
IT4U
IT Service ManagementYou can bring Incident data from IT4U into Brinqa to gain a unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with IT4U and how to obtain that information from IT4U. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select IT4U from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate IT4U with Brinqa:
- Server URL: IT4U server URL (e.g.,
https://<server>). - Username: IT4U username for authentication.
- Password: IT4U password for authentication.
- Incident Source: Source identifier for incidents in IT4U.
- SSL / TLS: Skip certificate verification for development environments.
The connector authenticates using Basic Authentication. It sends the provided username and password for secure connection.
Additional settings
The IT4U connector contains additional options for specific configuration:
- Maximum retries: The maximum number of times that the integration attempts to connect to the IT4U API before giving up and reporting a failure. The default setting is 5.
Types of data to retrieve
The IT4U connector can retrieve the following types of data from the IT4U API:
Table 1: Data retrieved from IT4U
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Incident | Yes | Incident |
The IT4U connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from IT4U in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Incident
Table 2: Incident attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
IncidentResource.affectedCVE | CVE_IDS |
IncidentResource.affectedDevices | AFFECTED_DEVICES |
IncidentResource.body | BODY |
IncidentResource.closeTime | CLOSE_TIME |
IncidentResource.close_code | CLOSE_CODE |
IncidentResource.close_notes | CLOSE_NOTES |
IncidentResource.complianceState | COMPLIANCE_STATE |
IncidentResource.createdAt | SOURCE_CREATED_DATE |
IncidentResource.description | DESCRIPTION |
IncidentResource.displayUrl | DISPLAY_URL |
IncidentResource.eventSubType | EVENT_SUB_TYPE |
IncidentResource.eventType | EVENT_TYPE |
IncidentResource.externalId | EXTERNAL_ID |
IncidentResource.externalNumber | EXTERNAL_NUMBER |
IncidentResource.externalStatus | PROVIDER_STATUS |
IncidentResource.externalStatus | SOURCE_STATUS |
IncidentResource.firstFound | FIRST_FOUND |
IncidentResource.htmlBody | HTML_BODY |
IncidentResource.id | UID |
IncidentResource.lastFound | LAST_FOUND |
IncidentResource.lastUpdatedAt | SOURCE_LAST_MODIFIED |
IncidentResource.originAlertId | ORIGIN_ALERT_ID |
IncidentResource.rating | RATING |
IncidentResource.remediationOwner | REMEDIATION_OWNER |
IncidentResource.results | RESULTS |
IncidentResource.riskOwner | RISK_OWNER |
IncidentResource.riskRating | RISK_RATING |
IncidentResource.serviceId | SERVICE_ID |
IncidentResource.serviceName | SERVICE_NAME |
IncidentResource.serviceType | SERVICE_TYPE |
IncidentResource.startTime | START_TIME |
IncidentResource.subject | SUBJECT |
IncidentResource.timestamp | TIMESTAMP |
IncidentResource.title | NAME |
IncidentResource.updateTime | UPDATE_TIME |
IncidentResource.workNotes | WORK_NOTES |
| Generated (sync timestamp) | LAST_CAPTURED |
APIs
The IT4U connector uses the IT4U API. Specifically, it uses the following endpoints:
Table 3: IT4U API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Incident | GET RRPS/External/{incidentSource}/List GET RRPS/External/{incidentSource}/Details/{id} POST RRPS/External/{incidentSource}/Create POST RRPS/External/{incidentSource}/Update POST RRPS/External/{incidentSource}/AddAttachment/{id} |
Incident attachment push
The IT4U connector includes support for pushing a file attachment to an IT4U incident when a ticket is created or updated. When attachment data is supplied, the connector forwards it to IT4U's AddAttachment endpoint (POST RRPS/External/{incidentSource}/AddAttachment/{id}) using the following input attributes:
Table 4: Incident attachment input attributes
| Attribute | Required | Description |
|---|---|---|
attachmentFileName | Yes | File name of the attachment. |
attachmentContentType | Yes | MIME type of the attachment (e.g., image/jpeg, text/plain). |
attachmentRawData | One of raw / base64 | Raw (text) file content. |
attachmentBase64Data | One of raw / base64 | Base64-encoded file content (for binary files). |
A push requires attachmentFileName, attachmentContentType, and at least one of attachmentRawData or attachmentBase64Data. Attachment handling is best-effort: if the payload is invalid or the push fails, the incident is still created or updated and the failure is logged, so a bad attachment never blocks the ticket.
This capability is implemented in the connector but is not yet usable end-to-end. The Brinqa Platform does not currently provide a way to send attachment data to a connector during incident create or update, so no attachment data reaches the connector today and this logic stays dormant — incident create, update, and sync behave exactly as they did before it was added. Once the platform adds support for pushing attachments to connectors, the feature will work with no further connector changes.
The attachment attribute names and the identifier used for the AddAttachment path are provisional, pending confirmation with IT4U.
Changelog
The IT4U connector has undergone the following changes:
Table 5: IT4U Changelog
| Version | Description | Date Published |
|---|---|---|
| 3.1.0 | New Features - 'Incident attachment push (groundwork — not yet enabled by the platform):' The connector can now attach a file to an IT4U incident when a ticket is created or updated, forwarding a file name, content type, and file content (raw or base64) to IT4U's AddAttachment API. 'Not usable end-to-end yet.' The Brinqa platform does not currently provide a way to send attachment/file data to a connector during incident create/update, so no attachment data reaches the connector today. This logic stays dormant: when no attachment data is supplied (every case at present), incident create, update, and sync behave exactly as before. Once the platform adds support for pushing attachments to connectors, the feature works with no further connector changes. - The Incident model now records a 'Last Captured' timestamp, indicating when Brinqa last retrieved each incident from IT4U during sync. Improvements - Incident fields now map to Brinqa's unified data-model attributes (name, description, results, first found, last found), so they populate the platform's standard fields directly. - Affected CVEs now map to the standard CVE field, so incidents participate in CVE-based correlation and enrichment. - The incident display name now uses the incident title (falling back to its identifier). - Removed the redundant Status and Status Category attributes from the Incident model. Migration Required - 'Incident': several attributes were renamed to Brinqa's unified data-model attributes (name, description, results, first found, last found), affected CVEs now map to the standard CVE field, and the Status and Status Category attributes were removed. Re-sync the IT4U connector and review any field mappings that referenced the previous attribute names. | June 24th, 2026 |
| 3.0.3 | Improvements - Connector-sourced attribute values now take precedence over non-connector data channels (manual edits, bulk imports, UI input) when the platform consolidates records, so IT4U data is no longer overridden by lower-priority sources. Bug Fixes - Corrected the Incident model's 'First found' and 'Last found' attributes to be stored as proper timestamps. The underlying API fields were read as text instead of timestamps (the other date fields were already handled correctly); they now deserialize to timestamps consistently. Migration Required - 'Incident': the 'First found' and 'Last found' attributes changed from text to timestamps. Re-sync the IT4U connector to repopulate incidents with the corrected types. | June 8th, 2026 |
| 3.0.1 | Initial Integration+ release. | 2026-05-19 |