Skip to main content

Flexera Software Vulnerability Research

Flexera Software Vulnerability Research is a vulnerability management tool. You can bring advisory, product, and security data from Flexera into Brinqa to facilitate a consolidated view of your attack surface, thus strengthening your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Flexera and how to obtain that information from Flexera. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Software Vulnerability Research from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Flexera with Brinqa:

  • API URL: The Flexera API URL. The default URL is https://api.app.secunia.com.

  • API token: The API token associated with the Flexera account, which must have permissions to log in to the API server and return data.

Generate a Flexera API token

For the Flexera connector to use the Software Vulnerability Research API, you must provide an API token. To generate an API token, follow these steps:

  1. Log in to your organization's Flexera portal.

  2. Navigate to Settings > API > Tokens.

  3. Click Create.

    Your new API token displays. Although you can return to this page to view the token, you should handle it with care by ensuring that it is stored in a secure location.

note

If you do not have permissions to generate a token, contact your Flexera administrator. For additional information, see Flexera documentation.

Additional settings

The Flexera connector contains additional options for specific configuration:

  • Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.

  • Parallel requests: The maximum number of parallel API requests. The default setting is 4.

  • Maximum retries: The maximum number of times that the integration attempts to connect to the Software Vulnerability Research API before giving up and reporting a failure. The default setting is 5.

  • Requests per minute: The maximum number of API requests per minute. The default setting is 1800. You can enter 0 to disable rate limiting.

Types of data to retrieve

The Flexera connector can retrieve the following types of data from the Software Vulnerability Research API:

Table 1: Data retrieved from Flexera

Connector ObjectRequiredMaps to Data Model
AdvisoryYesSecurity Advisory
ProductNoNot Mapped
Product ReleaseYesPackage
VendorNoNot Mapped
Vulnerability DefinitionYesVulnerability Definition
info

The Flexera connector does not currently support operation options for the types of data it retrieves.

For detailed steps on how to view the data retrieved from Flexera in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes.

Advisory

Table 2: Advisory attribute mappings

Source Field NameMaps to Attribute
AFFECTED_PRODUCTStargets, Local variable
CRITICALITYseverity, severityScore, sourceSeverityName
cvss_vector, cvss3_vectorUse CVSS calculator
DESCRIPTIONdescription
IMPACTLocal variable
MODIFIED_DATEsourceLastModified
ORIGINAL_ADVISORIESLocal variable
REFERENCESreferences
RELEASE_DATEpublishedDate
SOLUTIONrecommendation
SOLUTION_STATUSLocal variable
SYS_IDuid
THREAT_SCORELocal variable
TITLEname
WHERELocal variable
ZERO_DAYzeroDay
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models (UDM). They only exist on the source data model (SDM).

Use CVSS calculator indicates that the CVSS (Common Vulnerability Scoring System) vectors and scores aren't directly mapped to a specific attribute on the UDM. Instead, a specialized library calculates the CVSS scores from the provided CVSS vector strings.

Product Release

Table 3: Product Release attribute mappings

Source Field NameMaps to Attribute
IS_EOLLocal variable
NAMEname
PRODUCT_IDLocal variable
PRODUCT_NAMELocal variable
PRODUCT_PAGELocal variable
RESEARCH_CREATEDsourceCreatedDate
RESEARCH_UPDATEDsourceLastModified
SYS_IDuid
TYPEcategories
VENDOR_IDLocal variable
VENDOR_NAMELocal variable
VERSIONcurrentVersion
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models (UDM). They only exist on the source data model (SDM).

Vulnerability Definition

Table 4: Vulnerability Definition attribute mappings

Source Field NameMaps to Attribute
ADVISORIESLocal variable
AFFECTED_PRODUCTSLocal variable
CVSS3_SCOREUse CVSS calculator
CVSS3_VECTORUse CVSS calculator
CVSS_SCOREUse CVSS calculator
CVSS_VECTORUse CVSS calculator
DESCRIPTIONdescription
LAST_MODIFIEDsourceLastModified
PUBLISHED_DATEpublishedDate
REFERENCESreferences
SOLUTIONSrecommendation
SOURCELocal variable
SYS_IDuid
THREAT_MALWARELocal variable
THREAT_RULESLocal variable
THREAT_SCORELocal variable
TITLEname
TYPEcategories
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models (UDM). They only exist on the source data model (SDM).

Use CVSS calculator indicates that the CVSS (Common Vulnerability Scoring System) vectors and scores aren't directly mapped to a specific attribute on the UDM. Instead, a specialized library calculates the CVSS scores from the provided CVSS vector strings.

APIs

The Flexera connector uses the Software Vulnerability Research API. Specifically, it uses the following endpoints:

Table 5: Flexera API Endpoints

Connector ObjectAPI Endpoint
AdvisoryGET /api/advisories
GET /api/advisories/{id}
ProductGET /api/products
Product ReleaseGET /api/product-releases
VendorGET /api/vendors
Vulnerability DefinitionGET /api/advisories
GET /api/advisories/{id}

Changelog

The Flexera connector has undergone the following changes:

3.0.4.1

  • Added three new additional settings to help manage API throttling and optimize API call handling: Parallel requests, Maximum retries, and Requests per minute.

3.0.3

  • Changed the IS_EOL attribute type on the Product Release object from string to boolean.

  • Changed the SOURCE_SEVERITY attribute name on the Advisory object to SOURCE_SEVERITY_NAME.

  • Changed the VENDOR_NAME attribute type on the Product Release object from instant to string.

3.0.1

  • Fixed an issue with CPE records.

3.0.0