- 18 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
Cosmos Bishop Fox Continuous Penetration Testing
- Updated on 18 Mar 2025
- 2 Minutes to read
- Print
- DarkLight
Cosmos Continuous Penetration Testing, developed by Bishop Fox, automates data collection and analysis for networks, domains, and applications. By integrating with various tools, it streamlines vulnerability assessments, enhances threat intelligence, and offers customizable features and reporting, making it an asset for security professionals.
Integration Method: API
Tables: Detection Finding (2004), Vulnerability Finding (2002)
This integration supports the following events.
Event | Description |
---|---|
Findings | Retrieves a list of findings, which includes details of exposed services, misconfigurations, vulnerable software, credential reuse, information disclosures, subdomain takeovers, and more. |
This integration supports the following versions.
Cosmos Continuous Penetration Testing Version | v2.0 |
Cosmos Continuous Penetration Testing API version | v1.0 |
Prerequisites
The user should have access to the Cosmos platform to generate API clients.
The user should have access to the DataBee console.
Configuration Overview
Generate client credentials with the required scopes.
Add the Cosmos Continuous Penetration Testing data feed in the DataBee console with the below parameters.
DataBee Parameter
Cosmos Continuous Penetration Testing Parameter
Client Key
Client Key
Client Secret
Client Secret
Organization UID
Unique ID
Cosmos Continuous Penetration Testing Configuration
Before you start configuring the data feed on DataBee UI, you will need to create the API Client and get the necessary information for API authentication such as Client ID and Client Secret. Follow these steps:
Logon to Cosmos Platform.
Click your username from the top right corner > Select My profile.
Navigate to the API KEYS tab, copy the Unique ID from the Organization section, API URL from API Keys section and then click the Generate New API Keys button to create API key.
Copy the Client Key and Client Secret.
Note:
The user needs to re-create the client secret when it expires (90 days). Additionally, once this step is completed, the user will not be able to view the API credentials again. Ensure the keys are stored in a secure location before proceeding.
DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for the Cosmos Continuous Penetration Testing and click it as shown below.
Click on the API Ingest option for the collection method.
Enter feed contact information and click Next.
In the configuration page, confirm the following:
Authorization Method: OAuth2
API Base URL: paste the Base URL.
Client Key: paste the Client Key.
Client Secret: paste the Client Secret.
Organization UID: paste the Unique ID.
Event Types: preselected for all the event types that integration pulls.
Click Submit.
Troubleshooting Tips
If you’re facing invalid_client or unauthorized_client issues this might be possibly due to incorrect credentials. Ensure the token is pasted correctly. Since you cannot view the token after the 1st time, re-create the token, paste it on a text editor to ensure no spaces or unexpected characters are included and reconfigure the DataBee feed.