Adaptive Shield
Adaptive Shield is an identity management tool that helps remediate SaaS configuration issues. You can bring alert, integrated user, integration, and security check data from Adaptive Shield into Brinqa to construct a unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Adaptive Shield and how to obtain that information from Adaptive Shield. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Adaptive Shield from the Connector drop-down. If you cannot find the connector in the drop-down, make sure you have installed it first. You must provide the following information to authenticate Adaptive Shield with Brinqa:
-
API URL: The Adaptive Shield API URL. The API URL depends on the region where your Adaptive Shield environment is deployed:
-
US:
https://api.adaptive-shield.com -
EU:
https://eu.api.adaptive-shield.com
-
-
Access token: The API key associated with the Adaptive Shield account, which must have permissions to log in to the API server and return data.
The API key inherits the scope and permissions of the associated Adaptive Shield user account, meaning it can only retrieve data that the user account can view in the Adaptive Shield UI.
Generate an Adaptive Shield API key
For the Adaptive Shield connector to retrieve data from the Adaptive Shield API, you must provide an API key. To do so, follow these steps:
-
Log in to your organization's Adaptive Shield portal as an administrator.
-
Navigate to your user profile and click User Settings
-
Click the API tab and then click Generate new key.
-
Provide a Name for the key, and then click Create.
Your new API key displays. You can not view the key again after this. Copy and save it to a secure location.
If you do not have permissions to generate an API key, contact your Adaptive Shield administrator. For additional information, see Adaptive Shield documentation.
Additional settings
The Adaptive Shield connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 4.
Types of data to retrieve
The Adaptive Shield connector can retrieve the following types of data from the Adaptive Shield API:
Table 1: Data retrieved from Adaptive Shield
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Alert | Yes | Alert, Alert Definition |
| Integrated User | Yes | Person |
| Integration | Yes | Cloud Resource |
| Security Check | Yes | Violation, Violation Definition |
The Adaptive Shield connector does not support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from Adaptive Shield in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Alert
Table 2: Alert attribute mappings
| Source Field Name | Maps to Attribute | Maps to UDM |
|---|---|---|
| account_id | Local variable | Not mapped |
| affected_diff | Local variable | Not mapped |
| alert_type | category | Alert Definition |
| description | description | Alert Definition |
| id | uid | Alert |
| integration.id | targets | Alert |
| is_archived | Local variable | Not mapped |
| new_affected_count | Local variable | Not mapped |
| security_check_api_link | Local variable | Not mapped |
| source | Local variable | Not mapped |
| source_id | type | Alert |
| source_id | uid | Alert Definition |
| timestamp | sourceCreatedDate | Alert |
| user_who_archived | Local variable | Not mapped |
Integrated User
Table 3: Integrated User attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| account_id | Local variable |
| company | Local variable |
| country | Local variable |
| department | Local variable |
| domain | Local variable |
| emails | |
| enabled | Local variable |
| exposures | Local variable |
| exposures_total | Local variable |
| full_name | name |
| integrations | Local variable |
| integrations_total | Local variable |
| login_names | Local variable |
| roles | Local variable |
| title | description |
| user_item_identity | uid |
Integration
Table 4: Integration attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| account_id | Local variable |
| alias | Local variable |
| created_time | sourceCreatedDate |
| enabled | Local variable |
| id | uid |
| integration_status | status |
| issues | Local variable |
| last_run | lastScanned |
| saas_id | Local variable |
| saas_name | Local variable |
Security Check
Table 5: Security Check attribute mappings
| Source Field Name | Maps to Attribute | Maps to UDM |
|---|---|---|
| account_id | Local variable | Not mapped |
| affected | Local variable | Not mapped |
| base_check_id | Local variable | Not mapped |
| created_by | Local variable | Not mapped |
| creation_date | sourceCreatedDate, firstFound | Violation |
| details | description | Violation Definition |
| dismiss_expiration_date | Local variable | Not mapped |
| dismiss_reason | Local variable | Not mapped |
| id | uid | Violation |
| impact | severity, sourceSeverity, severityScore | Violation Definition |
| integration_id | targets | Violation |
| is_global | Local variable | Not mapped |
| name | type | Violation |
| name | name, uid | Violation Definition |
| remediation_plan | recommendation | Violation Definition |
| saas_name | Local variable | Not mapped |
| security_check_type | categories | Violation Definition |
| security_domain | categories | Violation Definition |
| status | status, sourceStatus, statusCategory | Violation |
| status_last_changed_date | sourceLastModified | Violation |
| status_reason | Local variable | Not mapped |
| user_who_dismissed | Local variable | Not mapped |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
APIs
The Adaptive Shield connector uses the Adaptive Shield API v1. Specifically, it uses the following endpoints:
Table 6: Adaptive Shield API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Alert | GET /api/v1/accounts |
GET /api/v1/accounts/{accountId}/alerts | |
| Integrated User | GET /api/v1/accounts |
GET /api/v1/accounts/accountId}/user_inventory | |
| Integration | GET /api/v1/accounts |
GET /api/v1/accounts/{accountId}/integrations | |
| Security Check | GET /api/v1/accounts |
GET /api/v1/accounts/{accountId}/security_checks | |
GET /api/v1/accounts/{accountId}/security_checks/{securityCheckId}/affected |
Changelog
The Adaptive Shield connector has undergone the following changes:
Table 7: Adaptive Shield connector changelog
| Version | Description |
|---|---|
| 3.0.3 | Improved the description and recommendation fields on the Violation Definition object. |
| 3.0.2 | Fixed an issue where the Violation object sync was failing due to exceeding the API rate limit ("You cannot make more than 100 requests per minute"). Added rate limiting to prevent these errors. |
| 3.0.1 | Fixed an issue where the Violation object sync was failing. |
| 3.0.0 | Initial Integration+ release. |