Skip to main content

Adaptive Shield

Adaptive Shield is an identity management tool that helps remediate SaaS configuration issues. You can bring alert, integrated user, integration, and security check data from Adaptive Shield into Brinqa to construct a unified view of your attack surface, thus strengthening your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Adaptive Shield and how to obtain that information from Adaptive Shield. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Adaptive Shield from the Connector drop-down. If you cannot find the connector in the drop-down, make sure you have installed it first. You must provide the following information to authenticate Adaptive Shield with Brinqa:

  • API URL: The Adaptive Shield API URL. The API URL depends on the region where your Adaptive Shield environment is deployed:

    • US: https://api.adaptive-shield.com

    • EU: https://eu.api.adaptive-shield.com

  • Access token: The API key associated with the Adaptive Shield account, which must have permissions to log in to the API server and return data.

    The API key inherits the scope and permissions of the associated Adaptive Shield user account, meaning it can only retrieve data that the user account can view in the Adaptive Shield UI.

Generate an Adaptive Shield API key

For the Adaptive Shield connector to retrieve data from the Adaptive Shield API, you must provide an API key. To do so, follow these steps:

  1. Log in to your organization's Adaptive Shield portal as an administrator.

  2. Navigate to your user profile and click User Settings

  3. Click the API tab and then click Generate new key.

    Generate new Adaptive Shield API key

  4. Provide a Name for the key, and then click Create.

    Your new API key displays. You can not view the key again after this. Copy and save it to a secure location.

note

If you do not have permissions to generate an API key, contact your Adaptive Shield administrator. For additional information, see Adaptive Shield documentation.

Additional settings

The Adaptive Shield connector contains additional options for specific configuration:

  • Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.

  • Parallel requests: The maximum number of parallel API requests. The default setting is 4.

  • Maximum retries : The maximum number of times that the integration attempts to connect to the Adaptive Shield API before giving up and reporting a failure. The default setting is 5.

Types of data to retrieve

The Adaptive Shield connector can retrieve the following types of data from the Adaptive Shield API:

Table 1: Data retrieved from Adaptive Shield

Connector ObjectRequiredMaps to Data Model
AlertYesAlert
Alert DefinitionYesAlert Definition
Compliance ControlNoNot mapped
DeviceNoDevice
HostNoHost
Integrated UserYesPerson
IntegrationYesCloud Resource
ViolationYesViolation
Violation DefinitionYesViolation Definition
info

For detailed steps on how to view the data retrieved from Adaptive Shield in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes.

Alert

Table 2: Alert attribute mappings

Source Field NameMaps to AttributeMaps to UDM
account_idLocal variableNot mapped
affected_diffLocal variableNot mapped
alert_typecategoryAlert Definition
descriptiondescriptionAlert Definition
iduidAlert
integration.idtargetsAlert
is_archivedLocal variableNot mapped
new_affected_countLocal variableNot mapped
security_check_api_linkLocal variableNot mapped
sourceLocal variableNot mapped
source_idtypeAlert
source_iduidAlert Definition
timestampsourceCreatedDateAlert
user_who_archivedLocal variableNot mapped
Device

Table 3: Device attribute mappings

Source Field NameMaps to Attribute
account_idLocal variable
device_namename
globally_compliantLocal variable
globally_managedLocal variable
iduid
last_seenlastSeen
osLocal variable
os_versionLocal variable
platformLocal variable
reporters.integration_idLocal variable
user_emailemails
Host

Table 4: Host attribute mappings

Source Field NameMaps to Attribute
account_idLocal variable
device_namename
globally_compliantLocal variable
globally_managedLocal variable
iduid
last_seenlastSeen
mac_address_listmacAddresses
osLocal variable
os_versionLocal variable
platformLocal variable
reporters.integration_idLocal variable
user_emailemails
Integrated User

Table 5: Integrated User attribute mappings

Source Field NameMaps to Attribute
account_idLocal variable
companyLocal variable
countryLocal variable
departmentLocal variable
domainLocal variable
emailemails
enabledLocal variable
exposuresLocal variable
exposures_totalLocal variable
full_namename
integrationsLocal variable
integrations_totalLocal variable
login_namesLocal variable
rolesLocal variable
titledescription
user_item_identityuid
Integration

Table 6: Integration attribute mappings

Source Field NameMaps to Attribute
account_idLocal variable
aliasLocal variable
created_timesourceCreatedDate
enabledLocal variable
iduid
integration_statusstatus
issuesLocal variable
last_runlastScanned
saas_idLocal variable
saas_nameLocal variable
Violation

Table 7: Violation attribute mappings

Source Field NameMaps to Attribute
account_idLocal variable
affectedLocal variable
base_check_idLocal variable
created_byLocal variable
creation_datesourceCreatedDate, firstFound
dismiss_expiration_dateLocal variable
dismiss_reasonLocal variable
integration_idtargets
is_globalLocal variable
nametype
saas_nameLocal variable
statusstatus, sourceStatus, statusCategory
status_last_changed_datesourceLastModified
status_reasonLocal variable
user_who_dismissedLocal variable
iduid, Local variable
Violation Definition

Table 8: Violation Definition attribute mappings

Source Field NameMaps to Attribute
compliance.control_codeLocal variable
detailsdescription
impactseverity (normalized), severityScore, sourceSeverity
nameuid, name
remediation_planrecommendation
security_check_typecategories
security_domaincategories
status_reasondescription
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Operation options

The Adaptive Shield connector supports the following operation options. See connector operation options for information about how to apply them.

Table 9: Adaptive Shield operation options

Connector ObjectOptionAll Possible ValuesDescriptionExample
Compliance Controlinclude_compliancetrue, falseIf set to true, control codes and compliance data are included.
This may impact performance due to additional API calls.
Key: include_compliance, Value: true.
Retrieves control and compliance data associated with violations.
Deviceintegration_idAny Adaptive Shield integration ID stringA comma-separated list of integration IDs.
Use this option to limit the retrieved devices by their associated integration IDs.
Key: integration_id, Value: 6720f0e4cb44f5a5d7a6d1ef,6720f0e4cb44f5a5d7a6d1ef.
Only retrieves devices with these integration IDs.
Hostintegration_idAny Adaptive Shield integration ID stringA comma-separated list of integration IDs.
Use this option to limit the retrieved hosts by their associated integration IDs.
Key: integration_id, Value: 6720f0e4cb44f5a5d7a6d1ef,6720f0e4cb44f5a5d7a6d1ef.
Only retrieves hosts with these integration IDs.
Violationinclude_compliancetrue, falseIf set to true, control codes and compliance data are included.
This may impact performance due to additional API calls.
Key: include_compliance, Value: true.
Retrieves control and compliance data associated with violations.
Violation Definitioninclude_compliancetrue, falseIf set to true, control codes and compliance data are included.
This may impact performance due to additional API calls.
Key: include_compliance, Value: true.
Retrieves control and compliance data associated with violation definitions.

APIs

The Adaptive Shield connector uses the Adaptive Shield API v1. Specifically, it uses the following endpoints:

Table 10: Adaptive Shield API Endpoints

Connector ObjectAPI Endpoint
AlertGET /api/v1/accounts
GET /api/v1/accounts/{accountId}/alerts
Alert DefinitionGET /api/v1/accounts
GET /api/v1/accounts/{accountId}/alerts
Compliance ControlGET /api/v1/accounts/{accountId}/security_checks/{securityCheckId}/compliance
DeviceGET /api/v1/accounts/{accountId}/device_inventory
HostGET /api/v1/accounts/{accountId}/device_inventory
Integrated UserGET /api/v1/accounts
GET /api/v1/accounts/{accountId}/user_inventory
IntegrationGET /api/v1/accounts
GET /api/v1/accounts/{accountId}/integrations
ViolationGET /api/v1/accounts
GET /api/v1/accounts/{accountId}/security_checks
GET /api/v1/accounts/{accountId}/security_checks/{securityCheckId}/affected
GET /api/v1/accounts/{accountId}/security_checks/{securityCheckId}/compliance
Violation DefinitionGET /api/v1/accounts
GET /api/v1/accounts/{accountId}/security_checks
GET /api/v1/accounts/{accountId}/security_checks/{securityCheckId}/affected
GET /api/v1/accounts/{accountId}/security_checks/{securityCheckId}/compliance

Changelog

The Adaptive Shield connector has undergone the following changes:

Table 11: Adaptive Shield connector changelog

VersionDescriptionDate Published
3.0.5Fixed an issue where the Violation and Violation Definition object syncs were failing.August 15th, 2025
3.0.4- The connector now retrieves the Compliance Control, Device, and Host objects from Adaptive Shield.
- Added a new additional setting to help manage API throttling: Maximum retries.
- The STATUS_REASON attribute on the Violation Definition now maps to the Description field in Brinqa.
- The connector now supports operation options.
- Added the CONTROL_CODES attribute to the Violation Definition object.
- The Violation object has been enhanced to create distinct violations based on the affected data from Adaptive Shield.
July 30th, 2025
3.0.3Improved the description and recommendation fields on the Violation Definition object.June 10th, 2025
3.0.2Fixed an issue where the Violation object sync was failing due to exceeding the API rate limit ("You cannot make more than 100 requests per minute"). Added rate limiting to prevent these errors.May 7th, 2025
3.0.1Fixed an issue where the Violation object sync was failing.April 7th, 2025
3.0.0Initial Integration+ release.February 11th, 2025