AppOmni
AppOmni is a SaaS Security Posture Management (SSPM) platform that monitors and secures SaaS applications. You can bring application, violation, violation definition, person, and team data from AppOmni into Brinqa to gain a unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with AppOmni and how to obtain that information from AppOmni. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select AppOmni from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate AppOmni with Brinqa:
- API URL: The AppOmni API base URL. The default is
https://app.appomni.com/api/v1. - API Token: The API token for authenticating with the AppOmni API.
The connector authenticates using an API token. All API requests include the token in the Authorization header as Token <api_token>. The API token is generated from the AppOmni platform under Settings → API.
Additional settings
The AppOmni connector contains additional options for specific configuration:
- Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
- Parallel requests: The maximum number of parallel API requests. The default setting is 8.
- Maximum retries: The maximum number of times that the integration attempts to connect to the AppOmni API before giving up and reporting a failure. The default setting is 5.
Types of data to retrieve
The AppOmni connector can retrieve the following types of data from the AppOmni API:
Table 1: Data retrieved from AppOmni
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| AppOmniGroup | Yes | Team |
| AppOmniUser | Yes | Person |
| MonitoredService | Yes | Application |
| PostureFinding | Yes | Violation |
| PostureFindingDefinition | Yes | Violation Definition |
For detailed steps on how to view the data retrieved from AppOmni in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
AppOmniGroup
Table 2: AppOmniGroup attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| Generated (set to "Team") | CATEGORIES |
displayName | DESCRIPTION |
| Generated (sync capture timestamp) | LAST_CAPTURED |
members[*].value | MEMBERS |
| Generated (computed from members array size) | MEMBER_COUNT |
displayName | NAME |
meta.created | SOURCE_CREATED_DATE |
meta.lastModified | SOURCE_LAST_MODIFIED |
| Generated (set to "active") | STATUS |
id | UID |
AppOmniUser
Table 3: AppOmniUser attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| Generated (set to "Person") | CATEGORIES |
Enterprise extension department | DEPARTMENT |
displayName | DESCRIPTION |
Primary email from emails | |
emails[*].value | EMAILS |
active (active/inactive) | EMPLOYMENT_STATUS |
name.givenName | FIRST_NAME |
groups[*].value | GROUPS |
title | JOB_TITLE |
| Generated (sync capture timestamp) | LAST_CAPTURED |
name.familyName | LAST_NAME |
displayName | NAME |
meta.created | SOURCE_CREATED_DATE |
meta.lastModified | SOURCE_LAST_MODIFIED |
active (active/inactive) | STATUS |
id | UID |
userName | USERNAME |
MonitoredService
Table 4: MonitoredService attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
Generated ("Application" + serviceType) | CATEGORIES |
MonitoredServiceResource.description | DESCRIPTION |
MonitoredServiceResource.enforcementMode | ENFORCEMENT_MODE |
MonitoredServiceResource.externalId | EXTERNAL_ID |
MonitoredServiceResource.integrationConnected | INTEGRATION_CONNECTED |
MonitoredServiceResource.isArchived | IS_ARCHIVED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
MonitoredServiceResource.name or serviceName | NAME |
MonitoredServiceResource.openIssuesCount | OPEN_ISSUES_COUNT |
MonitoredServiceResource.score | SCORE |
MonitoredServiceResource.serviceId | SERVICE_ID |
MonitoredServiceResource.serviceName | SERVICE_NAME |
MonitoredServiceResource.serviceType | SERVICE_TYPE |
MonitoredServiceResource.created | SOURCE_CREATED_DATE |
MonitoredServiceResource.modified | SOURCE_LAST_MODIFIED |
Generated (derived from isArchived / enforcementMode) | STATUS |
MonitoredServiceResource.id | UID |
PostureFinding
Table 5: PostureFinding attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
FindingResource.assignee | ASSIGNEE |
FindingResource.description or summary | DESCRIPTION |
FindingResource.findingType | FINDING_TYPE |
FindingResource.firstOpened | FIRST_OPENED |
FindingResource.lastClosed | LAST_CLOSED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
FindingResource.lastOpened | LAST_OPENED |
FindingResource.monitoredService | MONITORED_SERVICE |
FindingResource.title | NAME |
FindingResource.policyId | POLICY_ID |
FindingResource.policyName | POLICY_NAME |
FindingResource.status | PROVIDER_STATUS |
FindingResource.remediationSteps | REMEDIATION_STEPS |
FindingResource.appomniRiskLevel | RISK_LEVEL |
FindingResource.appomniRiskScore | RISK_SCORE |
FindingResource.severity or appomniRiskLevel (normalized) | SEVERITY |
FindingResource.created | SOURCE_CREATED_DATE |
FindingResource.modified | SOURCE_LAST_MODIFIED |
FindingResource.status (normalized) | SOURCE_STATUS |
FindingResource.summary | SUMMARY |
FindingResource.monitoredService | TARGETS |
FindingResource.policyId | TYPE |
FindingResource.id | UID |
PostureFindingDefinition
Table 6: PostureFindingDefinition attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
PolicyResource.category | CATEGORIES |
PolicyResource.category | CATEGORY |
PolicyResource.description | DESCRIPTION |
PolicyResource.externalId | EXTERNAL_ID |
PolicyResource.isReference | IS_REFERENCE |
| Generated (sync capture timestamp) | LAST_CAPTURED |
PolicyResource.name | NAME |
PolicyResource.policyFramework | POLICY_FRAMEWORK |
PolicyResource.policyType | POLICY_TYPE |
PolicyResource.severity (normalized) | SEVERITY |
| Computed from normalized severity | SEVERITY_SCORE |
PolicyResource.created | SOURCE_CREATED_DATE |
PolicyResource.modified | SOURCE_LAST_MODIFIED |
PolicyResource.severity (raw) | SOURCE_SEVERITY |
PolicyResource.policyType | TAGS |
PolicyResource.id | UID |
Operation options
The AppOmni connector supports the following operation options. See connector operation options for information about how to apply them.
MonitoredService
Table 7: MonitoredService operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| MonitoredService | annotations | Any string | Include computed fields like open_issues_count. Default is 1. | Key: annotations Value: 1. Includes computed annotations in the response. |
| enforcementMode | Any string | Filter by enforcement mode. | Key: enforcementMode Value: monitoring. Only retrieves monitored services in monitoring mode. | |
| isArchived | true, false | Filter by archived status. | Key: isArchived Value: false. Excludes archived services. | |
| serviceType | Any string | Filter by service type. | Key: serviceType Value: salesforce. Only retrieves Salesforce monitored services. |
PostureFinding
Table 8: PostureFinding operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| PostureFinding | monitoredServiceIn | Any string | Comma-separated monitored service IDs to filter by. | Key: monitoredServiceIn Value: 123,456. Only retrieves findings for the specified services. |
| riskScoreGte | Any string | Minimum risk score threshold. | Key: riskScoreGte Value: 5. Only retrieves findings with a risk score of 5 or higher. | |
| riskScoreLte | Any string | Maximum risk score threshold. | Key: riskScoreLte Value: 8. Only retrieves findings with a risk score of 8 or lower. | |
| sourceType | Any string | Filter by source type. | Key: sourceType Value: scanner. Only retrieves scanner-sourced findings. | |
| status | open, closed | Filter by finding status. | Key: status Value: open. Only retrieves open findings. |
PostureFindingDefinition
Table 9: PostureFindingDefinition operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| PostureFindingDefinition | isReference | true, false | Filter by reference policies. | Key: isReference Value: true. Only retrieves reference/system policies. |
APIs
The AppOmni connector uses the AppOmni API. Specifically, it uses the following endpoints:
Table 10: AppOmni API endpoints
| Connector Object | API Endpoint |
|---|---|
| AppOmniGroup | GET /scim/v2/Groups |
| AppOmniUser | GET /scim/v2/Users |
| MonitoredService | GET /core/monitoredservice/ |
| PostureFinding | GET /findings/finding/ |
| PostureFindingDefinition | GET /core/policy/ |
Changelog
The AppOmni connector has undergone the following changes:
Table 11: AppOmni connector changelog
| Version | Description | Date Published |
|---|---|---|
| 3.0.0 | Initial Integration+ release. | TBD |