Skip to main content

CyCognito

CyCognito is an attack surface management tool that scans your external-facing assets. You can bring certificate, domain, IP address, IP range, security findings, and web application data from CyCogntio into Brinqa to prioritize risks across your attack surface and strengthen your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with CyCognito and how to obtain that information from CyCognito. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select CyCognito from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate CyCognito with Brinqa:

  • API URL: The CyCognito API Server URL. The default URL is https://api.platform.cycognito.com.

  • API token: The API token associated with the CyCognito account, which must have permissions to log in to the API server and return data.

Generate a new CyCognito API token

For the CyCognito connector to use the CyCognito API, you must provide the API token from CyCognito. Only administrators can generate new API tokens. To generate a new API token, follow these steps:

  1. Log in to your CyCognito server as an administrator.

  2. On the left-hand side of the page, click Workflows & Integrations, and then click API Key Management.

  3. Click Add API key. A new window displays. Provide the following information:

    • Key Name: Give your API token a name.

    • Key Access: The CyCognito connector requires read access only, so select Read Only.

    • Set Expiration: Determine whether the token expires or not. If you select On, indicate a time limit for how long the new token is valid.

  4. Click Create.

    Your new API token displays. You cannot view the token again. Copy the token and save it in a secure location.

note

If you do not have permissions to create a CyCognito API token, contact your CyCognito administrator. For additional information, see CyCognito documentation.

Additional settings

The CyCognito connector contains an additional option for specific configuration:

  • Set page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.

Types of data to retrieve

The CyCognito connector can retrieve the following types of data from the CyCognito API:

Table 1: Data retrieved from CyCognito

Connector ObjectRequiredMaps to Data Model
CertificateYesCertification
DomainYesSite
IP AddressYesHost
IP RangeYesIP Range
IssueYesVulnerability
Issue DefinitionYesVulnerability Definition
Web ApplicationYesSite
info

For detailed steps on how to view the data retrieved from CyCognito in the Brinqa Platform, see How to view your data.

Attribute mappings

Click the tabs below to view the mappings between the source and the Brinqa data model attributes.

Table 2: Certificate attribute mappings

Source Field NameMaps to Attribute
Alternative namesLocal variable
At riskLocal variable
CertLocal variable
CommentLocal variable
ContinentLocal variable
Creation datedateCreated
DiscoverabilityLocal variable
DomainsdomainNames
ExpirationLocal variable
First detecetedfirstSeen
First seenfirstSeen
Hosting typeLocal variable
Investigation statusLocal variable
IP namesipAddresses
Is activeLocal variable
Issuer common nameLocal variable
Issuer countryLocal variable
Issuer orgLocal variable
Issuer org unitLocal variable
Issuer stateLocal variable
Last detectedlastSeen
Last seenlastSeen
LocationsLocal variable
Owned byLocal variable
Ownersowners
OrganizationsLocal variable
RegionsLocal variable
Security gradeLocal variable
Signature algoSignature algorithm
Statusstatus
Subject common nameLocal variable
Subject countryLocal variable
Subject localityLocal variable
Subject orgLocal variable
Subject stateLocal variable
Sys IDuid
Tagstags
Typetype
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

Operation options

The CyCognito connector supports the following operation options. See connector operation options for information about how to apply them.

Table 9: CyCognito connector operation options

Connector ObjectOptionAll Possible valuesDescriptionExample
Certificatealivetrue, falseRetrieve certificates that match the specified status. true corresponds to certificates that are active or alive, while false corresponds to certificates that are inactive or not alive.Key: alive Value: true. This key and value combination only retrieves active, or alive, certificates.
Domainalivetrue, falseRetrieve domains that match the specified status. true corresponds to domains that are active or alive, while false corresponds to domains that are inactive or not alive.Key: alive Value: false. This key and value combination only retrieves inactive, or not alive, domains.
security_gradeA, B, C, D, FRetrieve domains based on the specified security grade, ranging from A (Secure or minimal risk) to F (Highly vulnerable).Key: security_grade Value: F. This key and value combination only retrieves domains with a security grade of F, or highly vulnerable domains.
IP Addressalivetrue, falseRetrieve IP addresses that match the specified status. true corresponds to IPs that are active or alive, while false corresponds to IPs that are inactive or not alive.Key: alive Value: true. This key and value combination only retrieves active, or alive, IP addresses.
security_gradeA, B, C, D, FRetrieve IP addresses based on the specified security grade, ranging from A (Secure or minimal risk) to F (Highly vulnerable).Key: security_grade Value: D. This key and value combination only retrieves IP Addresses with a security grade of D, or vulnerable IPs.
IP Rangealivetrue, falseRetrieve IP ranges that match the specified status. true corresponds to IPs that are active or alive, while false corresponds to IPs that are inactive or not alive.Key: alive Value: true. This key and value combination only retrieves active, or alive, IP ranges.
Web Applicationalivetrue, falseRetrieve web applications that match the specified status. true corresponds to web applications that are active or alive, while false corresponds to web applications that are inactive or not alive.Key: alive Value: true. This key and value combination only retrieves active, or alive, web applications.
security_gradeA, B, C, D, FRetrieve web applications based on the specified security grade, ranging from A (Secure or minimal risk) to F (Highly vulnerable).Key: security_grade Value: F. This key and value combination only retrieves web applications with a security grade of F, or highly vulnerable web applications.
note

The option keys and values are case-sensitive as they are shown in this documentation.

APIs

The CyCognito connector uses the CyCognito REST API v1. Specifically, it uses the following endpoints:

Table 10: CyCognito API endpoints used by the connector

Connector ObjectAPI Endpoints
CertificateGET https://api.platform.cycognito.com/v1/assets/cert/{asset_id}
DomainGET https://api.platform.cycognito.com/v1/assets/domain/{asset_id}
IP AddressGET https://api.platform.cycognito.com/v1/assets/ip/{asset_id}
IP RangeGET https://api.platform.cycognito.com/v1/assets/iprange/{asset_id}
IssueGET https://api.platform.cycognito.com/v1/issues/issue/{issue_instance_id}
Web ApplicationGET https://api.platform.cycognito.com/v1/assets/webapp/{asset_id}

Changelog

The CyCognito connector has undergone the following changes:

3.0.5:

  • Removed the DOMAINS attribute from the Certificate object.

3.0.4

  • Added the following attributes to the Certificate, Domain, IP Address, IP Range, and Web Application objects:

    • ATTRIBUTION_CERTAINTY
    • DISCOVERY_PATH
    • DOMAINS
    • ENVIRONMENTS
    • IP_RANGES
    • PLATFORMS
    • RELATED_ASSET_IDs
    • SERVICES
  • Added the PORT attribute field to the Issue object.

3.0.3

  • Fixed inconsistencies between CVEs (Common Vulnerabilities and Exposures) in the Brinqa Platform and CyCognito.

3.0.2

  • Enhanced to include 'resolved' issues in the sync process of the Issue object.

  • Added exceptions to prevent retry attempts in cases where the CyCognito API responds with a 500 Internal Server Error.

3.0.1

  • Removed a duplicated NAME attribute.

3.0.0