The Catalog is the staging area for possible web applications that you can choose to add to your subscription. The catalog requires manual triaging to know which entries are truly web applications that should be scanned with WAS. Catalog entries are processed from completed maps, WAS scans and vulnerability scans in your account.
You can get the data in the catalog in three ways. The source of catalog entries are VM maps, VM scans and WAS scans. The data that you see in the catalog may have links for web applications (and APIs) that you may want to scan with WAS.
1) VM scans in the same subscriptions - Select Update above the catalog list to add data discovered in the most recent VM scan results within your account. We fetch the data from specifically, QIDs 86000 and 86001 ("Web Server Version" and "SSL Web Server Version") to populate the catalog. When you click the "Update" button from the WAS catalog, the data in those QIDs are pulled in as catalog entries.
2) VM maps in the same subscription - Go to the Web Applications > Maps tab and select "Process Results" to process the latest map results within your account. Maps do not have QIDs, but include a list of open ports. When a map is processed, the open port data is used to create catalog entries for the ports that are specified under the "Configure" button.
3) WAS scans in the same subscription - Go to Scans > Scan List and select New Scan > Discovery/Vulnerability Scan. When you run a WAS scan on your web application, WAS finds links to the sites that are under the same domain as the scanned site. The catalog is populated with these entries. For example, you run a WAS scan against https://www.acme.com and it has links to https://store.acme.com and http://corporate.acme.com. These sites are under the same domain as the scanned site, so the WAS catalog will automatically be populated with two new entries: store.company.com/port 443 and corporate.company.com/port 80.
The Catalog is the staging area for possible web applications that you can choose to add to your subscription. You need to manually search the catalog to know which entries are truly web applications that should be scanned with WAS. If you decide that a certain catalog entry is an actual web application that needs to be scanned with WAS, select from the Actions menu "Add To Subscription" on that entry. A web application will be created under the Web Applications tab with a default name as follows:
Catalog Web Application: [IP or FQDN], Port [port #]
You can then edit the web application as needed (rename it, select an option profile, specify a default scanner, add authentication, configure blacklists, etc.).
Note that "Add To Subscription" on a catalog entry will consume a license.
In the Administration module, there are 5 user permissions pertaining to the WAS catalog. They are:
- Access Web Application Catalog
- Edit Web Application Catalog
- Edit Web Application Catalog Entry
- Delete Web Application Catalog Entry
- Add to Subscription Web Application Catalog Entry.
Permissions to manage web applications are assigned to roles within each user's account settings. There are separate permissions to: manage web applications (view, create, edit, delete and more), scan web applications, and report on web applications. Learn more
When you click the "Update" button from the WAS catalog, the data in QIDs 86000 and 86001 ("Web Server Version" and "SSL Web Server Version") are pulled in as catalog entries. Then you can review your catalog and decide whether you want to add any of the entries to your subscription for scanning with WAS. Learn more
Yes, Just hover over a row and choose Open in Browser from the menu, or click the Open in Browser button in the preview pane.
When you click on a catalog entry, the preview section at the bottom shows you the comments for that entry. The comments section provides information about where the entry originated.
- "Web Application added from scan consolidated data from VM" - a VM scan was the source of the entry.
- "Web Application initially discovered in map map/xxxxxxxxxx.yyyyy" - a VM map was the source of the entry.
- "Web Application added from scan consolidated data from WAS" - a WAS scan was the source of the entry.
You can select one or more source filters shown in the left pane to view entries from the selected sources.
The preview pane appears below the list area when you click a row in the Catalog section. The preview displays the date and time of the last update of the catalog entry, the status of the catalog entry, the operating system and the last comment added to the entry. (The Catalog is not available to Express Lite users) Show me
To delete one or more catalog entries, go to Web Applications > Catalog and select a entry and from the Quick Actions menu, click Delete or select multiple entries and from the Actions menu, click Delete.
We provide you filters that you can use to search for catalog entries. Along with these filters, you can use the search box to search catalog entries by 1) FQDN name, 2) NetBIOS name 3) ID of the catalog entry, 4) Port, and 5) IP address.
We support text search for FQDN and NetBIOS names. This means when you enter some text in the search box and click Search, we find all the catalog entries that have the specified text in FQDN or NetBIOS names.
We support number search for ID and Port. When you specify a number in the search box, we find all the catalog entries that have the specified number in the ID or port.
To search for catalog entries by IP address, you can enter either full IP address or IP address with wildcard characters. We support wild card character * for numbers in IP Address. For example, 10.11.196.* or 10.11.*.* are valid patterns for IP address. Examples of Invalid patterns:*126.96.36.199, 1*188.8.131.52, and 1*.123.123.123.