Asset Ingestion (Nessus, NS1, and CrowdStrike) Asset Ingestion (Nessus, NS1, and CrowdStrike)

Asset Ingestion (Nessus, NS1, and CrowdStrike)

Chariot can integrate with several third-party platforms to ingest additional assets into its attack surface database and risk detection pipeline.

CrowdStrike

Clicking on the CrowdStrike integration card will bring up the following menu:

Chariot requires a Falcon API client to read assets managed by CrowdStrike. Please create a new API client with full Read permissions, following CrowdStrike's documentation.

Once you have created a new API client, provide the client's ID and secret in the menu above, along with your Falcon API base URL. Click Add to complete the integration.

Chariot will now regularly ingest assets from CrowdStrike for additional coverage.

NS1 Connect

Chariot can enumerate the DNS zones hosted in an NS1 account. First, sign into your NS1 account at https://my.nsone.net/. Then, click on your profile icon in the upper right-hand corner and select Users & teams:

 

From here, click API Keys and then Add Key:

You may name the key anything you like:

Chariot only needs two permissions: DNS Permissions > View zones and DNS Permissions > Allow by default. All other API key permissions can be disabled.

Once you have selected these two permissions, click Save API key:

On the Users & teams page, click the "i" icon next to your new API key to reveal the key cleartext. Copy this value to your clipboard:

Back in Chariot, click on the NS1 integration card and paste your API key into the menu:

Once integrated, Chariot will perform a daily sync with your NS1 account to pull all NS1-managed A, AAAA, and CNAME DNS records. Chariot will create an asset for any new records:

If you have configured your NS1 deployment to use IP whitelisting, please reach out to the Chariot team to get a list of our IP addresses.

To search for all assets Chariot has pulled from your NS1 account, search type "ns1" into Global Search and click on the Attributes (X found) line item in the results:

This will show a table with all assets created from NS1-managed records. 

 

Nessus in the Chariot CLI

You can connect Chariot to Nessus to increase attack surface visibility and risk posture.

First, you will need to access your Tenable Nessus account. In Tenable Nessus Manager, navigate to: Settings -> About -> My Account. -> API Keys, and click Generate. For more, or updated information see Tenable's documentation.

Now that you have a Nessus API access key and secret key, you can replace <API_KEY> and <SECRET KEY> in the following command.

praetorian chariot plugin nessus --url https://localhost:8834 --api-key <API_KEY> --secret-key <SECRET_KEY> 

 

Once you have connected Chariot and Nessus, Chariot will  continuously manage your threat exposure with Nessus-provided assets and risks. 

 

Further, Chariot will regularly check Nessus for new assets within your attack surface and any new risks or vulnerabilities you may be exposed to. 

 

The Chariot dashboard, report generation capability, and data widget will bring this complex information into an easily understandable, and actionable format.