
Armis
Asset Management- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
Data retrieved from Armis
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Host | Yes | Host |
| Cloud Resource | Yes | Cloud Resource |
| Alert | Yes | Alert |
| Alert Definition | Yes | Alert Definition |
| Vulnerability | Yes | Vulnerability |
| Vulnerability Definition | Yes | Vulnerability Definition |
Model relationships
For detailed steps on how to view the data retrieved from Armis in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select Armis from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| Server URL | Yes | Default - (user input, Required) | Armis server URL |
| API secret key | Yes | Default - (user input, Required) | Armis account API secret key |
| Page size | No | 100 | Maximum number of records to get per API request |
| SSL / TLS | No | false | Skip certificate verification |
| Maximum retries | No | 5 | Maximum number of API request retries |
How to obtain Armis credentials
The connector uses an API secret key to obtain an access token for subsequent API requests.
Obtain the required credentials (url, secretKey) from your Armis administrator or the Armis admin console, then enter them in the connection settings above.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
Host
| Source Field Name | SDM Attribute |
|---|---|
device.category / device.type | CATEGORIES |
device.firstSeen | FIRST_SEEN |
device.id | UID |
device.ipAddress | IP_ADDRESSES |
device.itsmAssetId | ITSM_ASSET_ID |
device.itsmDeviceIdentifier | ITSM_DEVICE_IDENTIFIER |
device.lastSeen | LAST_SEEN |
device.macAddress | MAC_ADDRESSES |
device.manufacturer | MANUFACTURER |
device.model | MODEL |
device.name | NAME |
device.name | HOSTNAMES |
device.operatingSystem / device.operatingSystemVersion | OPERATING_SYSTEM |
device.riskLevel | RISK_LEVEL |
device.sensor.name | SENSOR |
device.site.name | SITE |
device.tags | TAGS |
device.type | DEVICE_TYPE |
device.user | USER |
now() | LAST_CAPTURED |
Cloud Resource
| Source Field Name | SDM Attribute |
|---|
Alert
| Source Field Name | SDM Attribute |
|---|---|
alert.activityIds | ACTIVITIES |
alert.alertId | UID |
alert.deviceIds | TARGETS |
alert.status | PROVIDER_STATUS |
alert.status | SOURCE_STATUS |
alert.status | STATUS |
alert.status | STATUS_CATEGORY |
alert.time | SOURCE_LAST_MODIFIED |
alert.title / alert.alertId | NAME |
now() | LAST_CAPTURED |
Alert Definition
| Source Field Name | SDM Attribute |
|---|---|
alert.severity | SOURCE_SEVERITY |
alert.title | NAME |
alert.type | CATEGORIES |
getFindingSeverityScore(severity) | SEVERITY_SCORE |
normalizeFindingSeverity(alert.severity) | SEVERITY |
now() | LAST_CAPTURED |
uid | UID |
Vulnerability
| Source Field Name | SDM Attribute |
|---|---|
now() | LAST_CAPTURED |
vulnerability.avmRating | AVM_RATING |
vulnerability.cveUid | TYPE |
vulnerability.cveUid + "_" + vulnerability.deviceId | UID |
vulnerability.deviceId | TARGETS |
vulnerability.matchSources | MATCH_SOURCES |
vulnerability.status | PROVIDER_STATUS |
vulnerability.status | SOURCE_STATUS |
vulnerability.status | STATUS |
vulnerability.status | STATUS_CATEGORY |
vulnerability.statusChangeReason | STATUS_CHANGE_REASON |
Vulnerability Definition
| Source Field Name | SDM Attribute |
|---|---|
now() | LAST_CAPTURED |
vulnerability.affectedDevicesCount | AFFECTED_DEVICE_COUNT |
vulnerability.attackComplexity | CVSS_V3_AC |
vulnerability.attackVector | CVSS_V3_AV |
vulnerability.availabilityImpact | CVSS_V3_AI |
vulnerability.botnets | BOTNETS |
vulnerability.cisaDueDate | CISA_DUE_DATE |
vulnerability.commonName | NAME |
vulnerability.confidentialityImpact | CVSS_V3_CI |
vulnerability.cveUid | UID |
vulnerability.cveUid | CVE_IDS |
vulnerability.cveUid | CVE_RECORDS |
vulnerability.cvssScore | CVSS_V3_BASE_SCORE |
vulnerability.description | SUMMARY |
vulnerability.epssPercentile | EPSS_PERCENTILE |
vulnerability.epssScore | EPSS_SCORE |
vulnerability.exploitabilityScore | EXPLOITABILITY_SCORE |
vulnerability.firstReferencePublishDate | FIRST_REF_PUBLISH_DATE |
vulnerability.firstWeaponizedReferencePublishDate | FIRST_WEAPONIZED_REF_PUBLISH_DATE |
vulnerability.hasRansomware | HAS_RANSOMWARE |
vulnerability.impactScore | IMPACT_SCORE |
vulnerability.integrityImpact | CVSS_V3_II |
vulnerability.isWeaponized | IS_WEAPONIZED |
vulnerability.latestExploitUpdate | LATEST_EXPLOIT_UPDATE |
vulnerability.numberOfThreatActors | NUM_OF_THREAT_ACTORS |
vulnerability.numOfExploits | NUM_OF_EXPLOITS |
vulnerability.orgPriority | ORG_PRIORITY |
vulnerability.privilegesRequired | CVSS_V3_PR |
vulnerability.publishedDate | PUBLISHED_DATE |
vulnerability.reportedByGoogleZeroDays | REPORTED_BY_GOOGLE_ZERO_DAYS |
vulnerability.scope | CVSS_V3_SCOPE |
vulnerability.score | SCORE |
vulnerability.severity | SEVERITY |
vulnerability.severity | SOURCE_SEVERITY |
vulnerability.severity | SEVERITY_SCORE |
vulnerability.threatTags | THREAT_TAGS |
vulnerability.userInteraction | CVSS_V3_UI |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
Host
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
The connector README does not document a data source for this object.
Cloud Resource
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
The connector README does not document a data source for this object.
Alert
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
The connector README does not document a data source for this object.
Alert Definition
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
The connector README does not document a data source for this object.
Vulnerability
Operation options
| Option | Type | Default | Description |
|---|---|---|---|
system_report_name | String | BRINQA_VULNERABILITY_SYSTEM_REPORT | Custom name for the Armis system report used for vulnerability data retrieval |
Delta sync
The connector README does not document sync behavior for this object.
API
The connector README does not document a data source for this object.
Vulnerability Definition
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
The connector README does not document a data source for this object.
Changelog
The Armis connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 3.0.6 | Improvements - Connector-sourced attribute values now take precedence over non-connector data channels (manual edits, bulk imports, UI input) when the platform consolidates records, so Armis data is no longer overridden by lower-priority sources. - Refreshed the connector model library to the latest release and replaced the deprecated date deserializer with its supported replacement. Bug Fixes - Corrected the Alert model's "Activities" attribute element type from number to text. The attribute is multi-valued and is populated from the API's list of activity IDs, which are strings, so the element type is now text to match the values returned. | • Alert: the "Activities" attribute element type changed from number to text. Re-sync the Armis connector to repopulate alerts with the corrected type. |
| 3.0.5 | New Features - system_report_name operation option for Vulnerability model — Added a configurable operation option (system_report_name) to the Vulnerability model, allowing users to specify a custom Armis system report name for vulnerability data retrieval. Defaults to BRINQA_VULNERABILITY_SYSTEM_REPORT if not provided Improvements - Vulnerability system report name is now configurable via operation options, replacing the previously hardcoded value and enabling support for custom system report configuration - Added support for exposing the Last captured field (Last capture date) across data retrieval for all models | N/A |
| 3.0.4 | Improvements Dependency Upgrades - Upgraded internal framework and storage libraries to the latest stable versions for improved reliability, security patches, and alignment with the rest of the connector platform. | N/A |
| 3.0.3 | New Features - Added configurable host device type classification — users can now customize which Armis device types are classified as Host vs Cloud Resource using the host_device_types operation option, instead of relying on a hardcoded list, if operatin option is not deifne the default list will be used. - Added explicit field selection for device queries to ensure custom fields such as haloItsmAssetId and haloItsmDeviceIdentifier are included in API responses Improvements - Device type matching is now case-insensitive, reducing classification mismatches between Host and Cloud Resource models - Improved null safety when processing custom field values to prevent errors on incomplete data - Updated documentation with model relationship diagram and comprehensive operation options reference | N/A |