Halo Security
Halo Security is an external attack surface management platform that discovers and monitors an organization's internet-facing assets and vulnerabilities. You can bring host, issue, and scan data from Halo Security into Brinqa to gain a unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Halo Security and how to obtain that information from Halo Security. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Halo Security from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate Halo Security with Brinqa:
- API URL: The URL of the Halo Security API. The default URL is
https://api.halosecurity.com. - API Key: The API key used to authenticate with Halo Security.
Generate Halo Security API keys
- Log in to the Halo Security portal.
- Go to the Account/API section.
- Create an API key with the type "Account".
- Copy the generated API key.
If you do not have permissions to create a key, contact your Halo Security administrator. For additional information, see Halo Security API Documentation.
Additional settings
The Halo Security connector contains additional options for specific configuration:
- Page size: The maximum number of records to get per API request. The default setting is 100.
- Parallel requests: The maximum number of parallel API requests. The default setting is 4.
- Maximum retries: The maximum number of times that the integration attempts to connect to the Halo Security API before giving up and reporting a failure. The default setting is 5.
Types of data to retrieve
The Halo Security connector can retrieve the following types of data from the Halo Security API:
Table 1: Data retrieved from Halo Security
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Host | Yes | Host |
| Issue | Yes | Vulnerability |
| Issue Definition | Yes | Vulnerability Definition |
| Scan | Yes | Assessment |
The Halo Security connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from Halo Security in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Host
Table 2: Host attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
connected_score_percent | CONNECTED_SCORE_PERCENT |
fqdn | FQDN, NAME, UID |
Host (ASSET_CATEGORY_HOST) | CATEGORIES |
target.host | DNS_NAME |
target.id | HOST_ID |
target.ip | IP_ADDRESS, PUBLIC_IP_ADDRESS |
target.scan_id | SCAN_ID |
target.tags | TAGS |
Scan
Table 3: Scan attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
scan.date | SCAN_DATE |
scan.scan_id | NAME, UID |
target.host | HOST |
target.id | TARGETS, TARGET_ID |
target.tags | TAGS |
Issue
Table 4: Issue attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
instance.first_found_date | FIRST_FOUND |
instance.hash | HASH |
instance.pci | PCI |
instance.port | PORT |
instance.protocol | PROTOCOL |
instance.summary | SUMMARY |
instance.target_detail | TARGET_DETAIL |
instance.uri | URI |
issue.issue_id | ISSUE_ID, TYPE |
issue.name | ISSUE_NAME, NAME |
mdf of(issue.issue_id, instance.hash) | UID |
normalizeFindingStatus(status.status) | SOURCE_STATUS |
status.status | PROVIDER_STATUS |
status.target_id | TARGET_ID |
target.host | TARGETS |
target.scan_id | SCAN_ID |
Issue Definition
Table 5: Issue Definition attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
getFindingSeverityScore(issue.severity) | SEVERITY_SCORE |
issue.consequence | POTENTIAL_IMPACT |
issue.cve_ids | CVE_IDS, CVE_RECORDS |
issue.cvss_base_score | CVSS_BASE_SCORE |
issue.date_last_modified | LAST_FOUND |
issue.description | DESCRIPTION, SUMMARY |
issue.issue_id | UID |
issue.name | NAME |
issue.pci | PCI |
issue.solution | RECOMMENDATION |
issue.severity | SOURCE_SEVERITY |
issue.type | ISSUE_TYPE |
normalizeFindingSeverity(issue.severity) | SEVERITY |
APIs
The Halo Security connector uses the Halo Security API. Specifically, it uses the following endpoints:
Table 6: Halo Security API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Host | GET /api/v1/discovery/host-list.json |
| Issue | GET /api/v1/issue/instance.json |
| Issue Definition | GET /api/v1/issue/get.json |
| Scan | GET /api/v1/scan/list.json |
Changelog
The Halo Security connector has undergone the following changes:
Table 7: Halo Security Changelog
| Version | Description | Date Published |
|---|---|---|
| 3.0.0 | Initial Integration+ release. | February 4, 2026 |