Intigriti
Intigriti is an application security tool that specializes in crowdsourced security testing and bug bounty programs. You can bring pentest, program, and site data from Intigriti into Brinqa to prioritize and address potential threats before they have the ability to impact you and your business, thus gaining a comprehensive overview of your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Intigriti and how to obtain that information from Intigriti. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Intigriti from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Intigriti with Brinqa:
-
API URL: The Intigriti API URL. The default URL is
https://api.intigriti.com/external/company. -
Access token: The access token associated with the Intigriti account, which must have permissions to log in to the API server and return data.
importantThe Intigriti access token must be non-expiring. See Intigriti documentation for additional information.
Generate an Intigriti access token
For the Intigriti connector to use the Intigriti API, you must provide an access token. You can generate this token by following the instructions outlined in Intigriti's Postman guide or Swagger guide.
If you do not have the permissions to create an access token, contact your Intigriti administrator.
Types of data to retrieve
The Intigriti connector can retrieve the following types of data from the Intigriti API:
Table 1: Data retrieved from Intigriti
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Pentest Finding | Yes | Pentest Finding |
| Pentest Finding Definition | Yes | Pentest Finding Definition |
| Program | No | Not mapped |
| Site | Yes | Site |
The Intigriti connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from Intigriti in the Brinqa Platform, see How to view your data.
Attribute mappings
Click the tabs below to view the mappings between the source and the Brinqa data model attributes.
- Pentest Finding
- Pentest Finding Definition
- Site
Table 2: Pentest Finding attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| assignee.avatarUrl | Local variable |
| assignee.email | Local variable |
| assignee.role | Local variable |
| assignee.userId | Local variable |
| assignee.userName | Local variable |
| attachment_count | Local variable |
| awaitng_feedback | Local variable |
| code | uid |
| created_at | sourceCreatedDate |
| destroyed | Local variable |
| integration_count | Local variable |
| internal_reference.reference | Local variable |
| internal_reference.url | Local variable |
| last_updated.last_updated_at | Local variable |
| last_updated.last_updater.avatar_url | Local variable |
| last_updated.last_updater.email | Local variable |
| last_updated.last_updater.role | Local variable |
| last_updated.last_updater.user_id | Local variable |
| last_updated.last_updater.user_name | Local variable |
| originators.pentest_code | Local variable |
| originators.program_id | targets |
| report.domain.name | name, targets, uid |
| report.ip | ipAddresses, privateIpAddresses, publicIpAddresses |
| report.original_title | Local variable |
| report.personal_data | Local variable |
| report.poc_description | Local variable |
| report.type.category | categories |
| report.type.cwe | cweId, weaknesses, uid |
| report.type.name | Local variable |
| severity.id | Local variable |
| severity.value | severity, sourceSeverity, severityScore |
| severity.vector | Vector(calculate) |
| state.acceptedAt | firstFound |
| state.archivedAt | Local variable |
| state.closedAt | lastFixed |
| state.duplicateInfo.childSubmissionCodes | Local variable |
| state.duplicateInfo.parentSubmissionCode | Local variable |
| state.status.id | Local variable |
| state.status.value | status, sourceStatus, statusCategory |
| state.validatedAt | Local variable |
| submitter.avatarUrl | Local variable |
| submitter.identityChecked | Local variable |
| submitter.ranking.rank | Local variable |
| submitter.ranking.reputation | Local variable |
| submitter.ranking.streak.id | Local variable |
| submitter.ranking.streak.value | Local variable |
| submitter.role | Local variable |
| submitter.userId | Local variable |
| submitter.userName | Local variable |
| tags | tags |
| web_links.details | Local variable |
Table 3: Pentest Finding Definition attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| assignee.avatarUrl | Local variable |
| assignee.email | Local variable |
| assignee.role | Local variable |
| assignee.userId | Local variable |
| assignee.userName | Local variable |
| attachment_count | Local variable |
| awaitng_feedback | Local variable |
| integration_count | Local variable |
| internal_reference.reference | Local variable |
| internal_reference.url | Local variable |
| last_updated.last_updated_at | Local variable |
| last_updated.last_updater.avatar_url | Local variable |
| last_updated.last_updater.email | Local variable |
| last_updated.last_updater.role | Local variable |
| last_updated.last_updater.user_id | Local variable |
| last_updated.last_updater.user_name | Local variable |
| originators.pentest_code | Local variable |
| report.domain.motivation | Local variable |
| report.domain.name | name |
| report.domain.description | description |
| report.domain.tier.id | Local variable |
| report.domain.tier.value | Local variable |
| report.domain.type.id | Local variable |
| report.domain.type.value | Local variable |
| report.endpoint_vulnerable_component | Local variable |
| report.impact | Local variable |
| report.original_title | Local variable |
| report.personal_data | Local variable |
| report.poc_description | Local variable |
| report.questions.answer | Local variable |
| report.questions.question | Local variable |
| report.questions.type.id | Local variable |
| report.questions.type.value | Local variable |
| report.recommended_solution | recommendation |
| report.attachments.url | Local variable |
| report.attachments.code | Local variable |
| report.ip | Local variable |
| report.type.category | categories |
| report.type.cwe | cweId, weaknesses |
| report.type.name | Local variable |
| severity.id | Local variable |
| severity.value | severity, sourceSeverity, severityScore |
| severity.vector | Vector(calculate) |
| state.acceptedAt | Local variable |
| state.archivedAt | Local variable |
| state.closedAt | Local variable |
| state.duplicateInfo.childSubmissionCodes | Local variable |
| state.duplicateInfo.parentSubmissionCode | Local variable |
| state.status.id | Local variable |
| state.status.value | Local variable |
| state.validatedAt | Local variable |
| state.closeReason | Local variable |
| submitter.avatarUrl | Local variable |
| submitter.identityChecked | Local variable |
| submitter.ranking.rank | Local variable |
| submitter.ranking.reputation | Local variable |
| submitter.ranking.streak.id | Local variable |
| submitter.ranking.streak.value | Local variable |
| submitter.role | Local variable |
| submitter.userId | Local variable |
| submitter.userName | Local variable |
| tags | tags |
| web_links.details | Local variable |
Table 4: Site attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| assignee.avatarUrl | Local variable |
| assignee.email | Local variable |
| assignee.role | Local variable |
| assignee.userId | Local variable |
| assignee.userName | Local variable |
| attachment_count | Local variable |
| awaitng_feedback | Local variable |
| integration_count | Local variable |
| internal_reference.reference | Local variable |
| internal_reference.url | Local variable |
| last_updated.last_updated_at | Local variable |
| last_updated.last_updater.avatar_url | Local variable |
| last_updated.last_updater.email | Local variable |
| last_updated.last_updater.role | Local variable |
| last_updated.last_updater.user_id | Local variable |
| last_updated.last_updater.user_name | Local variable |
| originators.pentest_code | Local variable |
| report.domain.description | description |
| report.domain.motivation | Local variable |
| report.domain.name | name |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
APIs
The Intigriti connector uses the Intigriti REST API v2. Specifically, it uses the following endpoints:
Table 5: Intigriti API Endpoints
| Connector Object | API Endpoints |
|---|---|
| Pentest Finding | GET https://api.intigriti.com/external/company/v2/submissions/external/company/v2/submissions |
GET https://api.intigriti.com/external/company/v2/submissions/{submissionCode} | |
| Pentest Finding Definition | GET https://api.intigriti.com/external/company/v2/submissions/external/company/v2/submissions |
GET https://api.intigriti.com/external/company/v2/submissions/{submissionCode} | |
| Program | GET https://api.intigriti.com/external/company/v2/programs |
GET https://api.intigriti.com/external/company/v2/programs/{programId} | |
| Site | GET https://api.intigriti.com/external/company/v2/submissions/external/company/v2/submissions |
GET https://api.intigriti.com/external/company/v2/submissions/{submissionCode} |
Changelog
The Intigriti connector has undergone the following changes:
3.0.2
- Fixed an issue with attribute incompatibility during syncs.
3.0.0
- Initial Integration+ release.