Import Cobalt Findings into Kenna Security

Set up an integration with Kenna Security.

Configure the integration to import Cobalt findings into the Kenna Security platform.

You can also refer to the Kenna Security documentation.

Integration Overview

Kenna Security is a risk and vulnerability intelligence platform.

You can retrieve findings data from Cobalt using the API and import it into Kenna Security. Then you can measure risk associated with vulnerabilities and prioritize remediation efforts on the Kenna Security platform.

What You Need

To configure the integration, you need the following:

Step 1: Create a Kenna Security Data Importer Connector

We recommend creating a dedicated connector for importing Cobalt findings in Kenna Security, even if you already have other connectors configured.

  1. In Kenna Security, select Connectors.

    Select Connectors in Kenna Security
  2. Select Add Connector.

    Select Add Connector in Kenna Security
  3. Search for and select the Kenna Data Importer connector.

    Select the Kenna Data Importer connector
  4. On the configuration page, enter a name for your connector, such as Kenna Data Importer - Select Save.

    Connector configuration page in Kenna Security
  5. Select the connector you created.

    Select the connector you created in Kenna Security
  6. Copy the connector ID. You will need it in step 2.

    Kenna Data Importer connector ID

Step 2: Get the Kenna Security Toolkit Image

The Kenna Security Toolkit is wrapped in a container image. You can get it in two ways:

From Docker Hub

Pull the toolkit image from Docker Hub using this request:

docker pull kennasecurity/toolkit

When ready, go to step 3.

From the Source

  1. Clone the Kenna Toolkit repository.
    git clone
  2. Build the Kenna Security Toolkit image from the source. If you’ve already done this in the past, you may have to do it again because the Cobalt task is a relatively new addition.
    docker build . -t toolkit:latest

Step 3: Run the Cobalt Task

  1. Prepare the following variables required to run the Cobalt task. See how to get these values.
    • COBALT_API_TOKEN: Cobalt API token
    • COBALT_ORG_TOKEN: Cobalt organization token
    • KENNA_API_KEY: Kenna Security API key
    • KENNA_CONNECTOR_ID: ID of the Kenna Security Data Importer connector
  2. Replace variables with your values, and run this task:
    export COBALT_API_TOKEN=xxx
    export COBALT_ORG_TOKEN=xxx
    export KENNA_API_KEY=xxx
    export KENNA_CONNECTOR_ID=xxx
  3. Run the toolkit with the cobaltio task selected. This command imports all findings from the configured organization in Cobalt into Kenna Security.
    • (Recommended) By default, the AppSec module is used.
    • If you want to use the VM module instead, add kenna_appsec_module=false to the command below.
    docker run -it --rm toolkit:latest \
        task=cobaltio \
        cobalt_api_token=$COBALT_API_TOKEN \
        cobalt_org_token=$COBALT_ORG_TOKEN \
        kenna_api_key=$KENNA_API_KEY \

Step 4: View Imported Findings

You can view findings imported from Cobalt in one of these modules, depending on which one you’re using:

AppSec Module

In Kenna Security, navigate to AppSec > Explore.

Select AppSec > Explore in Kenna Security

You should see findings imported from Cobalt. If the page contains findings from other sources, you can apply a filter for the Cobalt connector.

View findings imported from Cobalt in the AppSec module

VM Module

In Kenna Security, navigate to VM > Explore.

Select VM > Explore in Kenna Security

You should see findings imported from Cobalt. If the page contains vulnerabilities from other sources, use search to find newly added vulnerabilities.

View findings imported from Cobalt in the VM module

Was this page helpful?

Create an Issue

Last modified September.09.2023