Lansweeper

Lansweeper is an IT Asset Management platform that discovers and manages IT assets across the enterprise. You can bring asset, vulnerability, installed package, and user data from Lansweeper into Brinqa to gain a unified view of your attack surface, thus strengthening your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Lansweeper and how to obtain that information from Lansweeper. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Lansweeper from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate Lansweeper with Brinqa:

• Lansweeper API Base URL: The base URL for the Lansweeper API. Defaults to https://api.lansweeper.com.
• API Token: A Personal Access Token (PAT) generated from your Lansweeper account for API authentication.

Generate Lansweeper API keys

To generate a Personal Access Token (PAT) for the Lansweeper API:

1. Log in to your Lansweeper account.
2. Navigate to Developer Tools in the main navigation or settings.
3. Select Personal Access Tokens.
4. Generate a new token and save it securely, as it will be used as the API Token in the integration settings.

Additional settings

The Lansweeper connector contains additional options for specific configuration:

• Page size: The maximum number of records to get per API request. The default setting is 500. It is not recommended to go over 500.
• Parallel requests: The maximum number of parallel API requests. The default setting is the minimum of 4 or available processors.
• Maximum retries: The maximum number of times that the integration attempts to connect to the Lansweeper API before giving up and reporting a failure. The default setting is 3.

Types of data to retrieve

The Lansweeper connector can retrieve the following types of data from the Lansweeper API:

Table 1: Data retrieved from Lansweeper

Connector Object	Required	Maps to Data Model
Host	Yes	Host
Installed Package	Yes	Installed Package
Package	Yes	Package
User	Yes	Person
Vulnerability	Yes	Vulnerability
Vulnerability Definition	Yes	Vulnerability Definition

info

For detailed steps on how to view the data retrieved from Lansweeper in the Brinqa Platform, see How to view your data.

Attribute mappings

Expand the sections below to view the mappings between the source and the Brinqa data model attributes.

Host

Table 2: Host attribute mappings

Source Field Name	SDM Attribute
AssetBasicInfoResource.cloudCategory	CLOUD_CATEGORY
AssetBasicInfoResource.cloudProvider	CLOUD_PROVIDER
AssetBasicInfoResource.cloudRegion	CLOUD_REGION
AssetBasicInfoResource.description	DESCRIPTION
AssetBasicInfoResource.domain	DOMAIN
AssetBasicInfoResource.firstSeen	FIRST_SEEN
AssetBasicInfoResource.fqdn	FQDN
AssetBasicInfoResource.ipAddress + NetworkResource.ipAddressV4/ipAddressV6	IP_ADDRESSES
AssetBasicInfoResource.lastSeen	LAST_SEEN
AssetBasicInfoResource.mac + NetworkResource.macAddress	MAC_ADDRESSES
AssetBasicInfoResource.name	HOSTNAMES
AssetBasicInfoResource.name	NAME
AssetBasicInfoResource.type	TYPE
AssetBasicInfoResource.upTime	UP_TIME
AssetBasicInfoResource.userDomain	USER_DOMAIN
AssetBasicInfoResource.userName	USER_NAME
AssetCustomResource.barCode	BAR_CODE
AssetCustomResource.branchOffice	BRANCH_OFFICE
AssetCustomResource.building	BUILDING
AssetCustomResource.comment	COMMENT
AssetCustomResource.contact	CONTACT
AssetCustomResource.department	DEPARTMENT
AssetCustomResource.dnsName	DNS_NAME
AssetCustomResource.firmwareVersion	FIRMWARE_VERSION
AssetCustomResource.hardwareVersion	HARDWARE_VERSION
AssetCustomResource.lastPatched	LAST_PATCHED
AssetCustomResource.location	LOCATION
AssetCustomResource.manufacturer	MANUFACTURER
AssetCustomResource.model	MODEL
AssetCustomResource.modelNumber	MODEL_NUMBER
AssetCustomResource.orderNumber	ORDER_NUMBER
AssetCustomResource.purchaseDate	PURCHASE_DATE
AssetCustomResource.serialNumber (fallback: OperatingSystemResource.serialNumber)	SERIAL_NUMBER
AssetCustomResource.sku	SKU
AssetCustomResource.softwareVersion	SOFTWARE_VERSION
AssetCustomResource.stateName	ASSET_STATE
AssetCustomResource.warrantyDate	WARRANTY_DATE
ExportAssetResource.key	UID
ExportAssetResource.url	URL
IpLocationResource.ipLocation	IP_LOCATION
OperatingSystemResource.buildNumber	OS_BUILD
OperatingSystemResource.caption	OPERATING_SYSTEM
OperatingSystemResource.installDate	OS_INSTALL_DATE
OperatingSystemResource.osType	OS_TYPE
OperatingSystemResource.status	OS_STATUS
OperatingSystemResource.supportEndDate	OS_SUPPORT_END_DATE
OperatingSystemResource.version	OS_VERSION
ProcessorResource.name (first)	CPU_NAME
WarrantyResource.shipDate (first)	WARRANTY_SHIP_DATE
classified from IP_ADDRESSES via AssetUtils.isPublicIP()	PRIVATE_IP_ADDRESSES
classified from IP_ADDRESSES via AssetUtils.isPublicIP()	PUBLIC_IP_ADDRESSES
constant	STATUS
derived from AssetBasicInfoResource.type	CATEGORIES
site context	SITE_ID
sum of HardDiskResource.size	TOTAL_DISK_GB
sum of LogicalDiskResource.freeSpace	DISK_FREE_SPACE_GB
sum of MemoryModuleResource.size	TOTAL_MEMORY_GB
sum of ProcessorResource.numberOfCores	CPU_CORES
sync timestamp	LAST_CAPTURED

Installed Package

Table 3: Installed Package attribute mappings

Source Field Name	SDM Attribute
SoftwareResource.architectures	ARCHITECTURES
SoftwareResource.category	SOFTWARE_CATEGORY
SoftwareResource.installDate	INSTALL_DATE
SoftwareResource.installType	INSTALL_TYPE
SoftwareResource.operatingSystems	OPERATING_SYSTEMS
SoftwareResource.publisher	PUBLISHER
SoftwareResource.software	NAME
SoftwareResource.type	SOFTWARE_TYPE
constant	CATEGORIES
constant	STATUS
resolved via assetsWithSoftware N+1 query	TARGETS
software + "-" + version	TYPE
software + "-" + version	UID
sync timestamp	LAST_CAPTURED

Package

Table 4: Package attribute mappings

Source Field Name	SDM Attribute
SoftwareResource.architectures	ARCHITECTURES
SoftwareResource.assets	INSTALL_COUNT
SoftwareResource.category	SOFTWARE_CATEGORY
SoftwareResource.installDate	INSTALL_DATE
SoftwareResource.installType	INSTALL_TYPE
SoftwareResource.languages	LANGUAGES
SoftwareResource.operatingSystems	OPERATING_SYSTEMS
SoftwareResource.publisher	PUBLISHER
SoftwareResource.relatedSoftwareNames	RELATED_SOFTWARE
SoftwareResource.software	NAME
SoftwareResource.type	SOFTWARE_TYPE
SoftwareResource.unspsc	UNSPSC
SoftwareResource.versions[0]	CURRENT_VERSION
constant	CATEGORIES
software + "-" + version	UID
sync timestamp	LAST_CAPTURED

User

Table 5: User attribute mappings

Source Field Name	SDM Attribute
ActiveDirectoryResource.department (fallback: UserResource.department)	DEPARTMENT
ActiveDirectoryResource.email (fallback: UserResource.email)	EMAIL
ActiveDirectoryResource.firstName (fallback: UserResource.firstName)	FIRST_NAME
ActiveDirectoryResource.lastLogon (fallback: UserResource.lastLogon)	LAST_LOGIN
ActiveDirectoryResource.lastName (fallback: UserResource.lastName)	LAST_NAME
ActiveDirectoryResource.title (fallback: UserResource.title)	JOB_TITLE
ActiveDirectoryResource.userName (fallback: UserResource.userName)	USERNAME
UserResource.company	COMPANY
UserResource.countryCode	COUNTRY_CODE
UserResource.description	DESCRIPTION
UserResource.displayName (fallback: name)	NAME
UserResource.employeeId	EMPLOYEE_ID
UserResource.employeeNumber	EMPLOYEE_NUMBER
UserResource.employeeType	EMPLOYEE_TYPE
UserResource.key	UID
UserResource.office	LOCATION
UserResource.ou	OU
UserResource.passwordExpirationDate	PASSWORD_EXPIRATION_DATE
UserResource.passwordLastSet	PASSWORD_LAST_SET
UserResource.passwordNeverExpires	PASSWORD_NEVER_EXPIRES
UserResource.upn	UPN
UserResource.userDomain	USER_DOMAIN
derived from enabled	STATUS
site context	SITE_ID
sync timestamp	LAST_CAPTURED

Vulnerability

Table 6: Vulnerability attribute mappings

Source Field Name	SDM Attribute
VulnerabilityResource.assetKeys	TARGETS
VulnerabilityResource.cve	CVE_IDS
VulnerabilityResource.cve	NAME
VulnerabilityResource.cve	TYPE
VulnerabilityResource.cve	UID
VulnerabilityResource.isActive	PROVIDER_STATUS
VulnerabilityResource.publishedOn	FIRST_FOUND
VulnerabilityResource.riskScore	RISK_SCORE
VulnerabilityResource.severity	SOURCE_SEVERITY
VulnerabilityResource.source	SOURCE
VulnerabilityResource.updatedOn	LAST_FOUND
derived from normalized severity	SEVERITY_SCORE
normalized from VulnerabilityResource.severity	SEVERITY
normalized from provider status	SOURCE_STATUS
sync timestamp	LAST_CAPTURED

Vulnerability Definition

Table 7: Vulnerability Definition attribute mappings

Source Field Name	SDM Attribute
CisaResource.dueDate	CISA_DUE_DATE
CisaResource.exploited	CISA_EXPLOITED
CisaResource.knownRansomwareCampaignUse	CISA_RANSOMWARE
EpssResource.percentile	EPSS_PERCENTILE
EpssResource.score	EPSS_SCORE
MsrcResource.exploitability	MSRC_EXPLOITABILITY
NvdResource.exploitability	NVD_EXPLOITABILITY
NvdResource.impact	NVD_IMPACT
VulnerabilityCauseResource.vendor + affectedProduct	DESCRIPTION
VulnerabilityCauseResource.vendor + affectedProduct + category	TAGS
VulnerabilityExploitabilityResource.exploitable	EXPLOITABLE
VulnerabilityExploitabilityResource.exploitedInTheWild	EXPLOITED_IN_THE_WILD
VulnerabilityExploitabilityResource.exploitTypes	EXPLOIT_TYPES
VulnerabilityReferenceResource.url	REFERENCES
VulnerabilityResource.attackComplexity	ATTACK_COMPLEXITY
VulnerabilityResource.attackVector	ATTACK_VECTOR
VulnerabilityResource.availabilityImpact	AVAILABILITY_IMPACT
VulnerabilityResource.baseScore	BASE_SCORE
VulnerabilityResource.confidentiality	CONFIDENTIALITY_IMPACT
VulnerabilityResource.cve	CVE_IDS
VulnerabilityResource.cve	CVE_RECORDS
VulnerabilityResource.cve	NAME
VulnerabilityResource.cve	UID
VulnerabilityResource.integrity	INTEGRITY_IMPACT
VulnerabilityResource.patchable	PATCHABLE
VulnerabilityResource.privilegeRequired	PRIVILEGE_REQUIRED
VulnerabilityResource.publishedOn	PUBLISHED_DATE
VulnerabilityResource.scope	SCOPE
VulnerabilityResource.severity	SOURCE_SEVERITY
VulnerabilityResource.source	CATEGORIES
VulnerabilityResource.userInteraction	USER_INTERACTION
VulnerabilityResource.weaknessEnumeration	CWE_IDS
VulncheckResource.maxExploitMaturity	VULNCHECK_MATURITY
VulncheckResource.publicExploitFound	VULNCHECK_PUBLIC_EXPLOIT
VulncheckResource.reportedExploitedByBotnets	VULNCHECK_BOTNETS
VulncheckResource.reportedExploitedByRansomware	VULNCHECK_RANSOMWARE
VulncheckResource.reportedExploitedByThreatActors	VULNCHECK_THREAT_ACTORS
derived from normalized severity	SEVERITY_SCORE
normalized from VulnerabilityResource.severity	SEVERITY
sync timestamp	LAST_CAPTURED

Operation options

The Lansweeper connector supports the following operation options:

Table 8: Operation options

Connector Object	Option	All Possible Values	Description	Example
Host	assetType	N/A	Filter by asset type (e.g. "Windows", "Linux")	Key: assetType Value: Windows.
	domain	N/A	Filter by domain	Key: domain Value: example.com.
	ipAddress	N/A	Filter by IP address pattern	Key: ipAddress Value: 192.168.%.
Vulnerability	activeOnly	true, false	Only return active vulnerabilities	Key: activeOnly Value: true.
	severity	N/A	Filter by severity level	Key: severity Value: High.
	source	N/A	Filter by data source (e.g. "NVD")	Key: source Value: NVD.

APIs

The Lansweeper connector uses the Lansweeper GraphQL API. Specifically, it uses the following endpoints:

Table 9: Lansweeper API Endpoints

Connector Object	API Endpoint
Host, Installed Package, Package, User, Vulnerability, Vulnerability Definition	POST https://api.lansweeper.com/api/v2/graphql

Changelog

The Lansweeper connector has undergone the following changes:

note

This connector is part of a bundled release with other connectors from the same vendor. If a version shows "No change", it means that the connector version was updated for consistency as part of the bundle, but no functional changes were made to this specific connector. You can update to or skip this version without affecting your existing configuration.

Table 10: Lansweeper Changelog

Version	Description	Date Published
1.0.0	Initial Integration+ release.	2026-04-13