Cobalt
Visualize Cobalt pentests and findings, and monitor changes through queries and alerts.
- Installation
- Data Model
- Types
Installation
For this integration, you will need to create and copy an API Token in Cobalt. See their documentation for more information.
Configuration in JupiterOne
To install the Cobalt integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Cobalt. Click New Instance to begin configuring your integration.
Creating an instance requires the following:
-
The Account Name used to identify the Cobalt account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled. -
Description to assist in identifying the integration instance, if desired.
-
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration. -
Your Cobalt API Key.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Cobalt | cobalt_vendor | Vendor |
| Cobalt Account | cobalt_account | Account |
| Cobalt Asset | cobalt_asset | Application |
| Cobalt Asset | cobalt_asset | ApplicationEndpoint |
| Cobalt Asset | cobalt_asset | Network |
| Cobalt Asset | cobalt_asset | Configuration |
| Cobalt Finding | cobalt_finding | Finding |
| Cobalt Pentest | cobalt_pentest | Assessment |
| Cobalt pentest service | cobalt_service | Service |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
cobalt_account | HAS | cobalt_service |
cobalt_account | HAS | cobalt_asset |
cobalt_asset | HAS | cobalt_finding |
cobalt_pentest | IDENTIFIED | cobalt_finding |
cobalt_service | PERFORMED | cobalt_pentest |
cobalt_vendor | PROVIDES | cobalt_service |
cobalt_vendor | PERFORMED | cobalt_pentest |
Mapped Relationships
The following mapped relationships are created:
Source Entity _type | Relationship _class | Target Entity _type | Direction |
|---|---|---|---|
cobalt_finding | IS | cve | FORWARD |
cobalt_finding | IS | cwe | FORWARD |
Cobalt Finding
cobalt_finding inherits from Finding
| Property | Type | Description | Specifications |
|---|---|---|---|
assetId * | string | null | ||
category * | string | null | ||
cobaltHashtag * | string | null | ||
impact * | number | null | ||
likelihood * | number | null | ||
pentestId * | string | null | ||
prerequisites * | string | null | ||
proofOfConcept * | string | null | ||
state * | string | null | ||
suggestedFix * | string | null | ||
targets * | array | null |