Vulnerability assessment tools
      Back to home
      1. Knowledge Base
      2. Integrations
      3. Vulnerability assessment tools

      Integrate CyCognito vulnerability results with Autobahn

      This guide will instruct you how to integrate your CyCognito account with the Autobahn platform to re-prioritize vulnerabilities and map them to actionable Workouts

      Table of content

      1. Why integrate CyCognito with Autobahn
      2. Required steps to integrate CyCognito with Autobahn
      3. Integrate CyCognito with Autobahn
      4. Enable/disable integration
      5. Data mapping on CyCognito integration
        1. Web application field mapping
        2. Domain fields mapping
        3. IP Address mapping
      6. Status update mechanisms
      7. API Endpoints in use
      8. Important notes

      1. Why integrate CyCognito with Autobahn

      CyCognito automatically discovers all your internet-facing assets - including devices, websites, and applications - and continuously monitors them for vulnerabilities.

      By integrating CyCognito’s Attack Surface Management with your Autobahn account, you enable seamless, automated import of asset data (such as domains and web addresses) and any associated vulnerabilities identified by CyCognito.

      Once connected, Autobahn processes and enriches this data, giving you a consolidated view of your external risk exposure. It helps you:

      • Prioritize vulnerabilities based on risk and context
      • Streamline remediation efforts
      • Automatically map issues to Cyber Fitness Workouts, turning insights into actionable remediation steps

      This integration ensures continuous visibility and faster response to external threats - without manual effort.

      Note: this integration only supports the latest version of CyCognito.

      2. Required steps to integrate CyCognito with Autobahn

      To enable the integration, you need to first prepare the CyCognito API Key. Follow the steps below to generate the API Key.

      1 - Access your CyCognito account by logging in with your credentials.

      2 - Navigate to Workflow & Integration from the sidebar.

      3 - Click on the API Key Management button. You will see a form to generate a new API Key.

      4 - Input a key name in the Key name field, and select "Read only" on the Key access section. Then, click the Create button.

      5 - Copy the resulting API key to use later when setting up the connector in Autobahn.

      Please note that this connection is one-way. Information flows from CyCognito (the Connector) to Autobahn.

      3. Integrate CyCognito with Autobahn

      Once you generated the CyCognito API Key, navigate to the Integrations page in the Autobahn platform and click Configure on the CyCognito tile.

      1 - On the CyCognito integration page, set up the integration:

      • Provide a Label for the CyCognito integration.

      • Enter the API Key you generated earlier.

      2 - Click the Save button to connect to your CyCognito instance.

      3 - To make sure that the integration is active, go to the Integrations page and look for the CyCognito tile. Once the toggle is active, the data is being imported into Autobahn.

      After you integrate CyCognito with Autobahn, it will take approximately one hour for data to be imported.

      You can view the imported vulnerabilities on the Issues page by using the Origin filter, and the corresponding assets on the Assets page by using the Source filter.

       

      4. Enable/disable integration

      You may want to disable the integration. Disabling the integration will prevent Autobahn from fetching new data from CyCognito. The credentials and previously fetched data will remain in Autobahn. To disable the active integration, click the toggle in the CyCognito card.

      You can re-enable the integration by switching the toggle back. When re-enabled, the system will fetch the data starting from the last fetching date.

      5. Data mapping on CyCognito integration

      Autobahn integrates with CyCognito through API and pulls relevant vulnerabilities and assets into Autobahn.

      5.a. Web application field mapping

      CyCognito field

      Autobahn field

      Value Example

      webapp_address

      Asset

      example.com:32768

      related_asset_ids.ip

      IPs

      1.1.1.1

      related_asset_ids.domain

      Hostnames

      example.com

      tags

      Tag

      sample-tag

      continent

      Tag

      Europe

      locations

      Tag

      DEU

      organizations

      Tag

      Autobahn

      region

      Tag

      Northern Europe

      5.b. Domain fields mapping

      Cycognito field

      Autobahn field

      Value Example

      domain

      Asset

      example.com

      related_asset_ids.ip

      IPs

      1.1.1.1

      domain

      Hostnames

      example.com

      tags

      Tag

      sample-tag

      continent

      Tag

      Europe

      locations

      Tag

      DEU

      organizations

      Tag

      Autobahn

      region

      Tag

      Northern Europe

      5.c. IP Address mapping

      Cycognito field

      Autobahn field

      Value Example

      ip

      Asset

      1.1.1.1

      ip

      IPs

      1.1.1.1

      related_asset_ids.domain

      Hostnames

      example.com

      tags

      Tag

      sample-tag

      continent

      Tag

      Europe

      locations

      Tag

      DEU

      organizations

      Tag

      Autobahn

      region

      Tag

      Northern Europe

      6. Status update mechanisms

      Every day, Autobahn syncs with CyCognito to receive updates on existing vulnerabilities and assets, as well as to retrieve new ones (if any are added).

      The table below shows how the status update mechanism works in the CyCognito integration for vulnerabilities and assets in Autobahn.

      Update type in Autobahn

      Mechanism (when?)

      The asset is archived

      • Asset not found during the last sync

      • Asset status on CyCognito's side is "removed".

      The vulnerability instance status changes to "Remediated"

      • If the vulnerability no longer appears in the scan findings.

      Note: Asset or vulnerability updates on the vendor side will be reflected in Autobahn on the next day after the daily data sync.

      7. API endpoints in use

      To get the data from CyCognito, Autobahn utilizes the CyCognito API, and uses Axios (JavaScript library) to access the CyCognito API directly.

      8. Important notes

      Several remarks on some CyCognito ingested vs. un-ingested fields:

      • CyCognito asset types are ingested based on user input, with available options including Domains, IP Addresses, and Web Applications. ​Certificates are currently not supported.

      • When calculating vulnerability instances, potential discrepancies between CyCognito and Autobahn should be considered:

        • Autobahn exclusively incorporates vulnerability instances directly linked to an asset. CyCognito, on the other hand, includes vulnerability instances not only for the asset itself but also for linked assets.

        • If a domain is linked to an IP address, each possessing distinct vulnerability instances:

          • In Autobahn, two separate assets will be displayed, each with its vulnerability instance.

          • In CyCognito, both assets will be assigned, but they will share the same two vulnerability instances.