Skip to main content

Integrating Invicti Standard with Kenna

This document is for:
Invicti Standard

Kenna is an issue tracking system that calculates which vulnerabilities present the highest risk and de-prioritizes those that don't, then notifies the right people of the top vulnerabilities to achieve the greatest possible risk reduction.

This document explains how to configure Invicti Standard to send a detected vulnerability to Kenna for enhanced vulnerability management and risk assessment.

info

For further information, see Configuring the User Interface for Custom Send To Actions in Invicti Standard and Configuring Auto Send To Actions in Invicti Standard and What Systems Does Invicti Integrate With? external documentation.

Kenna Fields

This table lists and explains the Kenna fields in the Send To Actions tab.

Button/Section/FieldDescription
AddClick to add an integration.
DeleteClick to delete the integration and clear all fields.
Create Sample IssueOnce all relevant fields have been configured, click to create a sample issue.
ActionThis section contains general fields about the Send to Action.
Display NameThis is the name of the configuration that will be shown in menus.
MandatoryThis section contains fields that must be completed.
Instance URLThis is the Kenna instance URL.
API URLThis is the Kenna API URL.
API KeyThis is the API Access Key for authentication.
VulnerabilityThis section contains fields with vulnerability details.
Body TemplateThis is the template file that is used to create description fields.
Title FormatThis is the string format that is used to create the vulnerability title.
OptionalThis section contains optional fields.
Due DaysThis is the number of days between the date the issue was created to the date it's due.
Custom FieldsThese are the custom fields that are defined for the project.
Asset's Application IdentifierEnable the Set Asset's Application Identifier to provide further information for the asset that the vulnerability belongs to.

How to Integrate Invicti Standard with Kenna

Follow these steps to configure the Kenna integration in Invicti Standard:

  1. Open Invicti Standard
  2. From the Home tab on the ribbon, click Options. The Options dialog is displayed.
  3. Click Send To Actions.
Invicti Standard Options dialog showing Send To Actions configuration menu
  1. From the Add dropdown, select Kenna. The Kenna fields are displayed.
Kenna integration configuration form showing mandatory and optional fields for setup

  1. In the Mandatory section, complete the connection details:

    • Instance URL
    • API URL
    • API Key

  2. In the Vulnerability section, you can change the default Body Template and Title Format.

note

Body templates are stored in %userprofile%\Documents\Invicti\Resources\Send To Templates. If you use your own custom templates, store them in this location.

  1. In the Optional section, you can specify:

    • Due Days
    • Custom Fields
    • Asset's Application Identifier

  2. To set the custom field values, in the Custom Fields field, click the ellipsis button.

  3. In the Edit Custom Field Value field, enter the relevant value.

Kenna custom fields editor dialog for configuring custom field values
  1. Click OK.
  2. Click Create Sample Issue to confirm that Invicti Standard can connect to the configured system. The Send To Action Test confirmation dialog is displayed.
Kenna test connection dialog showing Create Sample Issue confirmation and results
  1. In the Send To Action Test dialog, click the Issue number link to open the issue in Kenna in the default browser.
Kenna test connection dialog showing Create Sample Issue confirmation and results

How to Export Reported Vulnerabilities to Projects in Kenna

Prerequisites

Please ensure that you have first configured Kenna integration (see How to Integrate Invicti Standard with Kenna external documentation).

  1. Open Invicti Standard.
  2. From the ribbon, select the File tab. Local Scans are displayed. Double-click the relevant scan to display its results.
Invicti Standard scan results view showing vulnerabilities ready for export to Kenna
  1. In the Issues panel, right-click the vulnerability you want to export and select Send to Kenna. (Alternatively, from the ribbon, click the Vulnerability tab, then Send To Kenna.) A confirmation message and link are displayed at the bottom of the screen.
Invicti Standard scan results view showing vulnerabilities ready for export to Kenna
  1. Click the Kenna Send To Action is executed for the selected vulnerability link to view the newly-created issue in Kenna.
  2. The vulnerability is automatically exported to Kenna. You can view it in Kenna's Issues tab.
Invicti Standard scan results view showing vulnerabilities ready for export to Kenna

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?