Cenk Kalpakoğlu04 Jun 2024

During this year’s RSA conference in San Francisco, we announced our new exciting platform capability: “Bring-Your-Own-Data” (BYOD), which allows customers to integrate their unique data-streams into the Kondukto Platform.

Integrating diverse sets of data has become critical for AppSec. “Bring-Your-Own-Data” drastically improves the visibility for security teams into the application security stack of complex environments. It extends the feature-rich Kondukto API and allows our customers to further automate their AppSec workflows.

“Bring-Your-Own-Data” currently consists of 2 platform capabilities, the new “Any Scanner” feature and the support for Custom Threat Intelligence Databases (launched earlier in 2024).

Any Scanner

As the maturity of AppSec teams increases over time, teams tend to use homegrown or heavily customized open-source scanners to ensure that vulnerabilities are identified before they can hit their production environments. However, tools come in many different flavors, just as each dev team may use a different tech stack with slightly different processes.

From a security engineering perspective, you ought to be able to consolidate and contextualize all tools that are used to ensure the integrity of your organization’s environment. In many cases though, this turns out to be a challenging and laborsome task that hurts the team’s effectiveness.

So to make this task easier and to extend the visibility provided by the Kondukto Platform, we have developed the “Any Scanner” feature. It enables security teams to ingest a wide variety of custom scanner output.

schematic that shows the 3 steps to integrate custom scanner data with the Kondukto Platform: upload json, map fields, import results via Kondukto CLI or UIA good use-case for this feature is to use the output of different linters in your Software Development Life Cycle (SDLC) processes to do custom checks. With the “Any Scanner” feature, you can re-use linter rules and outputs to perform checks in your pipelines and integrate the output with Kondukto. With the data on our platform, you can take advantage of its correlation, deduplication, alerting and workflow automation features.

Here’s how it works:

  1. Customize the linter rules.
  2. Run the linter and generate a sample output.
  3. Upload the JSON output to Kondukto and start mapping fields.

The mapping process allows Kondukto to understand which JSON fields correspond to the required Kondukto fields. Once this is done, save the custom integration with a name of your chosing and use it in your SDLC.

The easiest way to use this feature is with Kondukto's open-source CLI (KDT). An example command would be:

kdt scan -p ProjectName -t custom_scanner -b master -f results.json

Custom Threat Intelligence DB Integration

Application Security Processes (AppSec Processes) are all about the prioritization of vulnerabilities. Threat Intelligence is one of the most important aspects of an ASPM platform to achieve this.

The Kondukto Platform provides a “Custom Threat Intelligence Database” integration that allows organizations to integrate their own threat intelligence (TI) databases. To integrate your threat intelligence database, just go to “Integrations” > “ Threat Intelligence” and activate “Custom TI DB”.

screenshot of the Kondukto Platform that shows the integrations sections and where the Custom Threat Intelligence DB integration can be found and activated.Once the integration has been successfully activated, you can feed your custom TI data to the Kondukto Platform via the API. The following parameters are supported by the Kondukto API:

  • CVE ID: Required and must be unique.
  • Description: Optional (default is empty).
  • Observed in the wild: Optional (default is false).
  • Known exploit: Optional (default is false).
  • Publish date: Optional (defaults to the current time if sent as null).
  • Risk Rating: Required (default is 0).

Here is a quick example in JSON:

{
"cve_id": "CVE-2018-14721", // required and must be unique
"description": "", // optional, default empty
"observed_in_the_wild": false, // optional, default false
"known_exploit": false, // optional, default false
"publish_date": "2023-08-16T19:05:01.000Z", // optional, it will current time if its sended null
"risk_rating": 2 // optional, default 0
}

Your threat intelligence data is accessible through the API. You can, for example, retrieve all your TI data using GET {API_BASE}/api/v3/threat_intelligence or a specific dataset using GET {API_BASE}/api/v3/threat_intelligence/{CVE_ID}.

The Custom TI DB integration is one of more than 20 new integrations that we have recently added to the Kondukto Platform. Among them are new integrations for Contrast Security (IAST, SCA) and Red Hat (Red Hat Advanced Cluster Security), pushing the total number of available integrations to over 120, all developed and maintained in-house.

You can find the list of all integration related endpoints and capabilities supported by the Kondukto API in our documentation.

Get A Demo