Integrating with IBM Concert

You can maximize the benefits of IBM Concert and Instana by setting up a two-way integration. With this integration, you can use the Instana UI to get a detailed view of the common vulnerabilities and exposures (CVE) that are detected by Concert in the runtime container environments.

The CVE sensor polls the Concert APIs every 10 minutes to collect the vulnerability findings. These vulnerability findings are converted into CVE detections for each container, based on the associated container image.

See the following sections to learn how to integrate Concert with Instana:

Support information

Supported operating systems

The CVE sensor supports the same operating systems as the Instana host agent. For more information, see the supported operating systems section of host agent installation-topic for your selected agent, such as Supported operating systems for Unix.

Supported Concert versions

The CVE sensor supports IBM Concert v1.0.4.2 and later.

Prerequisites

Before you start the integration process, make sure to complete the following prerequisites:

  • Confirm that you are using Instana 287 or later, and that you can see the Vulnerabilities tab in one of your Application Perspectives.
  • Confirm that you are using Concert v1.0.4 or later. To check the version, go to Profile > About.
  • Upload a vulnerability scan by following the instructions in the Uploading files in the Concert UI. After you upload the scan, in the Arena view, set Prioritized CVEs to on and check if you can see the CVE vulnerabilities.

Setting up the integration

To set up and deploy the integration between Instana and Concert, complete the following steps:

  1. In the Instana UI, create an API Token for Instana's API. Note that an Instana API key with default permissions is sufficient. For Instana-Concert integration, Concert uses read APIs only. For more information, see Instana REST API.

  2. In the Concert UI, establish a connection with Instana by completing the following steps:

    1. Click Administration > Integrations.
    2. Click the Connections tab.
    3. Click Create connection.
    4. Use the search bar or scroll to find and click IBM Instana Observability.
    5. On the Create IBM Instana Observability connection screen, enter a name for the connection.
    6. Enter a description for this connection for internal reference. For example, provide details about the Instana applications these credentials have access to or what they should be used for.
    7. Under Endpoint, enter the host URL of the Instana application endpoint. For example, https://myname-instana.instana.io.
    8. Enter a valid Instana API key with access to the specified application endpoint.
    9. Click Validate connection.
    10. Once validated, click Create.

  3. Create an ingestion job in Concert by entering the connection information and name your environment. For more information, see Creating a data ingestion job.

  4. After you create the ingestion job in Concert, click the overflow menu of the newly created job and select Run now to populate Concert with Instana’s environment data.

  5. In the Concert UI, click Profile > API Key and create an API Key. For more information, see Generating an API key.

  6. Configure the CVE sensor. The configuration process depends on your Instana deployment method.

    • For Instana SaaS deployments: Create an IBM Support ticket with the following information to set up a connection between Instana and Concert:

      • base_url: Available in your concert instance URL
      • instance_id: Available in your concert instance URL
      • api_key: API Key created in your concert instance

    • For Instana self-hosted deployments: Install and configure the Instana agent. For more information on configuring the Instana host agents, see Configuring Instana host agents.

      Notes:
      • You must install and configure the Instana agent as a non-root user.
      • Make sure that the `issue-tracker` service is running in the Instana backend to use the Events framework by the CVE sensor.

By default, the CVE sensor is disabled. To enable the sensor, modify the agent configuration file configuration.yaml as shown in the following example:

```yaml {: codeblock}
# cve Sensor
com.instana.plugin.cve:
 enabled: true
 concert:
  base_url: ''     # Available in your concert instance URL
  instance_id: ''  # Available in your concert instance URL
  api_key: ''      # Concert API key
  poll_rate: 10    # Sensor poll rate in minutes
```

Viewing Concert data

After you enable the CVE sensor, you can view the vulnerability data from Concert in the Instana UI.

Container dashboard

To view the vulnerabilities for a specific container on the Container dashboard, complete the following steps:

  1. Open the Container dashboard for your specific container.

    Container dashboard
    Figure 1. Container dashboard

  2. Click Vulnerabilities to display a dropdown with up to 10 severe vulnerabilities for the container. At the end of the dropdown, select View nnn vulnerabilities to see the complete list of vulnerabilities.

    Container dashboard dropdown
    Figure 2. Container dashboard dropdown

Applications dashboard

To view the vulnerabilities in the containers that are used by the application on the Applications dashboard, click the Vulnerabilities tab.

Application dashboard Vulnerabilities tab
Figure 3. Application dashboard Vulnerabilities tab

Vulnerabilities

From the navigation menu in the Instana UI, select Vulnerabilities to access the Vulnerabilities page. The vulnerabilities page contains the following 2 tabs:

  • CVEs
  • Detections

CVEs

The CVEs tab shows a list of vulnerabilities across all containers with their severity, affecting entities count, name, and date of identification.

Vulnerabilities CVE tab
Figure 4. Vulnerabilities CVE tab

To view detailed information about a specific CVE, select it from the list. The detailed view includes the following information:

  • CVSS severity, affecting entities count, and reported date
  • Vulnerability description
  • List of affected applications

Vulnerabilities CVE tab details
Figure 5. Vulnerabilities CVE tab details

Detections

The Detections tab shows a list of vulnerabilities across all containers with their maximum risk score, CVSS severity, name, affected entity, reported date, and status.

Vulnerabilities Detections tab
Figure 6. Vulnerabilities Detections tab

To view detailed information about a specific detection, select it from the list. The detailed view includes the following information:

  • Reported date, current state, risk score and severity
  • Vulnerability description
  • List of affected applications

Vulnerabilities Detections tab details
Figure 7. Vulnerabilities Detections tab details

Notes:
  • This feature is enabled by default. To disable it, set the feature flag `feature.vulnerabilityCenter.enabled` to `false`.
  • If this feature flag is set to `false`, the vulnerabilities in the navigation panel, the vulnerabilities tab in the application perspective, and the vulnerabilities button on the container dashboard are disabled.