Claroty xDome
Claroty xDome is an OT (operational technology) security tool that provides protection across your organization against cyber threats. You can bring device information from Claroty xDome into Brinqa to construct a unified view of your attack surface and strengthen your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Claroty xDome and how to obtain that information from Claroty xDome. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Claroty xDome from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Claroty xDome with Brinqa:
-
Service URL: The Claroty xDome API URL. The default URL is
https://api.medigate.io. -
API key: The API key associated with the Claroty xDome account, which must have permissions to log in to the API server and return data.
Obtain a Claroty xDome API key
For the Claroty xDome connector to use the Claroty API, you must create an API user and generate an API key. To do so, follow these steps:
-
Log in to your organization's Claroty xDome portal as an administrator.
-
Navigate to Settings > Admin Settings.
-
In the navigation menu, click User Management, and then click Add User.
The Create User dialog appears. Complete the following fields:
-
User Type: Select API User.
-
User Info: Enter a user name and title (description) for the API key.
noteThis user name must be different from the Claroty xDome portal login user name.
-
Site Permissions: Click the drop-down and choose the necessary sites you want the Claroty xDome connector to have access to.
-
Roles: Click the drop-down and select Read-Only User.
-
Including future sites: (Optional) Enable this option to automatically grant access to any new sites added to your Claroty xDome environment. This ensures that the connector can retrieve data from all current and future sites without requiring manual updates to the site permissions.
-
-
Click Create User.
-
After creating the new user, click Generate Token.
The Generate API token dialog appears.
-
Click the Token Expiration drop-down and select the desired token expiry date.
-
Click Generate.
Your new API key displays. You can not view the key again after this. Copy and save it to a secure location.
If you do not have permissions to create an API key, contact your Claroty xDome administrator.
Additional settings
The Claroty xDome connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 4.
Types of data to retrieve
The Claroty xDome connector can retrieve the following types of data from the Claroty API:
Table 1: Data retrieved from Claroty xDome
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Device | Yes | Device |
The Claroty xDome connector does not support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from Claroty xDome in the Brinqa Platform, see How to view your data.
Attribute mappings
The table below details the mappings between the source and the Brinqa data model attributes:
Table 2: Device attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| assignees | Local variable |
| asset_id | Local variable |
| device_category | categories |
| device_name | name |
| device_subcategory | categories |
| device_type | categories |
| device_type_family | Local variable |
| ip_list | ipAddresses, privateIpAddresses, publicIpAddresses |
| labels | tags |
| last_seen_list | lastSeen |
| mac_list | Local variable |
| model | Local variable |
| network_list | Local variable |
| os_category | Local variable |
| retired | sourceStatus |
| risk_score | Local variable |
| uid | uid |
| vlan_list | Local variable |
APIs
The Claroty xDome connector uses the Claroty xDome API. Specifically, it uses the following endpoint:
Table 3: Claroty xDome API Endpoint
| Connector Object | API Endpoint |
|---|---|
| Device | POST /api/v1/devices |
Changelog
The Claroty xDome connector has undergone the following changes:
Table 4: Claroty xDome connector changelog
| Version | Description |
|---|---|
| 3.0.2 | Fixed an issue where the NAME attribute on the Device object was incorrectly populated with an internal UID instead of the actual device name. The connector now uses the DEVICE_NAME attribute to provide accurate device names. |
| 3.0.1 | Code clean up and general maintenance. |
| 3.0.0 | Initial Integration+ release. |