Ionix
Ionix is an External Attack Surface Management (EASM) platform that discovers and monitors your organization's internet-facing assets, including domains, subdomains, IPs, and associated vulnerabilities. You can bring asset and vulnerability data from Ionix into Brinqa to gain a unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Ionix and how to obtain that information from Ionix. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Ionix from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate Ionix with Brinqa:
-
URL: Your organization's Ionix API base URL. The default format is
https://<instance>.portal.ionix.io. -
API Token: The API bearer token used to authenticate with the Ionix API.
Generate an Ionix API token
To generate an API token for use with the Brinqa connector, follow these steps:
-
Log in to the Ionix portal.
-
Navigate to the API settings or token management section of your Ionix account.
-
Generate a new API token with the necessary permissions to access discovery and remediation data.
-
Copy the token and provide it in the API Token field in the integration configuration.
If you do not have the permissions to create API tokens, contact your Ionix administrator. For additional information, see the Ionix API documentation.
Additional settings
The Ionix connector contains additional options for specific configuration:
- Page size: The maximum number of records to get per API request. The default setting is 100.
- Parallel requests: The maximum number of parallel API requests. The default setting is 4.
- Request timeout: The request timeout in seconds. The default setting is 120. The maximum allowed value is 1800.
Types of data to retrieve
The Ionix connector can retrieve the following types of data from the Ionix API:
Table 1: Data retrieved from Ionix
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| ActionItem | No | Vulnerability |
| ActionItemDefinition | No | Vulnerability Definition |
| Domain | No | Site |
| IP | No | Host |
| Managed Domain | No | Site |
| Sub Domain | No | Site |
For detailed steps on how to view the data retrieved from Ionix in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
ActionItem
Table 2: ActionItem attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
ActionItemResource.acknowledgedBy | ACKNOWLEDGED_BY |
ActionItemResource.acknowledgedDate | ACKNOWLEDGED_DATE |
ActionItemResource.acknowledgementReason | ACKNOWLEDGEMENT_REASON |
ActionItemResource.apexDomain | APEX_DOMAIN |
ActionItemResource.asset | ASSET |
ActionItemResource.asset | TARGETS |
ActionItemResource.assetImportance.assetImportance | ASSET_IMPORTANCE |
ActionItemResource.assetType | ASSET_TYPE |
ActionItemResource.closedReason | CLOSED_REASON |
ActionItemResource.currentState | PROVIDER_STATUS |
ActionItemResource.discoveryConfidenceLevel | DISCOVERY_CONFIDENCE_LEVEL |
ActionItemResource.evidence | EVIDENCE |
ActionItemResource.evidence | RESULTS |
ActionItemResource.firstOpenedAt | FIRST_FOUND |
ActionItemResource.groups | GROUPS |
ActionItemResource.handleTogetherGroup | HANDLE_TOGETHER_GROUP |
ActionItemResource.id | UID |
ActionItemResource.ips | IP_ADDRESSES |
ActionItemResource.isOpen | IS_OPEN |
ActionItemResource.isParkedDomain | IS_PARKED_DOMAIN |
ActionItemResource.lastClosedAt | LAST_FIXED |
ActionItemResource.lastOpenedAt | LAST_FOUND |
ActionItemResource.lastRescanBy | LAST_RESCAN_BY |
ActionItemResource.lastRescanTime | LAST_RESCAN_TIME |
ActionItemResource.lastValidate | LAST_VALIDATE |
ActionItemResource.legacyGeo | LEGACY_GEO |
ActionItemResource.legacyRegion | LEGACY_REGION |
ActionItemResource.linkToAsset | LINK_TO_ASSET |
ActionItemResource.operatedBy | OPERATED_BY |
ActionItemResource.parkedDomainSource | PARKED_DOMAIN_SOURCE |
ActionItemResource.potentialDependency | POTENTIAL_DEPENDENCY |
ActionItemResource.primaryAi | PRIMARY_AI |
ActionItemResource.rescanStatus | RESCAN_STATUS |
ActionItemResource.resolutionTime | RESOLUTION_TIME |
ActionItemResource.service | SERVICES |
ActionItemResource.serviceType | SERVICE_TYPE |
ActionItemResource.sscTest | SSC_TEST |
ActionItemResource.stateUpdateTimestamp | STATE_UPDATE_TIMESTAMP |
ActionItemResource.stateUpdateUser | STATE_UPDATE_USER |
ActionItemResource.subsidiaries | SUBSIDIARIES |
ActionItemResource.supportsRescan | SUPPORTS_RESCAN |
ActionItemResource.tags | TAGS |
ActionItemResource.title.label | TYPE |
ActionItemResource.updatedTime | SOURCE_LAST_MODIFIED |
ActionItemResource.userCommentsCount | USER_COMMENTS_COUNT |
ActionItemResource.waf | WAF |
ActionItemResource.webTrafficVisits | WEB_TRAFFIC_VISITS |
Derived from isOpen → currentState → active fallback | SOURCE_STATUS |
| Generated (sync capture timestamp) | LAST_CAPTURED |
ActionItemDefinition
Table 3: ActionItemDefinition attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
ActionItemResource.bsCategory | BS_CATEGORY |
ActionItemResource.bsSubcategory | BS_SUBCATEGORY |
ActionItemResource.complianceFrameworks | COMPLIANCE_FRAMEWORKS |
ActionItemResource.cves[].cve | CVE_IDS |
ActionItemResource.cves[].cve | CVE_RECORDS |
ActionItemResource.description | DESCRIPTION |
ActionItemResource.impact | IMPACT |
ActionItemResource.mitreTechniques | MITRE_TECHNIQUES |
ActionItemResource.requiredAction | RECOMMENDATION |
ActionItemResource.requiredAction | REQUIRED_ACTION |
ActionItemResource.sscCategory | SSC_CATEGORY |
ActionItemResource.tags | TAGS |
ActionItemResource.technicalDetails | TECHNICAL_DETAILS |
ActionItemResource.title.label | NAME |
ActionItemResource.title.label | UID |
ActionItemResource.type | ACTION_ITEM_TYPE |
ActionItemResource.type | CATEGORIES |
ActionItemResource.urgency.isActiveProtection | IS_ACTIVE_PROTECTION |
ActionItemResource.urgency.type | SOURCE_SEVERITY |
ActionItemResource.urgency.type | URGENCY_TYPE |
ActionItemResource.urgency.urgency | URGENCY |
Derived from ActionItemResource.urgency.type via normalizeFindingSeverity | SEVERITY |
Derived from severity via getFindingSeverityScore | SEVERITY_SCORE |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Domain, Sub Domain, Managed Domain, IP
Table 4: Domain, Sub Domain, Managed Domain, and IP attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
AssetResource.asset | NAME |
AssetResource.asset | UID |
AssetResource.badMaintenanceIndicators | BAD_MAINTENANCE_INDICATORS |
AssetResource.cloudAssetType | CLOUD_ASSET_TYPE |
AssetResource.cloudRegion | REGION |
AssetResource.confidenceLevel.confidenceLevel | CONFIDENCE_LEVEL |
AssetResource.confidenceLevel.type | CONFIDENCE_TYPE |
AssetResource.cves | CVE_IDS |
AssetResource.domainExpirationDate | DOMAIN_EXPIRATION_DATE |
AssetResource.firstSeen | FIRST_SEEN |
AssetResource.groups | GROUPS |
AssetResource.hostingProvider | HOSTING_PROVIDER |
AssetResource.httpTitle | HTTP_TITLE |
AssetResource.httpsTitle | HTTPS_TITLE |
AssetResource.importance.importance | IMPORTANCE |
AssetResource.importance.type | IMPORTANCE_TYPE |
AssetResource.ipNetwork | IP_NETWORK |
AssetResource.ipNetworkCountry | IP_NETWORK_COUNTRY |
AssetResource.ipNetworkName | IP_NETWORK_NAME |
AssetResource.ipNetworkOrgId | IP_NETWORK_ORG_ID |
AssetResource.ipNetworkOrgName | IP_NETWORK_ORG_NAME |
AssetResource.ipNetworkSource | IP_NETWORK_SOURCE |
AssetResource.ips | IP_ADDRESSES |
AssetResource.isParkedDomain | IS_PARKED_DOMAIN |
AssetResource.lastSeen | LAST_SEEN |
AssetResource.maintenanceGrade.riskGrade | MAINTENANCE_RISK_GRADE |
AssetResource.maintenanceGrade.type | MAINTENANCE_GRADE_TYPE |
AssetResource.majesticRank | MAJESTIC_RANK |
AssetResource.openPorts | OPEN_PORTS |
AssetResource.operatedBy | OPERATED_BY |
AssetResource.originIps | ORIGIN_IP_ADDRESSES |
AssetResource.parkedDomainSource | PARKED_DOMAIN_SOURCE |
AssetResource.protocols | PROTOCOLS |
AssetResource.registrantContactName | REGISTRANT_CONTACT_NAME |
AssetResource.registrantOrganization | REGISTRANT_ORGANIZATION |
AssetResource.registrar | REGISTRAR |
AssetResource.resourceId | RESOURCE_ID |
AssetResource.riskScore.riskScore | RISK_SCORE |
AssetResource.riskScore.type | RISK_SCORE_TYPE |
AssetResource.seenAt | SEEN_AT |
AssetResource.service | SERVICES |
AssetResource.serviceType | SERVICE_TYPE |
AssetResource.subsidiaries | SUBSIDIARIES |
AssetResource.subscriptionId | SUBSCRIPTION_ID |
AssetResource.tags | TAGS |
AssetResource.technologies | TECHNOLOGY |
AssetResource.technologyVersionsLabels | TECHNOLOGY_VERSIONS |
AssetResource.tlsSupportedCiphers | TLS_SUPPORTED_CIPHERS |
AssetResource.tlsSupportedProtocols | TLS_SUPPORTED_PROTOCOLS |
AssetResource.type | ASSET_TYPE |
AssetResource.umbrellaRank | UMBRELLA_RANK |
AssetResource.waf | WAF |
AssetResource.webTrafficVisits | WEB_TRAFFIC_VISITS |
AssetResource.whoisEmails | EMAILS |
AssetResource.whoisNameServers | WHOIS_NAME_SERVERS |
AssetResource.whoisStatus | WHOIS_STATUS |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Operation options
The Ionix connector supports the following operation options. See connector operation options for information about how to apply them.
Table 5: Ionix connector operation options
| Connector Object | Option | All Possible Values | Description | Example |
|---|---|---|---|---|
| ActionItem, ActionItemDefinition | asset_type | Any valid Ionix asset type | Filter action items by asset type. | Key: asset_type Value: domain. Retrieves only action items associated with domain assets. |
type | Any valid Ionix action item type | Filter action items by type. | Key: type Value: ssl_certificate_expired. Retrieves only action items of the specified type. | |
urgency | low, medium, high, critical | Filter action items by urgency level. | Key: urgency Value: high,critical. Retrieves only action items with high or critical urgency. | |
| Domain, Sub Domain, Managed Domain, IP | asset | Any valid asset name | Filter assets by name. | Key: asset Value: example.com. Retrieves only the specified asset. |
hosting_provider | Any valid hosting provider name | Filter assets by hosting provider. | Key: hosting_provider Value: AWS. Retrieves only assets hosted by the specified provider. | |
risk_score | low, medium, high, no_risk | Filter assets by risk score level. | Key: risk_score Value: high. Retrieves only assets with a high risk score. | |
technologies | Any valid technology name | Filter assets by detected technology. | Key: technologies Value: nginx. Retrieves only assets using the specified technology. |
APIs
The Ionix connector uses the Ionix REST API. Specifically, it uses the following endpoints:
Table 6: Ionix API endpoints
| Connector Object | API Endpoint |
|---|---|
| ActionItem, ActionItemDefinition | GET /api/v1/remediation/action-items/all/detailed |
| Domain | GET /api/v1/discovery/org-assets/?type__in=0 |
| IP | GET /api/v1/discovery/org-assets/?type__in=3 |
| Managed Domain | GET /api/v1/discovery/org-assets/?type__in=2 |
| Sub Domain | GET /api/v1/discovery/org-assets/?type__in=1 |
Changelog
The Ionix connector has undergone the following changes:
Table 7: Ionix connector changelog
| Version | Description | Date Published |
|---|---|---|
| 3.0.0 | Initial Integration+ release. | April 2026 |