Entro Security
Entro Security is a non-human identity (NHI) security platform that integrates with your security framework to fetch and synchronize security-related data, including accounts, employees, non-human identities, risks, and exposed secrets. You can bring account, employee, NHI token, risk, and exposed secret data from Entro Security into Brinqa to gain a unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Entro Security and how to obtain that information from Entro. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Entro Security from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate Entro Security with Brinqa:
-
API URL: The Entro API base URL (e.g.,
https://<server>/). -
API key: The API key for authenticating requests to the Entro API.
The connector authenticates using an API key. It includes the API key in all API requests to authorize access to the Entro Security platform.
Additional settings
The Entro Security connector contains additional options for specific configuration:
- Page size: The maximum number of records to get per API request. The default setting is 50.
- Parallel requests: The maximum number of parallel API requests for fetching details. The default setting is the minimum of 4 or the number of available CPU cores.
- Maximum retries: The maximum number of times that the integration attempts to connect to the Entro Security API before giving up and reporting a failure. The default setting is 5.
Types of data to retrieve
The Entro Security connector can retrieve the following types of data from the Entro Security API:
Table 1: Data retrieved from Entro Security
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Account | Yes | Cloud Resource |
| Employee | Yes | Person |
| Exposed Secret | Yes | Alert |
| Exposed Secret Definition | No | Alert Definition |
| NHI Token | Yes | N/A |
| Risk | Yes | Violation |
| Risk Definition | No | Violation Definition |
For detailed steps on how to view the data retrieved from Entro Security in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Account
Table 2: Account attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| AccountResource.accountType | ACCOUNT_TYPE |
| AccountResource.connectorId | CONNECTOR_ID |
| AccountResource.createdAt | CREATED_AT |
| AccountResource.createdAt | SOURCE_CREATED_DATE |
| AccountResource.environment | ENVIRONMENT |
| AccountResource.status | PROVIDER_STATUS |
| AccountResource.status (normalized) | SOURCE_STATUS |
| AccountResource.uid | ACCOUNT_UID |
| AccountResource.uid | NAME |
| AccountResource.uid | UID |
| Generated (set to "Cloud Resource") | CATEGORIES |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Employee
Table 3: Employee attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| EmployeeResource.accounts | ACCOUNTS |
| EmployeeResource.aliases | ALIASES |
| EmployeeResource.azureEmployeeType | AZURE_EMPLOYEE_TYPE |
| EmployeeResource.creationDate | CREATION_DATE |
| EmployeeResource.creationDate | SOURCE_CREATED_DATE |
| EmployeeResource.division | DIVISION |
| EmployeeResource.email | EMAILS |
| EmployeeResource.employeeType | EMPLOYEE_TYPE |
| EmployeeResource.fullName | FULL_NAME |
| EmployeeResource.fullName | NAME |
| EmployeeResource.idpSources | IDP_SOURCES |
| EmployeeResource.lastLogin | LAST_LOGIN |
| EmployeeResource.manager | MANAGERS |
| EmployeeResource.organization | ORGANIZATION |
| EmployeeResource.ownerUid | OWNER_UID |
| EmployeeResource.phone | PHONE_NUMBERS |
| EmployeeResource.status | PROVIDER_STATUS |
| EmployeeResource.status (normalized) | SOURCE_STATUS |
| EmployeeResource.title | JOB_TITLE |
| EmployeeResource.title | TITLE |
| Generated (md5 of email and fullName) | UID |
| Generated (set to "Person", "Identity") | CATEGORIES |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Exposed Secret
Table 4: Exposed Secret attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| ExposedSecretResource.account.accountId | ACCOUNT_ID |
| ExposedSecretResource.account.accountType | ACCOUNT_TYPE |
| ExposedSecretResource.account.environment | ACCOUNT_ENVIRONMENT |
| ExposedSecretResource.account.environmentType | ACCOUNT_ENVIRONMENT_TYPE |
| ExposedSecretResource.account.uid | ACCOUNT_UID |
| ExposedSecretResource.account.uid | TARGETS |
| ExposedSecretResource.employee.email | EMPLOYEE_EMAIL |
| ExposedSecretResource.employee.name | EMPLOYEE_NAME |
| ExposedSecretResource.exposedId | UID |
| ExposedSecretResource.exposureTime | EXPOSURE_TIME |
| ExposedSecretResource.exposureTime | FIRST_FOUND |
| ExposedSecretResource.hash | HASH |
| ExposedSecretResource.isGeneric | IS_GENERIC |
| ExposedSecretResource.isPublic | IS_PUBLIC |
| ExposedSecretResource.keyId | KEY_ID |
| ExposedSecretResource.location | LOCATION |
| ExposedSecretResource.locationType | LOCATION_TYPE |
| ExposedSecretResource.occurrences | OCCURRENCES |
| ExposedSecretResource.owner | OWNER |
| ExposedSecretResource.path | PATH |
| ExposedSecretResource.redactedSecret | REDACTED_SECRET |
| ExposedSecretResource.scope | SCOPE |
| ExposedSecretResource.secretValue | SECRET_VALUE |
| ExposedSecretResource.snippet | SNIPPET |
| ExposedSecretResource.status | PROVIDER_STATUS |
| ExposedSecretResource.status (normalized) | SOURCE_STATUS |
| ExposedSecretResource.tags | TAGS |
| ExposedSecretResource.targetAccount | TARGET_ACCOUNT |
| ExposedSecretResource.type | EXPOSED_SECRET_TYPE |
| ExposedSecretResource.vendorHash | VENDOR_HASH |
| ExposedSecretResource.exposureUrl | EXPOSURE_URL |
| Generated (md5 of type and severity) | TYPE |
| Generated (md5 of employee email and name) | TARGETS |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Exposed Secret Definition
Table 5: Exposed Secret Definition attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| ExposedSecretResource.exposedId | NAME |
| ExposedSecretResource.severity | SEVERITY |
| ExposedSecretResource.severity | SEVERITY_SCORE |
| ExposedSecretResource.severity | SOURCE_SEVERITY |
| ExposedSecretResource.type | EXPOSED_SECRET_TYPE |
| Generated (md5 of type and severity) | UID |
| Generated (sync capture timestamp) | LAST_CAPTURED |
NHI Token
Table 6: NHI Token attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| NHITokenResource.attributes.account | ACCOUNT |
| NHITokenResource.attributes.accountNickname | ACCOUNT_NICKNAME |
| NHITokenResource.attributes.createdDate | CREATED_DATE |
| NHITokenResource.attributes.createdDate | SOURCE_CREATED_DATE |
| NHITokenResource.attributes.entroTokenUrl | ENTRO_TOKEN_URL |
| NHITokenResource.attributes.entroUniqueIdentifier | UID |
| NHITokenResource.attributes.environment | ENVIRONMENT |
| NHITokenResource.attributes.expirationDate | EXPIRATION_DATE |
| NHITokenResource.attributes.isActive | IS_ACTIVE |
| NHITokenResource.attributes.isAdmin | IS_ADMIN |
| NHITokenResource.attributes.lastActivityDate | LAST_ACTIVITY_DATE |
| NHITokenResource.attributes.nhiName | NAME |
| NHITokenResource.attributes.nhiName | NHI_NAME |
| NHITokenResource.attributes.nhiStatus | NHI_STATUS |
| NHITokenResource.attributes.nhiStatus | PROVIDER_STATUS |
| NHITokenResource.attributes.nhiStatus (normalized) | SOURCE_STATUS |
| NHITokenResource.attributes.nhiType | NHI_TYPE |
| NHITokenResource.attributes.owner | OWNER |
| NHITokenResource.attributes.ownerEmail | OWNER_EMAIL |
| NHITokenResource.attributes.sourceSystem | SOURCE_SYSTEM |
| NHITokenResource.attributes.tags | TAGS |
| NHITokenResource.attributes.token | TOKEN |
| NHITokenResource.attributes.url | URL |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Risk
Table 7: Risk attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| RiskResource.category | CATEGORIES |
| RiskResource.creationDate | CREATION_DATE |
| RiskResource.creationDate | SOURCE_CREATED_DATE |
| RiskResource.customerId | CUSTOMER_ID |
| RiskResource.detectionTime | DETECTION_TIME |
| RiskResource.detectionTime | FIRST_FOUND |
| RiskResource.exposureTime | EXPOSURE_TIME |
| RiskResource.exposureUrls | EXPOSURE_URLS |
| RiskResource.guid | UID |
| RiskResource.hasWebhookMessage | HAS_WEBHOOK_MESSAGE |
| RiskResource.isArchived | IS_ARCHIVED |
| RiskResource.modifyDate | MODIFY_DATE |
| RiskResource.modifyDate | SOURCE_LAST_MODIFIED |
| RiskResource.owner | OWNER |
| RiskResource.ownerUid | OWNER_UID |
| RiskResource.path | PATH |
| RiskResource.payload | RESULTS |
| RiskResource.payload[].account.uid | TARGETS |
| RiskResource.ruleCode | RULE_CODE |
| RiskResource.status | PROVIDER_STATUS |
| RiskResource.status (normalized) | SOURCE_STATUS |
| RiskResource.tags | TAGS |
| RiskResource.type | RISK_TYPE |
| Generated (md5 of category, ruleCode, source, severity) | TYPE |
| Generated (md5 of employee email and name) | TARGETS |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Risk Definition
Table 8: Risk Definition attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
| RiskResource.mitigation | MITIGATION |
| RiskResource.mitigation | RECOMMENDATION |
| RiskResource.name | NAME |
| RiskResource.severity | SEVERITY |
| RiskResource.severity | SEVERITY_SCORE |
| RiskResource.severity | SOURCE_SEVERITY |
| RiskResource.threatDescription | DESCRIPTION |
| RiskResource.threatDescription | THREAT_DESCRIPTION |
| Generated (md5 of category, ruleCode, source, severity) | UID |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Operation options
The Entro Security connector supports the following operation options:
Table 9: Operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| Exposed Secret, Exposed Secret Definition | severity | UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL | Filter by severity level. | Key: severity Value: CRITICAL. Retrieves only exposed secrets with CRITICAL severity. |
| status | INVALID, ENABLED, DISABLED, UNSUPPORTED, UNREACHABLE, REVOKED | Filter by status. | Key: status Value: ENABLED. Retrieves only exposed secrets with ENABLED status. | |
| type | Any valid secret type | Filter by secret type. | Key: type Value: GITHUB_API_TOKEN. Retrieves only GitHub API token exposed secrets. | |
| NHI Token | account_type | Any valid account type | Filter by account type. | Key: account_type Value: AWS. Retrieves only NHI tokens associated with AWS accounts. |
| Risk, Risk Definition | category | CLOUD_SERVICE_RISKS, ABNORMAL_BEHAVIOR, MISCONFIGURATION, SECRET_HYGINE, EXPOSED_SECRET, LEAST_PRIVILEGE, MONITORING | Filter by risk category. | Key: category Value: MONITORING. Retrieves only risks in the MONITORING category. |
| severity | UNKNOWN, LOW, MEDIUM, HIGH, CRITICAL | Filter by severity level. | Key: severity Value: CRITICAL. Retrieves only risks with CRITICAL severity. | |
| status | OPEN, IN_PROGRESS, DISCARDED, MITIGATED, APPROVED, RESOLVED | Filter by risk status. | Key: status Value: OPEN. Retrieves only risks with OPEN status. |
APIs
The Entro Security connector uses the Entro Security API. Specifically, it uses the following endpoints:
Table 10: Entro Security API endpoints
| Connector Object | API Endpoint |
|---|---|
| Account | GET /v1/accounts |
| Employee | GET /v1/employees |
| Exposed Secret | GET /v1/exposed-secrets |
| Exposed Secret Definition | GET /v1/exposed-secrets |
| NHI Token | GET /v1/identity-now/nhi |
| Risk | GET /v1/risks |
| Risk Definition | GET /v1/risks |
Changelog
The Entro Security connector has undergone the following changes:
Table 11: Entro Security connector changelog
| Version | Description | Date Published |
|---|---|---|
| 3.0.0 | Initial Integration+ release. | April 27th, 2026 |