BugCrowd Connector

Bugcrowd is a crowdsourced cybersecurity platform that connects organizations to a community of security researchers for vulnerability discovery, assessment, and mitigation. 

What is the BugCrowd API Connector?

The BugCrowd API Connector enables secure integration between your BugCrowd instance and Qualys Enterprise TruRisk Management (ETM). Once configured, it automatically ingests asset data via scheduled API calls. Qualys ETM then processes the incoming data by:

  • De-duplicating redundant entries
  • Normalizing data formats
  • Enriching findings with additional context
  • Calculating risk scores using TruRisk
Category  Supported Asset Type Supported Finding Type
API Connector Web Application Asset
Vulnerability

Prerequisites

User Roles and Permissions

You must have administrative access in your Bugcrowd portal to generate API credentials.

How to Generate API Credentials

  1. Log in to your Bugcrowd portal as an administrator.

  2. Click the Profile icon > select API Credentials.

  3. Provide an App Name and click Create Credentials.

  4. Copy and securely store the API keys immediately. They cannot be viewed again.

Create a New API Connector

Basic Details

  1. Provide the Connector's Name and Description.
  2. Select the Data Model you want to import or export - currently, we support Vulnerability.
  3. Select the Data Model Type - currently we support Application.
    The following screenshot displays the Basic Details fields.

  4. Next, provide the API authentication details of the BugCrowd environment as provided in the Prerequisites section.

Data Model

The BugCrowdAPI Connector offers an out-of-box data model mapping for you to map with Qualys ETM schema. You can view the schema to understand the attributes in the data model.

Transform Maps

Map the fields from the CSV file to the corresponding fields in your target system. Transform Maps ensure the data is transformed correctly during the import or export process.

The BugCrowd Connector offers an out-of-box transform map for you to proceed without further configuration. View the map to understand the data transformation or clone the map to edit its configurations.

Click Create New for a new Transform Map.

Perform the following steps to configure a Transform Model:

  1. Transform Map Name: Enter a unique name for the Transform Map. This name helps identify the specific transformation configuration within this connector.
  2. Source Data Model: Select the data model that serves as the input for the transformation. This is the model from which data will be extracted.
  3. Target Data Model: Choose the data model that receives the transformed data. This model defines how the data will be structured after the transformation.

    Refer the following Transform Map screenshot:

Fields Mapping

The Fields Mapping section maps fields from the Source Data Model to the Target Data Model.

  1. Source Field: Specify the field in the Source Data Model containing the transformed data.
  2. Data Type: Indicate the data type of the Source Field (e.g., string, integer, date).
  3. Target Field: Designate the corresponding field where the transformed data will be placed in the Target Data Model.

Click Add to create and display the mapping for the Source Field, Data Type, and Target Field below the section. This visual helps ensure that all necessary fields are mapped correctly and allows easy verification and adjustments.

Profile

Create a profile for your connector. A profile decides the connector status, execution schedule and transform map to choose. The connector follows the configurations of this profile for all future executions.

Click the "+" to create a new profile.

In the Add Profile screen, provide the necessary inputs for your new profile.

Provide a Name and Description.

Select the required Transform Map for the data mapping.

The Resource Types determine which resources to select for the profile. The Resource Type determine the required resource whose findings should be ingested by Qualys ETM.

The Status field determines whether the connector should be in Active or Inactive state after creation. 

Lastly, the Schedule section lets you either create a Single Occurrence schedule or a Recurring schedule. Provide the exact date and time for the Single Occurence execution and provide the Start and End date/time for the Recurring schedule.

Scoring

The Scoring screen lets you map non-CVE vulnerability scores from your vendors to Qualys Detection Score (QDS) system.

Score mapping screen.

You have two columns with 5 input fields in each of them. These fields correspond to a specific severity starting from the least severe (1), to the most severe (5).

Fill out all 5 rows to create a comprehensive score mapping. This allows for translation between various vendor scoring systems and Qualys' Detection Score.

The specifics of the mapping is explained below.

Expected Source Values - Enter the vendor's original score or rating for non-CVE vulnerabilities.
This can be alphanumeric values. (e.g., "High", "Critical", "A", "3", etc.).

Severity - This column is pre-populated with severity levels from 1-5. These represent the severity levels in Qualys. The Source Value must be mapped such that it utilizes these 5 severity levels.

QDS - Enter the corresponding Qualys Detection Score. Use values from 0-100, where higher numbers indicate higher severity.

Default Severity

Below the scoring map, find the 'Default Severity' dropdown menu.

Select a default severity level from 1-5, this is applied when a vendor's score for a non-CVE vulnerability doesn't match any 'Expected Source Value' in your mapping table.

How Does a Connection Work?

The BugCrowd connector functions through configured profiles, determining what data gets synchronised and when.

The Bugcrowd Connector syncs vulnerabilities and assets by performing scheduled API calls to the Bugcrowd platform. The connector performs the following operations:

  1. Authentication
    The connector authenticates by using API credentials (username and password) against the following endpoint: https://api.bugcrowd.com/engagements

  2. Fetching Vulnerability Submissions 
    Vulnerability data is retrieved through: https://api.bugcrowd.com/submissions

  3. Processing in ETM
    The retrieved assets and vulnerabilities are mapped, normalized, enriched, and scored within Qualys ETM.

A Connection usually involves creating a profile that defines which vulnerabilities to import based on detection data types and asset types. The connector then automatically executes according to the schedule (or on-demand), pulling vulnerability data from BugCrowd into Qualys ETM, which can be viewed alongside other security findings.

With the BugCrowd API Connector successfully configured, you are almost ready to view all the assets and findings from BugCrowd.

In the Connector screen, you can find your newly configured connector listed and marked in the Processed state.

Connector States

A successfully configured connector goes through 4 states.

  1. Registered - The connector is successfully created and registered to fetch data from the vendor.
  2. Scheduled - The connector is scheduled to execute a connection with the vendor.
  3. Processing - A connection is executed and the connector is fetching the asset and findings data.
  4. Processed - The connector has successfully fetched the assets, it may still be under process of fetching the findings. Wait for some more time for the connector to fetch the findings completely.

The Processed state indicates that the Connector is successfully configured but it is under the process of importing all your assets and findings. This process (specifically for findings) may take some time.

This entire process may take up to 2 hours for completion. Once, it is done. You can find the imported data in Enterprise TruRisk Management (ETM).

View Assets and Findings in ETM

Navigate to Enterprise TruRisk Management to start analysing your Connector's vulnerability findings.

You can view the assets imported from the BugCrowd connection by navigating to the Inventory tab of ETM.

Go to Assets > Host to find all of your imported assets.

Use the token,inventory: (source: `BugCrowd`) to view all the imported BugCrowd assets.

Here, you can learn about your assets' criticality and Risk Scores. Click any asset to view more details.

Next, you can navigate to the Risk Management tab to view your vulnerability findings.

Go to Findings > Vulnerability to view all the discovered vulnerabilities.

Use the token, finding.vendorProductName: `BugCrowd` to view all the discovered BugCrowd vulnerabilities.

To know more about how the BugCrowd API Connector leverages the findings, refer to the Qualys ETM Documentation.

Activating Web Applications in WAS

Web applications synced from the Bugcrowd Connector appear in:

  • ETM

  • CSAM

  • WAS 

By default, these applications are not activated for scanning in WAS.

To activate web applications in WAS:

  1. Navigate to CSAM > Web Applications.

  2. Select the desired web application.

  3. Choose Quick Actions > Activate WAS.

Activating web applications will consume WAS licenses. You should activate only the required applications.

Data Model Mapping

Source Attribute Label

Target Attribute Label

id

externalFindingId

type

findingSubType

attributes.bug_url

webAppName

attributes.bug_url

webAppUrl

attributes.description

findingDescription

attributes.last_transitioned_to_resolved_at

findingLastFixedOn

attributes.severity

findingSeverity

attributes.submitted_at

firstFoundDate

attributes.title

findingName

attributes.state

Unresolved | New | Resolved

state

Active | New | Fixed

© Qualys , Inc. All rights reserved. Privacy Policy.