Burp Suite
Burp Suite
This CLI is able to sync assets and vulnerabilities from a folder containing Burp .XML files.
burp
- Import a folder of Burp files and sync assets and vulnerabilities to RegScale.
Burp Processing Workflow
The CLI will process each burp file and load assets and vulnerabilities to RegScale.
-
The user first logs into RegScale via the CLI to set the access token or otherwise creates a service account as described in the CLI Login documentation
import_burp
Import burp scans and assets to RegScale
-
The user provides the RegScale SSP ID# and the folder path to the burp files.
-
burp
- The primary function of this integration, parse and load burp data to RegScale.
Required parameters
regscale_ssp_id
The ID number from RegScale of the System Security Plan, required.folder_path
The full folder path where the burp files are located.
Additional Information:
- If any vulnerabilities are reported by the burp scan, the CLI will create an issue with the vulnerablilty plugin name and link all assets related to this vulnerability to the issue description. The issue will have the Security Plan as the parent module.
- Issues will be created based on vulnerabilities reported in the burp datasets.
The CLI provides detailed logging throughout the process to indicate progress and to provide troubleshooting in case of issues.
Example Commands
Import burp scans to SSP #16 in RegScale using the files located in the burp_scans folder.
regscale burp import_burp --regscale_ssp_id 16 --folder_path /home/$USER/Documents/burp_scans
NOTE: In order to save the xml file in the RegScale security plan, the allowed file types need to be updated in the system. Navigate to "Setup" and "File Storage" and add ".xml" to the list of allowable files.
NOTE: See All Scanner Integrations for information about how this updates Issues/POAMs
Updated 2 months ago