Skip to main content

Aqua Security (Server)

Aqua Security (Server) is an on-premises container security tool that provides workload protection and security for containers, Kubernetes, and serverless applications. You can bring container, host, and security data from Aqua into Brinqa to construct a unified view of your attack surface, thus strengthening your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Aqua Server and how to obtain that information from Aqua. See create a data integration for step-by-step instructions on setting up the integration.

info

The Aqua Server connector differs from the Aqua SaaS connector only in its authentication method. Instead of an API key and API secret, the Aqua Server connector uses a username and password. The underlying APIs, data retrieved, operation options, and data mappings remain the same as the Aqua SaaS connector.

Required connection settings

When setting up a data integration, select Aqua Server from the Connector drop-down. If you cannot find the connector in the drop-down, make sure you have installed it first. You must provide the following information to authenticate Aqua with Brinqa:

  • Server URL: The API Server URL. The default URL format is http://<server_name>.net:8080.

  • Username and Password: The username and password associated with the Aqua user, which must have permissions to log in to the API server and return data.

    Aqua role and permissions

    The Auditor role is a read-only role and is considered to be the minimum role needed to read and retrieve data from the Aqua API. For additional information, see Aqua Platform documentation on creating users and roles and permissions.

Additional settings

The Aqua Server connector contains additional options for specific configuration:

  • Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.

  • Parallel requests: The maximum number of parallel API requests. The default setting is 4.

  • Skip certificate verification: Select this option to allow for untrusted certificates.

Types of data to retrieve

The Aqua Server connector can retrieve the following types of data from the Aqua API:

Table 1: Data retrieved from Aqua

Connector ObjectRequiredMaps to Data Model
ContainerYesContainer
Container ImageYesContainer Image
HostYesHost
VulnerabilityYesVulnerability
Vulnerability DefinitionYesVulnerability Definition
info

For detailed steps on how to view the data retrieved from Aqua in the Brinqa Platform, see How to view your data.

Operation options

The Aqua Server connector supports the following operation options. See connector operation options for information about how to apply them.

Table 2: Aqua connector operation options

Connector ObjectOptionAll Possible valuesDescriptionExample
ContainernameAny container nameRetrieves only containers with the specified name.Key: name Value: kubernetes. This key and value combination only retrieves containers named kubernetes.
registryAny container registryRetrieves only containers from the specified registry.Key: registry Value: docker. This key and value combination only retrieves containers from the docker registry.
repositoryAny container repositoryRetrieves only containers from the specified repository.Key: repository Value: angular-spring. This key and value combination only retrieves containers form the angular-spring repository.
Container ImagenameAny container image nameRetrieves only container images with the specified name.Key: name Value: alpine/openssl:latest. This key and value combination only retrieves container images named alpine/openssl:latest.
registryAny container image registryRetrieves only container images from the specified registry.Key: registry Value: docker hub. This key and value combination only retrieves container images from the docker hub registry.
repositoryAny container image repositoryRetrieves only container images from the specified repository.Key: repository Value: angular-spring. The key and value combination only retrieves container images from the angular-spring repository.
HostnameAny host nameRetrieves only hosts with the specified name.Key: name Value: webserver01. This key and value combination only retrieves hosts names webserver01.
registryAny host registryRetrieves only hosts from the specified registry.Key registry Value: docker. This key and value combination only retrieves hosts from the docker registry.
repositoryAny host repositoryRetrieves only hosts from the specified repository.Key: repository Value: alpine/openssl. This key and value combination only retrieves hosts from the alpine/openssl repository.
VulnerabilitynameAny container image nameRetrieves only vulnerabilities from the specified container image name.Key: name Value: docker.io. This key and value combination only retrieves vulnerabilities associated with docker.io container image.
registryAny container image registryRetrieves only vulnerabilities from the specified container image registry.Key: registry Value: harbor. This key and value combination only retrieves vulnerabilities from the harbor container image registry.
repositoryAny container image repository.Retrieves only vulnerabilities from the specified container image repository.Key: repository Value: alpine. This key and value combination only retrieves vulnerabilities from the alpine container image repository.
note

The option keys and values are case-sensitive as they are shown in this documentation.

APIs

The Aqua Server connector uses the Aqua Enterprise API v1 and v2. Specifically, it uses the following endpoints:

Table 3: Aqua API Endpoints

Connector ObjectAPI Endpoints
ContainerGET /api/v2/containers
Container ImageGET /api/v2/images/names
GET /api/v2/images/
HostGET /api/v1/hosts
VulnerabilityGET /api/v2/images/names
GET /api/v2//images/{registry}/{repo}/{tag}/vulnerabilities
Vulnerability DefinitionGET /api/v2/images/names
GET /api/v2//images/{registry}/{repo}/{tag}/vulnerabilities

Changelog

The Aqua Server connector has undergone the following changes:

3.1.2

  • Fixed an issue where the Vulnerability Definition object sync was failing.

3.1.1

  • No change.

3.1.0

  • No change.

3.0.3

  • Fixed an issue where Container Images were not correctly parsing Docker labels, preventing these labels from being added to the tags.

3.0.2

  • Added two new attributes, EXPLOITABILITY and EXPLOIT_TYPE, to the Vulnerability Definition object.

3.0.0