Intigriti
Intigriti is an application security tool that specializes in crowdsourced security testing and bug bounty programs. You can bring pentest, program, and site data from Intigriti into Brinqa to prioritize and address potential threats before they have the ability to impact you and your business, thus gaining a comprehensive overview of your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Intigriti and how to obtain that information from Intigriti. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Intigriti from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Intigriti with Brinqa:
-
API URL: The Intigriti API URL. The default URL is
https://api.intigriti.com/external/company
. -
Access token: The access token associated with the Intigriti account, which must have permissions to log in to the API server and return data.
importantThe Intigriti access token must be non-expiring. See Intigriti documentation for additional information.
Generate an Intigriti access token
For the Intigriti connector to use the Intigriti API, you must provide an access token. You can generate this token by following the instructions outlined in Intigriti's Postman guide or Swagger guide.
If you do not have the permissions to create an access token, contact your Intigriti administrator.
Types of data to retrieve
The Intigriti connector can retrieve the following types of data from the Intigriti API:
Table 1: Data retrieved from Intigriti
Connector Object | Required | Maps to Data Model |
---|---|---|
Pentest Finding | Yes | Pentest Finding |
Pentest Finding Definition | Yes | Pentest Finding Definition |
Program | No | Not mapped |
Site | Yes | Site |
The Intigriti connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from Intigriti in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Pentest Finding
Table 2: Pentest Finding attribute mappings
Source Field Name | Maps to Attribute |
---|---|
assignee.avatarUrl | Local variable |
assignee.email | Local variable |
assignee.role | Local variable |
assignee.userId | Local variable |
assignee.userName | Local variable |
attachment_count | Local variable |
awaiting_feedback | Local variable |
code | uid |
created_at | sourceCreatedDate |
destroyed | Local variable |
integration_count | Local variable |
internal_reference.reference | Local variable |
internal_reference.url | Local variable |
last_updated.last_updated_at | Local variable |
last_updated.last_updater.avatar_url | Local variable |
last_updated.last_updater.email | Local variable |
last_updated.last_updater.role | Local variable |
last_updated.last_updater.user_id | Local variable |
last_updated.last_updater.user_name | Local variable |
originators.pentest_code | Local variable |
originators.program_id | targets |
report.domain.name | name, targets, uid |
report.ip | ipAddresses, privateIpAddresses, publicIpAddresses |
report.original_title | Local variable |
report.personal_data | Local variable |
report.poc_description | Local variable |
report.type.category | categories |
report.type.cwe | cweId, weaknesses, uid |
report.type.name | Local variable |
severity.id | Local variable |
severity.value | severity, sourceSeverity, severityScore |
severity.vector | Vector(calculate) |
state.acceptedAt | firstFound |
state.archivedAt | Local variable |
state.closedAt | lastFixed |
state.duplicateInfo.childSubmissionCodes | Local variable |
state.duplicateInfo.parentSubmissionCode | Local variable |
state.status.id | Local variable |
state.status.value | status, providerStatus, sourceStatus, statusCategory |
state.validatedAt | Local variable |
submitter.avatarUrl | Local variable |
submitter.identityChecked | Local variable |
submitter.ranking.rank | Local variable |
submitter.ranking.reputation | Local variable |
submitter.ranking.streak.id | Local variable |
submitter.ranking.streak.value | Local variable |
submitter.role | Local variable |
submitter.userId | Local variable |
submitter.userName | Local variable |
tags | tags |
totalPayout.value | Local variable |
web_links.details | Local variable |
Pentest Finding Definition
Table 3: Pentest Finding Definition attribute mappings
Source Field Name | Maps to Attribute |
---|---|
assignee.avatarUrl | Local variable |
assignee.email | Local variable |
assignee.role | Local variable |
assignee.userId | Local variable |
assignee.userName | Local variable |
attachment_count | Local variable |
awaiting_feedback | Local variable |
integration_count | Local variable |
internal_reference.reference | Local variable |
internal_reference.url | Local variable |
last_updated.last_updated_at | Local variable |
last_updated.last_updater.avatar_url | Local variable |
last_updated.last_updater.email | Local variable |
last_updated.last_updater.role | Local variable |
last_updated.last_updater.user_id | Local variable |
last_updated.last_updater.user_name | Local variable |
originators.pentest_code | Local variable |
report.domain.motivation | Local variable |
report.domain.name | name |
report.domain.description | description |
report.domain.tier.id | Local variable |
report.domain.tier.value | Local variable |
report.domain.type.id | Local variable |
report.domain.type.value | Local variable |
report.endpoint_vulnerable_component | Local variable |
report.impact | Local variable |
report.original_title | Local variable |
report.personal_data | Local variable |
report.poc_description | Local variable |
report.questions.answer | Local variable |
report.questions.question | Local variable |
report.questions.type.id | Local variable |
report.questions.type.value | Local variable |
report.recommended_solution | recommendation |
report.attachments.url | Local variable |
report.attachments.code | Local variable |
report.ip | Local variable |
report.type.category | categories |
report.type.cwe | cweId, weaknesses |
report.type.name | Local variable |
state.acceptedAt | Local variable |
state.archivedAt | Local variable |
state.closedAt | Local variable |
state.duplicateInfo.childSubmissionCodes | Local variable |
state.duplicateInfo.parentSubmissionCode | Local variable |
state.status.id | Local variable |
state.status.value | Local variable |
state.validatedAt | Local variable |
state.closeReason | Local variable |
submitter.avatarUrl | Local variable |
submitter.identityChecked | Local variable |
submitter.ranking.rank | Local variable |
submitter.ranking.reputation | Local variable |
submitter.ranking.streak.id | Local variable |
submitter.ranking.streak.value | Local variable |
submitter.role | Local variable |
submitter.userId | Local variable |
submitter.userName | Local variable |
tags | tags |
web_links.details | Local variable |
Site
Table 4: Site attribute mappings
Source Field Name | Maps to Attribute |
---|---|
assignee.avatarUrl | Local variable |
assignee.email | Local variable |
assignee.role | Local variable |
assignee.userId | Local variable |
assignee.userName | Local variable |
attachment_count | Local variable |
awaiting_feedback | Local variable |
integration_count | Local variable |
internal_reference.reference | Local variable |
internal_reference.url | Local variable |
last_updated.last_updated_at | Local variable |
last_updated.last_updater.avatar_url | Local variable |
last_updated.last_updater.email | Local variable |
last_updated.last_updater.role | Local variable |
last_updated.last_updater.user_id | Local variable |
last_updated.last_updater.user_name | Local variable |
originators.pentest_code | Local variable |
report.domain.description | description |
report.domain.motivation | Local variable |
report.domain.name | name |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
APIs
The Intigriti connector uses the Intigriti REST API v2. Specifically, it uses the following endpoints:
Table 5: Intigriti API Endpoints
Connector Object | API Endpoints |
---|---|
Pentest Finding | GET /external/company/v2/submissions/external/company/v2/submissions |
GET /external/company/v2/submissions/{submissionCode} | |
Pentest Finding Definition | GET /external/company/v2/submissions/external/company/v2/submissions |
GET /external/company/v2/submissions/{submissionCode} | |
Program | GET /external/company/v2/programs |
GET /external/company/v2/programs/{programId} | |
Site | GET /external/company/v2/submissions/external/company/v2/submissions |
GET /external/company/v2/submissions/{submissionCode} |
Changelog
The Intigriti connector has undergone the following changes:
3.0.10
- Added the SOURCE_STATUS attribute back to the Pentest Finding object and also added the FINDING_TYPE attribute to the Pentest Finding object.
3.0.9
- Replaced the SOURCE_STATUS attribute with the PROVIDER_STATUS attribute on the Pentest Finding object to standardize and normalize the status of pentest findings.
3.0.8
- Added a rate limiter to the Intigriti connector to adhere to Intigriti's API rate limits, with a maximum of 600 requests per 5 minutes for GET requests and 200 requests per 5 minutes for POST, PUT, and DELETE requests. For additional information, see Intigriti documentation.
3.0.7
- Fixed an issue where the Intigriti connector was returning fewer pentest findings than expected.
3.0.6
- Moved the SEVERITY attribute from the Pentest Finding Definition object to the Pentest Finding object.
3.0.5
- Added the PROGRAM_ID and TOTAL_PAYOUT attributes to the Pentest Finding object.
3.0.4
- Fixed an issue where the Pentest Finding sync was finishing with 0 records.
3.0.3
- Updated the Intigriti logo to the current branding.
3.0.2
- Fixed an issue with attribute incompatibility during syncs.
3.0.1
- No change.
3.0.0
- Initial Integration+ release.