Exterro FTK
Exterro FTK is a forensic intelligence platform that integrates with the Exterro Forensic Toolkit (FTK) Enterprise to synchronize managed endpoint and host records. You can bring device data from Exterro FTK into Brinqa to gain a unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Exterro FTK and how to obtain that information from Exterro. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Exterro FTK from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate Exterro FTK with Brinqa:
- URL: The base URL of the Exterro FTK server (for example,
https://<SERVER FQDN>). - API Key: The Enterprise API Key used to authenticate with the FTK Enterprise API.
The connector authenticates using API Key authentication. It includes the API key in the EnterpriseApiKey HTTP header for all requests to the FTK Enterprise API v2. The key is long-lived and does not require token refresh or OAuth flows.
Additional settings
The Exterro FTK connector contains additional options for specific configuration:
- Page size: The maximum number of records to get per API request. The default setting is 10. It is not recommended to go over 10.
- Parallel requests: The maximum number of parallel API requests.
- Maximum retries: The maximum number of times that the integration attempts to connect to the Exterro FTK API before giving up and reporting a failure. The default setting is 5.
Types of data to retrieve
The Exterro FTK connector does not currently support operation options for the types of data it retrieves.
The Exterro FTK connector can retrieve the following types of data from the Exterro FTK Enterprise API:
Table 1: Data retrieved from Exterro FTK
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Device | Yes | Device |
For detailed steps on how to view the data retrieved from Exterro FTK in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Device
Table 2: Device attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
DeviceResource.activeDirectoryStatus | ACTIVE_DIRECTORY_STATUS |
DeviceResource.agentId | AGENT_ID |
DeviceResource.agentIsTemporary | AGENT_IS_TEMPORARY |
DeviceResource.agentLastContacted | LAST_SEEN |
DeviceResource.agentOperatingsystem | OPERATING_SYSTEM |
DeviceResource.agentVersion | AGENT_VERSION |
DeviceResource.canPhoneHome | CAN_PHONE_HOME |
DeviceResource.computerId | UID |
DeviceResource.computerDescription | DESCRIPTION |
DeviceResource.computerName | HOSTNAMES |
DeviceResource.computerName | NAME |
DeviceResource.createdBy | CREATED_BY |
DeviceResource.createdByType | CREATED_BY_TYPE |
DeviceResource.createdByUsername | CREATED_BY_USERNAME |
DeviceResource.createdDate | SOURCE_CREATED_DATE |
DeviceResource.deletedBy | DELETED_BY |
DeviceResource.deletionDate | DELETION_DATE |
DeviceResource.groups | GROUPS |
DeviceResource.hasPersonAssociation | HAS_PERSON_ASSOCIATION |
DeviceResource.isAlive | IS_ALIVE |
DeviceResource.isDeleted | IS_DELETED |
DeviceResource.processorName | PROCESSOR_NAME |
DeviceResource.username | USERNAME |
Generated (set to "Host") | CATEGORIES |
Generated (derived from isAlive/isDeleted) | STATUS |
| Generated (sync capture timestamp) | LAST_CAPTURED |
APIs
The Exterro FTK connector uses the Exterro FTK Enterprise API v2. Specifically, it uses the following endpoints:
Table 3: Exterro FTK API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Device | GET /api/v2/enterpriseapi/datasources/targets |
Changelog
The Exterro FTK connector has undergone the following changes:
Table 4: Exterro FTK Changelog
| Version | Description | Date Published |
|---|---|---|
| 3.0.0 | Overview The Exterro FTK connector integrates with the Exterro Forensic Toolkit (FTK) Enterprise platform to synchronize managed endpoint records. It connects to the FTK Enterprise API v2 to pull target host data into Brinqa for asset management and compliance tracking. Category: Forensic Intelligence Models - Device - Asset - Managed endpoints and hosts with FTK agents installed, including identity, OS, agent status, and group membership details. No Migration - initial release. | June 11, 2025 |