
Entro Security
Identity Risk Management- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
Data retrieved from Entro
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Account | Yes | Cloud Resource |
| Employee | Yes | Person |
| Risk | Yes | Violation |
| Risk Definition | Yes | Violation Definition |
| Exposed Secret | Yes | Alert |
| Exposed Secret | Yes | Alert Definition |
| NHI Token | Yes | NHI Token |
For detailed steps on how to view the data retrieved from Entro in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select Entro from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| Server URL | No | https://<server>/ (Required) | Entro Platform server URL |
| API token | No | (user input, Required) | Entro Platform API token |
| Page size | No | 50 | Maximum number of records to get per API request |
| Maximum retries | No | 5 | The maximum number of retry attempts before giving up a request |
| Parallel requests | No | min(4, CPU cores) | Maximum number of parallel API requests |
How to obtain Entro credentials
[Add connector-specific credential steps. Templated placeholder — review before publish.]
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
Account
| Source Field Name | SDM Attribute |
|---|---|
AccountResource.accountType | ACCOUNT_TYPE |
AccountResource.connectorId | CONNECTOR_ID |
AccountResource.createdAt | CREATED_AT |
AccountResource.createdAt | SOURCE_CREATED_DATE |
AccountResource.environment | ENVIRONMENT |
AccountResource.status | PROVIDER_STATUS |
AccountResource.status (normalized) | SOURCE_STATUS |
AccountResource.uid | UID |
AccountResource.uid | NAME |
AccountResource.uid | ACCOUNT_UID |
| Generated (categories (cloud resource) (list<string>)) | CATEGORIES |
| Generated (last captured (instant)) | LAST_CAPTURED |
Employee
| Source Field Name | SDM Attribute |
|---|---|
EmployeeReource.accounts | ACCOUNTS |
EmployeeReource.aliases | ALIASES |
EmployeeReource.azureEmployeeType | AZURE_EMPLOYEE_TYPE |
EmployeeReource.creationDate | CREATION_DATE |
EmployeeReource.creationDate | SOURCE_CREATED_DATE |
EmployeeReource.division | DIVISION |
EmployeeReource.email | EMAILS |
EmployeeReource.employeeType | EMPLOYEE_TYPE |
EmployeeReource.fullName | NAME |
EmployeeReource.fullName | FULL_NAME |
EmployeeReource.idpSources | IDP_SOURCES |
EmployeeReource.lastLogin | LAST_LOGIN |
EmployeeReource.manager | MANAGERS |
EmployeeReource.organization | ORGANIZATION |
EmployeeReource.ownerUid | OWNER_UID |
EmployeeReource.phone | PHONE_NUMBERS |
EmployeeReource.status | PROVIDER_STATUS |
EmployeeReource.status (normalized) | SOURCE_STATUS |
EmployeeReource.title | TITLE |
EmployeeReource.title | JOB_TITLE |
| Generated (categories (person, identity) (list<string>)) | CATEGORIES |
| Generated (last captured (instant)) | LAST_CAPTURED |
md5 of (EmployeeReource.email, EmployeeReource.fullName) | UID |
Risk
| Source Field Name | SDM Attribute |
|---|---|
| Generated (---------------------) | ---------- |
| Generated (last captured (instant)) | LAST_CAPTURED |
| Generated (sample) | Option |
md5 of (RiskResource.category, RiskResource.ruleCode, RiskResource.source, RiskResource.severity) | TYPE |
md5 of (RiskResource.employee.email, RiskResource.employee.name) | TARGETS |
null | severity |
null | status |
null | category |
RiskResource.category | CATEGORIES |
RiskResource.creationDate | CREATION_DATE |
RiskResource.creationDate | SOURCE_CREATED_DATE |
RiskResource.customerId | CUSTOMER_ID |
RiskResource.detectionTime | DETECTION_TIME |
RiskResource.detectionTime | FIRST_FOUND |
RiskResource.exposureTime | EXPOSURE_TIME |
RiskResource.exposureUrls | EXPOSURE_URLS |
RiskResource.guid | UID |
RiskResource.hasWebhookMessage | HAS_WEBHOOK_MESSAGE |
RiskResource.isArchived | IS_ARCHIVED |
RiskResource.modifyDate | MODIFY_DATE |
RiskResource.modifyDate | SOURCE_LAST_MODIFIED |
RiskResource.owner | OWNER |
RiskResource.ownerUid | OWNER_UID |
RiskResource.path | PATH |
RiskResource.payload | RESULTS |
RiskResource.payload[].account.uid | TARGETS |
RiskResource.ruleCode | RULE_CODE |
RiskResource.status | PROVIDER_STATUS |
RiskResource.status (normalized) | SOURCE_STATUS |
RiskResource.tags | TAGS |
RiskResource.type | RISK_TYPE |
Risk Definition
| Source Field Name | SDM Attribute |
|---|---|
| Generated (last captured (instant)) | LAST_CAPTURED |
md5 of (RiskResource.category, RiskResource.ruleCode, RiskResource.source, RiskResource.severity) | UID |
RiskResource.mitigation | MITIGATION |
RiskResource.mitigation | RECOMMENDATION |
RiskResource.name | NAME |
RiskResource.severity | SOURCE_SEVERITY |
RiskResource.severity (normalized) | SEVERITY |
RiskResource.severity (normalized, scored) | SEVERITY_SCORE |
RiskResource.threatDescription | THREAT_DESCRIPTION |
RiskResource.threatDescription | DESCRIPTION |
Exposed Secret
| Source Field Name | SDM Attribute |
|---|---|
ExposedSecretResource.account.accountId | ACCOUNT_ID |
ExposedSecretResource.account.accountType | ACCOUNT_TYPE |
ExposedSecretResource.account.environment | ACCOUNT_ENVIRONMENT |
ExposedSecretResource.account.environmentType | ACCOUNT_ENVIRONMENT_TYPE |
ExposedSecretResource.account.uid | TARGETS |
ExposedSecretResource.account.uid | ACCOUNT_UID |
ExposedSecretResource.employee.email | EMPLOYEE_EMAIL |
ExposedSecretResource.employee.name | EMPLOYEE_NAME |
ExposedSecretResource.exposedId | UID |
ExposedSecretResource.exposureTime | FIRST_FOUND |
ExposedSecretResource.exposureTime | EXPOSURE_TIME |
ExposedSecretResource.exposureUrl | EXPOSURE_URL |
ExposedSecretResource.hash | HASH |
ExposedSecretResource.isGeneric | IS_GENERIC |
ExposedSecretResource.isPublic | IS_PUBLIC |
ExposedSecretResource.keyId | KEY_ID |
ExposedSecretResource.location | LOCATION |
ExposedSecretResource.locationType | LOCATION_TYPE |
ExposedSecretResource.occurrences | OCCURRENCES |
ExposedSecretResource.owner | OWNER |
ExposedSecretResource.path | PATH |
ExposedSecretResource.redactedSecret | REDACTED_SECRET |
ExposedSecretResource.scope | SCOPE |
ExposedSecretResource.secretValue | SECRET_VALUE |
ExposedSecretResource.snippet | SNIPPET |
ExposedSecretResource.status | PROVIDER_STATUS |
ExposedSecretResource.status (normalized) | SOURCE_STATUS |
ExposedSecretResource.tags | TAGS |
ExposedSecretResource.targetAccount | TARGET_ACCOUNT |
ExposedSecretResource.type | EXPOSED_SECRET_TYPE |
ExposedSecretResource.vendorHash | VENDOR_HASH |
| Generated (last captured (instant)) | LAST_CAPTURED |
md5 of (ExposedSecretResource.employee.email, ExposedSecretResource.employee.name) | TARGETS |
md5 of (ExposedSecretResource.type, ExposedSecretResource.severity) | TYPE |
Exposed Secret
| Source Field Name | SDM Attribute |
|---|---|
ExposedSecretResource.exposedId | NAME |
ExposedSecretResource.severity | SOURCE_SEVERITY |
ExposedSecretResource.severity (normalized) | SEVERITY |
ExposedSecretResource.severity (normalized, scored) | SEVERITY_SCORE |
ExposedSecretResource.type | EXPOSED_SECRET_TYPE |
| Generated (last captured (instant)) | LAST_CAPTURED |
md5 of (ExposedSecretResource.type, ExposedSecretResource.severity) | UID |
NHI Token
| Source Field Name | SDM Attribute |
|---|---|
| Generated (------------------) | -------------- |
| Generated (last captured (instant)) | LAST_CAPTURED |
| Generated (sample) | Option |
NHITokenResource.attributes.account | ACCOUNT |
NHITokenResource.attributes.accountNickname | ACCOUNT_NICKNAME |
NHITokenResource.attributes.createdDate | CREATED_DATE |
NHITokenResource.attributes.createdDate | SOURCE_CREATED_DATE |
NHITokenResource.attributes.entroTokenUrl | ENTRO_TOKEN_URL |
NHITokenResource.attributes.entroUniqueIdentifier | UID |
NHITokenResource.attributes.environment | ENVIRONMENT |
NHITokenResource.attributes.expirationDate | EXPIRATION_DATE |
NHITokenResource.attributes.isActive | IS_ACTIVE |
NHITokenResource.attributes.isAdmin | IS_ADMIN |
NHITokenResource.attributes.lastActivityDate | LAST_ACTIVITY_DATE |
NHITokenResource.attributes.nhiName | NAME |
NHITokenResource.attributes.nhiName | NHI_NAME |
NHITokenResource.attributes.nhiStatus | NHI_STATUS |
NHITokenResource.attributes.nhiStatus | PROVIDER_STATUS |
NHITokenResource.attributes.nhiStatus (normalized) | SOURCE_STATUS |
NHITokenResource.attributes.nhiType | NHI_TYPE |
NHITokenResource.attributes.owner | OWNER |
NHITokenResource.attributes.ownerEmail | OWNER_EMAIL |
NHITokenResource.attributes.sourceSystem | SOURCE_SYSTEM |
NHITokenResource.attributes.tags | TAGS |
NHITokenResource.attributes.token | TOKEN |
NHITokenResource.attributes.url | URL |
null | account_type |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
Account
Operation options
This object does not support any operation options.
Delta sync
Not supported. The connector performs a full sync of Account on every run and applies no incremental date filter.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
Employee
Operation options
This object does not support any operation options.
Delta sync
Not supported. The connector performs a full sync of Employee on every run and applies no incremental date filter.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
Risk
Operation options
This object does not support any operation options.
Delta sync
Not supported. The connector performs a full sync of Risk on every run and applies no incremental date filter.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
Risk Definition
Operation options
| Option | Type | Default | Description |
|---|---|---|---|
severity | null | severity=CRITICAL | Available values : UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL (String) |
status | null | status=OPEN | Available values : OPEN, IN_PROGRESS, DISCARDED, MITIGATED, APPROVED, RESOLVED (String) |
category | null | category=MONITORING | Available values : CLOUD_SERVICE_RISKS, ABNORMAL_BEHAVIOR, MISCONFIGURATION, SECRET_HYGINE, EXPOSED_SECRET, LEAST_PRIVILEGE, MONITORING (String) |
Delta sync
Not supported. The connector performs a full sync of Risk Definition on every run and applies no incremental date filter.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
Exposed Secret
Operation options
| Option | Type | Default | Description |
|---|---|---|---|
severity | null | severity=CRITICAL | Available values : UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL (String) |
status | null | status=OPEN | Available values : INVALID, ENABLED, DISABLED, UNSUPPORTED, UNREACHABLE, REVOKED (String) |
type | null | type=GITHUB_API_TOKEN | Filter by secret type (String) |
Delta sync
Not supported. The connector performs a full sync of Exposed Secret on every run and applies no incremental date filter.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
Exposed Secret
Operation options
| Option | Type | Default | Description |
|---|---|---|---|
severity | null | severity=CRITICAL | Available values : UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL (String) |
status | null | status=OPEN | Available values : INVALID, ENABLED, DISABLED, UNSUPPORTED, UNREACHABLE, REVOKED (String) |
type | null | type=GITHUB_API_TOKEN | Filter by secret type (String) |
Delta sync
Not supported. The connector performs a full sync of Exposed Secret on every run and applies no incremental date filter.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql
NHI Token
Operation options
This object does not support any operation options.
Delta sync
Not supported. The connector performs a full sync of NHI Token on every run and applies no incremental date filter.
API
- Type: GraphQL query · Endpoint:
POST /api/graphql