Integrating Acunetix with Mantis

Integrating Acunetix with Mantis is a 4-step process:

• Create a project in Mantis (or use a pre-existing project)
• Prepare an API Token in Mantis for communication with Acunetix
• Configuring Acunetix for Integration
• Configuring a Target to Report Issues to your Issue Tracker
• Submitting Vulnerabilities to Mantis

Prepare your Mantis account for Integration

If you already have a project in Mantis which you want to use to hold issues generated by Acunetix scans, then you can skip to creating an API token.

Create a Project

• From your Mantis sidebar menu, select "Manage"
• Click on the "Manage Projects" tab

• In the "Projects" panel, click on the "Create New Project" button

• In the "Add Project" panel:

• Enter a "Project Name" for the project
• Enter a description for the project
• In the case of this example, you would leave the other fields at their default values
• Click the "Add Project" button

Create an API Token for Acunetix Integration authentication

• From your Mantis profile dropdown, select "My Account"
• Click on the "API Tokens" tab

• In the "Create API Token" panel:

• Set the "Token Name" field to "Acunetix Integration" – this is only a friendly name to remind you of its use
• Click the "Create API Token" button

• Make sure you keep a copy of the Token - it cannot be retrieved after you exit the page. If you lose the Token, you will need to create a new one and repeat the process.

Configuring Acunetix for Integration

• In the Acunetix UI, click on "Issue Trackers" in the sidebar
• Click on the "Add Issue Tracker" button

• Set the "Name" field to describe the integration – for this example, we have used "Mantis Issues"

• Select the Target Groups which will have access to this issue tracker configuration

• Select the proxy settings which will be used to communicate with this issue tracker:

• The default is to use the Acunetix general proxy settings
• Use the No Proxy setting to avoid using a proxy when communicating with this issue tracker

• Use the Custom setting to use proxy settings specifically for communicating with this issue tracker. Specify the protocol, proxy address and port and optionally username and password to be used to connect to the proxy server.

• Select "Mantis" from the dropdown labelled "Platform"
• Set the URL to the base URL for your Mantis deployment — in this example "http://tools.example.local/mantisbt"
• Insert your Mantis API Token into the "Token" field
• Click on "Test Connection" - you should receive a "Connection is Successful" message; also, the "Project and Issue Type" panel will be updated with your list of Projects

• Select the Mantis project you want the integration to be linked to – in this example you would be using the pre-created "internal-wiki" project
• Click the "Save" button at the top of the "Add Issue Tracker" panel

Configuring a Target to Report Issues to your Issue Tracker

From your list of Targets, select the Target you wish to work with.

• In the Target Information panel, scroll to the bottom of the panel and expand the "Advanced" link.

• Enable the "Issue Tracker" slider
• From the "Issue Tracker" dropdown, select the name of the Mantis Integration configuration you wish to use
• At the top of the "Target Information" panel, click the "Save" button

Now that your Target is configured to link to Mantis, you need to Scan your Target. When the Scan is completed, you will be able to select the Vulnerabilities to submit to your Issue Tracker.

Submitting Vulnerabilities to Mantis

Once you have completed a Scan on your Target:

• Select "Vulnerabilities" in the sidebar

• Adjust your filter to obtain a shortlist containing the vulnerabilities you wish to send to your Issue Tracker
• Use the checkboxes next to vulnerability to select the vulnerabilities to send to the Issue Tracker
• Click the "Send to Issue Tracker" button at the top of the "Vulnerabilities" panel

Check your Mantis Issues page

Your Mantis Issues page will show the issues you have submitted to the Issue Tracker: