Getting Started with Warden - Quick Start Guide

This article explains the first steps to get started with Warden.

Adding Internet-facing Perimeter Assets

  1. Navigate to the "Autodiscovery" View.
  2. Click on the "+" icon at the upper right corner to add a new public Internet-facing IP range.
  3. Specify the IP range in CIDR notation in the window that appears, leave the "Edge Service" selection to "None (Internet)".
  4. Leave other settings to their default value.
  5. Press "Add and discover now".
  6. Don't forget to whitelist our public IP range 74.217.31.64/26 if you have protections in place (IPS, WAF, DDoS, etc.).

Adding Internal Assets

Request a new Edge Service

  1. Navigate to the Settings view (clicking on the man-icon and choosing "Settings" from the dropdown).
  2. Select "Edge Services" from the left menu.
  3. Click on the "+" icon at the upper right corner to request the creation of a new Edge Service.
  4. In the window that appears, select:
    • The virtualization platform you need this disk image to be built against.
    • The networking configuration you need this disk image to have in your network.

    Install this new Edge Service Internally

    1. Follow the Setup Instructions received in the Edge Service download e-mail.
    2. Create a new virtual machine with enough RAM, CPU, and using the previously downloaded disk image.
    3. Make sure this new virtual machine has the required network access (as specified in the Setup Instructions).
    4. Boot this Edge Service VM and make sure it connects to Warden: the VM console status display, and the icon indicator in Warden should be green.

    Add your Internal (RFC1918) IP Ranges

    1. Navigate to the "Autodiscovery" View.
    2. Click on the "+" icon at the upper right corner to add your internal (RFC1918) IP range.
    3. Specify the IP range in CIDR notation in the window that appears, and select the newly created Edge Service in the "Edge Service" section. The connectivity icon should be green.
    4. Leave other settings to their default value.
    5. Press "Add and discover now".

    Managing Vulnerabilities

    By using the Vulnerabilities View

    1. Navigate to the "Vulnerabilities" View.
    2. Ensure that the vulnerabilities are sorted by "Priority" with the "1" on top of that list.
    3. Start by consulting vulnerabililities in that prioritized order, with the following simple workflow:

    Verify that the vulnerability is not a false positive (confirm the installed software and/or the vulnerable URL).

    • If it's a false positive, mark it as such and go to treat the next vulnerability.
    • If the vulnerability severity level is not the right one according to your judgement, you can update it and go to treat the next vulnerability.

    Update the vulnerable software and/or the vulnerable piece of Web application code.

    • You might need to extract the vulnerability information to communicate it to a sysadmin or Web developer, you can do so by selecting the vulnerability and using the "export" function at the top, in PDF or CSV format.

    Wait for the scans to update this vulnerability (if it is remediated it will dispapear from this view), or request an immediate re-scan of the asset.

    • If the vulnerability cannot be remediated, you can choose to snooze it for a specific period of time
    • If the vulnerability is remediated (software was updated and/or Web application code isn't exploitable anymore) but still appears in Warden after a successful scan of the same asset, you can mark it as a False-Positive.