Inventory Management

Inventory Management is where all of your PAC Configuration files can be viewed in one location. These configuration files for your PAC projects will be stored in their designated Collection and will be shown on the PAC file.

../img/pac/pac_management/pac_management_2023.png

Overview

../img/pac/pac_management/search_and_view_pac_config-1.png

  1. Search bar to look up specific PAC files by title.

  2. Searching for PAC files can be refined with an extensive set of Filters. This is useful for narrowing down results if the Autonomous Wizard discovers many targets in scope.

../img/pac/pac_management/search_and_view_pac_config-2.png

  1. Click the "+" icon to start creating a new PAC file from a base template.

  2. Click on the PAC Configuration option to view and edit the current PAC configuration file details.

  3. Click on your Connector file name to view and edit Connector configuration details.

../img/pac/pac_management/search_and_view_pac_config.png

  • Users are able to make any necessary changes using the built in editor that is displayed when clicking on a configuration file. This can be done when creating a new Config file or editing an existing PAC/Connector file.

Action Items

The direct actions that can be done against a PAC file can be viewed by clicking on the collapsed menu icon in the upper right of the file. A brief overview of the options is listed below.

1) Run Crawler and Pentest ../img/pac/pac_management/run_crawler_pentest.png

  • The Pentest option will begin an active Pentest against the target set in the PAC Config file.
  • Users can select the Crawler option to begin performing discovery on the target set in the PAC Config file.

2) Application Profile ../img/pac/pac_management/choose_application_profile.png

  • Adjustments to the Application Profile of the PAC file can be reviewed and reconfigured to meet compliance scanning needs.

../img/pac/pac_management/application_profile.png

3) Run Scanner ../img/pac/pac_management/choose_scanner.png

  • Users can view and edit the Scanner instances of a PAC file. This can be a quick and useful way of changing the Region or Resource Groups for active or pending Pentests.

../img/pac/pac_management/scanner_menu.png

4) Authentication ../img/pac/pac_management/choose_authentication.png

  • Users will be brought to the Authentication section of the PAC Wizard to set up, edit or review the current configuration.
  • Various Authentication methods can be set up for a scan, such as JWT, OAuth, Custom and more.

../img/pac/pac_management/authentication_page.png

5) Scheduler ../img/pac/pac_management/choose_scheduler.png

  • Users will be brought to the Scheduler page to view or create scheduled jobs when running Compliance or Crawler scans.

6) MITRE ATTACK ../img/pac/pac_management/choose_mitre_attack.png

  • The MITRE ATT&CK Framework integration with the Prancer platform allows for enhanced tagging and organization of findings.
  • Users can choose specific technique tags to test against their PAC files.

../img/pac/pac_management/mitre_attack_page.png

7) Third Party Integration ../img/pac/pac_management/choose_third_party_integration.png

  • Users can click on the Third Party Integration option to integrate Prancer with respective work management platforms.

../img/pac/pac_management/third_party_integration_page.png

8) Collection Files ../img/pac/pac_management/choose_collection_files.png

  • A review of all files in the assigned Collection of a given PAC Config file.

../img/pac/pac_management/collection_files.png

9) Add and Import Findings ../img/pac/pac_management/choose_add_import_findings.png

  • Users can choose the Add Findings option to manually enter details on findings they wish to include in the final report.
  • Users can also Import Findings from scans ran outside of the Prancer platform. Importing supports a wide range of tools and the file type needed for the import will be listed on the tool during import.
  • Newly added and imported findings will appear on the Application Security Findings page, as well as on any newly generated reports for the respective PAC file.

../img/pac/pac_management/add_findings.png ../img/pac/pac_management/import_findings.png

10) Manage Permissions ../img/pac/pac_management/choose_permissions.png

  • Users can review and adjust the User Permissions for their respective PAC file.

../img/pac/pac_management/user_permission.png

11) Delete

  • If users wish to delete the current PAC file, simply choose the Delete option.