Skip to main content

Intigriti

Intigriti is an application security tool that specializes in crowdsourced security testing and bug bounty programs. You can bring pentest, program, and site data from Intigriti into Brinqa to prioritize and address potential threats before they have the ability to impact you and your business, thus gaining a comprehensive overview of your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Intigriti and how to obtain that information from Intigriti. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Intigriti from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Intigriti with Brinqa:

  • API URL: The Intigriti API URL. The default URL is https://api.intigriti.com/external/company.

  • Access token: The access token associated with the Intigriti account, which must have permissions to log in to the API server and return data.

    important

    The Intigriti access token must be non-expiring. See Intigriti documentation for additional information.

Generate an Intigriti access token

For the Intigriti connector to use the Intigriti API, you must provide an access token. You can generate this token by following the instructions outlined in Intigriti's Postman guide or Swagger guide.

note

If you do not have the permissions to create an access token, contact your Intigriti administrator.

Types of data to retrieve

The Intigriti connector can retrieve the following types of data from the Intigriti API:

Table 1: Data retrieved from Intigriti

Connector ObjectRequiredMaps to Data Model
Pentest FindingYesPentest Finding
Pentest Finding DefinitionYesPentest Finding Definition
ProgramNoNot mapped
SiteYesSite
info

The Intigriti connector does not currently support operation options for the types of data it retrieves.

For detailed steps on how to view the data retrieved from Intigriti in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes.

Pentest Finding

Table 2: Pentest Finding attribute mappings

Source Field NameMaps to Attribute
assignee.avatarUrlLocal variable
assignee.emailLocal variable
assignee.roleLocal variable
assignee.userIdLocal variable
assignee.userNameLocal variable
attachment_countLocal variable
awaiting_feedbackLocal variable
codeuid
created_atsourceCreatedDate
destroyedLocal variable
integration_countLocal variable
internal_reference.referenceLocal variable
internal_reference.urlLocal variable
last_updated.last_updated_atLocal variable
last_updated.last_updater.avatar_urlLocal variable
last_updated.last_updater.emailLocal variable
last_updated.last_updater.roleLocal variable
last_updated.last_updater.user_idLocal variable
last_updated.last_updater.user_nameLocal variable
originators.pentest_codeLocal variable
originators.program_idtargets
report.domain.namename, targets, uid
report.ipipAddresses, privateIpAddresses, publicIpAddresses
report.original_titleLocal variable
report.personal_dataLocal variable
report.poc_descriptionLocal variable
report.type.categorycategories
report.type.cwecweId, weaknesses, uid
report.type.nameLocal variable
severity.idLocal variable
severity.valueseverity, sourceSeverity, severityScore
severity.vectorVector(calculate)
state.acceptedAtfirstFound
state.archivedAtLocal variable
state.closedAtlastFixed
state.duplicateInfo.childSubmissionCodesLocal variable
state.duplicateInfo.parentSubmissionCodeLocal variable
state.status.idLocal variable
state.status.valuestatus, providerStatus, sourceStatus, statusCategory
state.validatedAtLocal variable
submitter.avatarUrlLocal variable
submitter.identityCheckedLocal variable
submitter.ranking.rankLocal variable
submitter.ranking.reputationLocal variable
submitter.ranking.streak.idLocal variable
submitter.ranking.streak.valueLocal variable
submitter.roleLocal variable
submitter.userIdLocal variable
submitter.userNameLocal variable
tagstags
totalPayout.valueLocal variable
web_links.detailsLocal variable
Pentest Finding Definition

Table 3: Pentest Finding Definition attribute mappings

Source Field NameMaps to Attribute
assignee.avatarUrlLocal variable
assignee.emailLocal variable
assignee.roleLocal variable
assignee.userIdLocal variable
assignee.userNameLocal variable
attachment_countLocal variable
awaiting_feedbackLocal variable
integration_countLocal variable
internal_reference.referenceLocal variable
internal_reference.urlLocal variable
last_updated.last_updated_atLocal variable
last_updated.last_updater.avatar_urlLocal variable
last_updated.last_updater.emailLocal variable
last_updated.last_updater.roleLocal variable
last_updated.last_updater.user_idLocal variable
last_updated.last_updater.user_nameLocal variable
originators.pentest_codeLocal variable
report.domain.motivationLocal variable
report.domain.namename
report.domain.descriptiondescription
report.domain.tier.idLocal variable
report.domain.tier.valueLocal variable
report.domain.type.idLocal variable
report.domain.type.valueLocal variable
report.endpoint_vulnerable_componentLocal variable
report.impactLocal variable
report.original_titleLocal variable
report.personal_dataLocal variable
report.poc_descriptionLocal variable
report.questions.answerLocal variable
report.questions.questionLocal variable
report.questions.type.idLocal variable
report.questions.type.valueLocal variable
report.recommended_solutionrecommendation
report.attachments.urlLocal variable
report.attachments.codeLocal variable
report.ipLocal variable
report.type.categorycategories
report.type.cwecweId, weaknesses
report.type.nameLocal variable
state.acceptedAtLocal variable
state.archivedAtLocal variable
state.closedAtLocal variable
state.duplicateInfo.childSubmissionCodesLocal variable
state.duplicateInfo.parentSubmissionCodeLocal variable
state.status.idLocal variable
state.status.valueLocal variable
state.validatedAtLocal variable
state.closeReasonLocal variable
submitter.avatarUrlLocal variable
submitter.identityCheckedLocal variable
submitter.ranking.rankLocal variable
submitter.ranking.reputationLocal variable
submitter.ranking.streak.idLocal variable
submitter.ranking.streak.valueLocal variable
submitter.roleLocal variable
submitter.userIdLocal variable
submitter.userNameLocal variable
tagstags
web_links.detailsLocal variable
Site

Table 4: Site attribute mappings

Source Field NameMaps to Attribute
assignee.avatarUrlLocal variable
assignee.emailLocal variable
assignee.roleLocal variable
assignee.userIdLocal variable
assignee.userNameLocal variable
attachment_countLocal variable
awaiting_feedbackLocal variable
integration_countLocal variable
internal_reference.referenceLocal variable
internal_reference.urlLocal variable
last_updated.last_updated_atLocal variable
last_updated.last_updater.avatar_urlLocal variable
last_updated.last_updater.emailLocal variable
last_updated.last_updater.roleLocal variable
last_updated.last_updater.user_idLocal variable
last_updated.last_updater.user_nameLocal variable
originators.pentest_codeLocal variable
report.domain.descriptiondescription
report.domain.motivationLocal variable
report.domain.namename
note

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

APIs

The Intigriti connector uses the Intigriti REST API v2. Specifically, it uses the following endpoints:

Table 5: Intigriti API Endpoints

Connector ObjectAPI Endpoints
Pentest FindingGET /external/company/v2/submissions/external/company/v2/submissions
GET /external/company/v2/submissions/{submissionCode}
Pentest Finding DefinitionGET /external/company/v2/submissions/external/company/v2/submissions
GET /external/company/v2/submissions/{submissionCode}
ProgramGET /external/company/v2/programs
GET /external/company/v2/programs/{programId}
SiteGET /external/company/v2/submissions/external/company/v2/submissions
GET /external/company/v2/submissions/{submissionCode}

Changelog

The Intigriti connector has undergone the following changes:

3.0.10

  • Added the SOURCE_STATUS attribute back to the Pentest Finding object and also added the FINDING_TYPE attribute to the Pentest Finding object.

3.0.9

  • Replaced the SOURCE_STATUS attribute with the PROVIDER_STATUS attribute on the Pentest Finding object to standardize and normalize the status of pentest findings.

3.0.8

  • Added a rate limiter to the Intigriti connector to adhere to Intigriti's API rate limits, with a maximum of 600 requests per 5 minutes for GET requests and 200 requests per 5 minutes for POST, PUT, and DELETE requests. For additional information, see Intigriti documentation.

3.0.7

  • Fixed an issue where the Intigriti connector was returning fewer pentest findings than expected.

3.0.6

  • Moved the SEVERITY attribute from the Pentest Finding Definition object to the Pentest Finding object.

3.0.5

  • Added the PROGRAM_ID and TOTAL_PAYOUT attributes to the Pentest Finding object.

3.0.4

  • Fixed an issue where the Pentest Finding sync was finishing with 0 records.

3.0.3

  • Updated the Intigriti logo to the current branding.

3.0.2

  • Fixed an issue with attribute incompatibility during syncs.

3.0.1

  • No change.

3.0.0