A vulnerability scanner enables organizations to monitor their networks, systems, and applications for security vulnerabilities. Most security teams utilize vulnerability scanners to find weaknesses in their environment and make sure preventive actions are taken properly beforehand. The number of vulnerabilities in IT systems is growing fast every day. Over 8,000 vulnerabilities are reported in Q1 of 2022.  Popular vulnerability scanners include CrowdStrike falcon spotlight, Rapid 7, Tenable, ShadowServer, Qualys, etc. To make sure vulnerabilities are timely patched, one important part is to make sure they are visible to the parties that are relevant. For example, your management team and your clients. Popular business intelligence tools such as Power BI is a great tool to achieve this. In this post, we outline the process to quickly build up an automation to create a Power BI report on the summary of vulnerabilities based on Crowd Strike Falcon Spotlight vulnerability information. 

sample report

CrowdStrike Falcon Spotlight

CrowdStrike Falcon Spotlight offers security teams a real-time assessment of vulnerability exposure on their endpoints. It collects endpoint vulnerability data based on a single agent provided by crowd strike. 

Power BI

Power BI is a popular business intelligence tool provided by Microsoft. Teams can use Power BI to create and share nice dashboard and report within a team or for clients. 

Comparing other dashboard solutions e.g. SIEM, Power BI is 

  • Very easy to set up and customize 
  • Professional quality for reports good for management and customers
  • Very easy to share 

Data Transformation 

Before you create a nice report for your customers or share it between teams, you will need to stitch crowd-strike vulnerability information together in the desired format so that you can use it to build the report. The following shows an automated solution that you can reuse to stitch vulnerability data from CrowdStrike Falcon Spotlight to Power BI. It is an out-of-the-box solution and you can reuse it almost immediately. 

CrowdStrike Falcon Spotlight APIs 

CrowdStrike Vulnerability APIs

CrowdStrike Falcon Spotlight has two APIs

  1. Get one or more vulnerability’s ID
GET /spotlight/queries/vulnerabilities/v1

This API returns a list of vulnerability IDs. However, it does not provide vulnerability details. In order to take CrowdStrike details, you will need to use another API to complete the requests. 

      2. Get vulnerability details 

GET /spotlight/entities/vulnerabilities/v2

This API returns vulnerability details based on a vulnerability id or a list of vulnerability ids.

CrowdStrike Spotlight Vulnerability Details

Power BI API

To post rows to Power BI, you will need to use Power BI API to post data row by row. 

POST https://api.powerbi.com/v1.0/myorg/datasets/{datasetId}/tables/{tableName}/rows

End-to-end data pipeline automation

The output of CrowdStrike is a JSON Object which contains a list of information. To transform it, you will need to map that to a table schema in Power BI.  DTonomy’s end-to-end automation for pulling data from CrowdStrike Falcon Spotlight and stitching them together is here:

Retrieve data from CrowdStrike Falcon:

retrieve vulnerability ids, fill in the URL, client id, and client secret first.

Fill in CrowdStrike Connection Information and then pull vulnerability Ids. The CrowdStrike API Connection Information can be found on CrowdStrike Instance. 

Once you have a list of vulnerabilities, let’s retrieve vulnerability details. 

vulnerability details

Data Transformation:

The function node in between Vulnerability Details and the Power BI node is the transformation where you can transform data or enrich data or customize data to the format you would like to send 

Transform CrowdStrike falcon spotlight to Power BI format

Upload data to Power BI: 

Select the post rows to function under datasets operation and also include your desired workspace id and Power BI credentials to upload transformed data to Power BI

power bi post data by row

This takes the transformed data and then uploads it to Power BI. 

Fully automated workflow 

An end-to-end automated data pipeline is like this. 

Step 1: pull all vulnerabilities from CrowdStrike Falcon Spotlight

Step 2: based on vulnerability ids, pull vulnerability details

Step 3: transform and select vulnerability information to table format

Step 4: Upload data to Power BI 

Fully automated workflow

Once automated, you can schedule it to run every day or every week. Based on updated data, you can easily create a nice vulnerability summary report like this. 

CrowdStrike Falcon spotlight vulnerability report

We provide different types of templates that can be reused for different reports purpose.  

Share your report

From Power BI, you can now easily share reports with your client or your other team members. 

 

Aggregated vulnerabilities on multiple different tools

It is very common you may have multiple scanners besides CrowdStike Spotlight, for example, Tenable, Rapid7, etc. With the flexible integrations, now we can easily dedupe the vulnerabilities and provide a unified view on vulnerabilities.  

 

Multi-Tenant Vulnerability Management 

Managing CrowdStrike in multi-tenant environments can be challenging and risky when it comes to retrieving vulnerability information. Instead of using a separate API key for each tenant, our solution allows you to easily authorize access using a parent API key and tenant customer id. By doing so, you can generate a token for each tenant and retrieve vulnerability information in a secure and efficient manner.

Look for other integrations?

DTonomy’s platform has 100s integrations with various kinds of security tools. Check it out here. If it is not there, just reach out to us. We are continuously adding more integrations. 

With more integrations, you can now aggregate different vulnerability information and security insights and present them in one nice report. 

When you are ready, here are two ways we can help 

  1. Check out More examples on Security Dashboard and Reporting
  2. Schedule a free consultation to discover the best solution for you and your team (schedule here)

Additional Information

We are pleased to announce that DTonomy is now part of Stellar Cyber. The integrated solution will enhance cyber threat detection and response automation!

X