NetSPI
NetSPI is a penetration testing and vulnerability management platform that provides security assessment services across network, application, and cloud environments. You can bring project, asset, finding, and identity data from NetSPI into Brinqa to gain a unified view of your attack surface, thus strengthening your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with NetSPI and how to obtain that information from NetSPI. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select NetSPI from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate NetSPI with Brinqa:
-
API URL: The NetSPI API base URL. The default format is
https://<server>/. -
API Token: The API token used to authenticate with the NetSPI API. The connector includes this token in the
Authorization: Token <token>header for all API requests. -
Client ID (optional): The client ID included in the query payload to scope data retrieval to a specific client.
Additional settings
The NetSPI connector contains additional options for specific configuration:
- Page size: The maximum number of records to get per API request. The default setting is 100.
- Parallel requests: The maximum number of parallel API requests. The default setting is the minimum of 4 or the number of available CPU cores.
- Maximum retries: The maximum number of times that the integration attempts to connect to the NetSPI API before giving up and reporting a failure. The default setting is 5.
- Request timeout: The maximum number of seconds allotted before an API request times out. The default setting is 120. The maximum allowed value is 300 seconds.
Types of data to retrieve
The NetSPI connector can retrieve the following types of data from the NetSPI API:
Table 1: Data retrieved from NetSPI
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| AD Forest | No | Not Mapped |
| AD Domain | No | Not Mapped |
| AD Organizational Unit | No | Not Mapped |
| AD Service Principal Name | No | Not Mapped |
| AD Trusted Domain | No | Not Mapped |
| Application Instance | No | Not Mapped |
| Cloud Resource | Yes | Cloud Resource |
| Company | No | Not Mapped |
| DNS Domain | Yes | Site |
| DNS Record | No | Not Mapped |
| File | No | Not Mapped |
| File Share | No | Not Mapped |
| Finding | Yes | Pentest Finding |
| Finding Definition | Yes | Pentest Finding Definition |
| Generic Asset | No | Not Mapped |
| Group | No | Not Mapped |
| Host | Yes | Host |
| Identity | Yes | Person |
| IP Address | Yes | Host |
| Location | No | Not Mapped |
| Network Device | No | Not Mapped |
| Operating System | No | Not Mapped |
| Person | Yes | Person |
| Physical Component | No | Not Mapped |
| Policy | No | Not Mapped |
| Project | Yes | Application |
| Source Code | Yes | Code Project |
| Subnet | No | Not Mapped |
info
The NetSPI connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from NetSPI in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
AD Forest
Table 2: AD Forest attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
adForest.clientName() | CLIENT_NAME |
adForest.createdAt() | SOURCE_CREATED_DATE |
adForest.description() | DESCRIPTION |
adForest.details() | DETAILS |
adForest.environment() | ENVIRONMENT |
adForest.id() | UID |
adForest.name() | NAME |
adForest.projectId() | PROJECT_ID |
adForest.projectName() | PROJECT_NAME |
adForest.riskScore() | RISK_SCORE |
adForest.tags[].name | TAGS |
adForest.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
AD Domain
Table 3: AD Domain attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
domain.adObjectSid() | AD_OBJECT_SID |
domain.clientName() | CLIENT_NAME |
domain.commonName() | COMMON_NAME |
domain.createdAt() | SOURCE_CREATED_DATE |
domain.distinguishedName() | DISTINGUISHED_NAME |
domain.forest() | FOREST |
domain.id() | NAME |
domain.id() | UID |
domain.parentDomain() | PARENT_DOMAIN |
domain.projectId() | PROJECT_ID |
domain.projectName() | PROJECT_NAME |
domain.riskScore() | RISK_SCORE |
domain.tags[].name | TAGS |
domain.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (set to "Domain") | CATEGORIES |
| Generated (sync capture timestamp) | LAST_CAPTURED |
AD Organizational Unit
Table 4: AD Organizational Unit attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
organizationalUnit.adObjectSid() | AD_OBJECT_SID |
organizationalUnit.clientName() | CLIENT_NAME |
organizationalUnit.createdAt() | SOURCE_CREATED_DATE |
organizationalUnit.description() | DESCRIPTION |
organizationalUnit.details() | DETAILS |
organizationalUnit.distinguishedName() | DISTINGUISHED_NAME |
organizationalUnit.environment() | ENVIRONMENT |
organizationalUnit.id() | NAME |
organizationalUnit.id() | UID |
organizationalUnit.projectId() | PROJECT_ID |
organizationalUnit.projectName() | PROJECT_NAME |
organizationalUnit.riskScore() | RISK_SCORE |
organizationalUnit.tags[].name | TAGS |
organizationalUnit.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
AD Service Principal Name
Table 5: AD Service Principal Name attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
servicePrincipalName.adDomain() | AD_DOMAIN |
servicePrincipalName.clientName() | CLIENT_NAME |
servicePrincipalName.createdAt() | SOURCE_CREATED_DATE |
servicePrincipalName.description() | DESCRIPTION |
servicePrincipalName.details() | DETAILS |
servicePrincipalName.host() | HOST |
servicePrincipalName.id() | NAME |
servicePrincipalName.id() | UID |
servicePrincipalName.port() | PORT |
servicePrincipalName.projectId() | PROJECT_ID |
servicePrincipalName.projectName() | PROJECT_NAME |
servicePrincipalName.riskScore() | RISK_SCORE |
servicePrincipalName.serviceClass() | SERVICE_CLASS |
servicePrincipalName.serviceIdentity() | SERVICE_IDENTITY |
servicePrincipalName.serviceName() | SERVICE_NAME |
servicePrincipalName.servicePrincipalName() | SERVICE_PRINCIPAL_NAME |
servicePrincipalName.tags[].name | TAGS |
servicePrincipalName.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
AD Trusted Domain
Table 6: AD Trusted Domain attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
trustedDomain.adDomain() | AD_DOMAIN |
trustedDomain.adObjectSid() | AD_OBJECT_SID |
trustedDomain.adTrustDirection() | AD_TRUST_DIRECTION |
trustedDomain.clientName() | CLIENT_NAME |
trustedDomain.createdAt() | SOURCE_CREATED_DATE |
trustedDomain.description() | DESCRIPTION |
trustedDomain.details() | DETAILS |
trustedDomain.distinguishedName() | DISTINGUISHED_NAME |
trustedDomain.id() | NAME |
trustedDomain.id() | UID |
trustedDomain.projectId() | PROJECT_ID |
trustedDomain.projectName() | PROJECT_NAME |
trustedDomain.riskScore() | RISK_SCORE |
trustedDomain.tags[].name | TAGS |
trustedDomain.trustTransitive() | TRUST_TRANSITIVE |
trustedDomain.trustedDomainName() | TRUSTED_DOMAIN_NAME |
trustedDomain.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (set to "Domain") | CATEGORIES |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Application Instance
Table 7: Application Instance attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
applicationInstance.applicationCompanyName() | APPLICATION_COMPANY_NAME |
applicationInstance.applicationCpeName() | APPLICATION_CPE_NAME |
applicationInstance.applicationDescription() | APPLICATION_DESCRIPTION |
applicationInstance.applicationEolDate() | TERMINATION_DATE |
applicationInstance.applicationId() | APP_ID |
applicationInstance.applicationMajorVersion() | APPLICATION_MAJOR_VERSION |
applicationInstance.applicationMinorVersion() | APPLICATION_MINOR_VERSION |
applicationInstance.applicationName() | APP_NAME |
applicationInstance.applicationProductName() | APPLICATION_PRODUCT_NAME |
applicationInstance.applicationReleaseDate() | PUBLISHED_DATE |
applicationInstance.applicationServicePack() | APPLICATION_SERVICE_PACK |
applicationInstance.applicationUrl() | APPLICATION_URL |
applicationInstance.applicationVersion() | APPLICATION_VERSION |
applicationInstance.authenticationMode() | AUTHENTICATION_MODE |
applicationInstance.clientName() | CLIENT_NAME |
applicationInstance.createdAt() | SOURCE_CREATED_DATE |
applicationInstance.description() | DESCRIPTION |
applicationInstance.forcedEncryption() | FORCED_ENCRYPTION |
applicationInstance.hostNames() | HOSTNAMES |
applicationInstance.id() | UID |
applicationInstance.installDate() | INSTALL_DATE |
applicationInstance.installPath() | INSTALL_PATH |
applicationInstance.isClustered() | IS_CLUSTERED |
applicationInstance.name() | NAME |
applicationInstance.namedPipe() | NAMED_PIPE |
applicationInstance.ownerIdentityId() | OWNER_IDENTITY_ID |
applicationInstance.parentApplicationInstanceId() | PARENT_APPLICATION_INSTANCE_ID |
applicationInstance.processName() | PROCESS_NAME |
applicationInstance.projectId() | PROJECT_ID |
applicationInstance.projectName() | PROJECT_NAME |
applicationInstance.riskScore() | RISK_SCORE |
applicationInstance.serviceAccount() | SERVICE_ACCOUNT |
applicationInstance.serviceName() | SERVICE_NAME |
applicationInstance.tags[].name | TAGS |
applicationInstance.targetHardware() | TARGET_HARDWARE |
applicationInstance.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (set to "Application") | CATEGORIES |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Cloud Resource
Table 8: Cloud Resource attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
cloudResource.accountId() | CLOUD_ACCOUNT_ID |
cloudResource.accountName() | CLOUD_ACCOUNT_NAME |
cloudResource.assetPhysicalLocation() | ASSET_PHYSICAL_LOCATION |
cloudResource.clientName() | CLIENT_NAME |
cloudResource.cloudProvider() | CLOUD_PROVIDER |
cloudResource.createdAt() | SOURCE_CREATED_DATE |
cloudResource.id() | NAME |
cloudResource.id() | UID |
cloudResource.macAddress() | MAC_ADDRESSES |
cloudResource.projectId() | PROJECT_ID |
cloudResource.projectName() | PROJECT_NAME |
cloudResource.resourceIdentifier() | RESOURCE_IDENTIFIER |
cloudResource.riskScore() | RISK_SCORE |
cloudResource.tags[].name | TAGS |
cloudResource.updatedAt() | SOURCE_LAST_MODIFIED |
cloudResource.vpcId() | VPC_ID |
| Generated (set to "Cloud Resource") | CATEGORIES |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Company
Table 9: Company attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
company.clientName() | CLIENT_NAME |
company.createdAt() | SOURCE_CREATED_DATE |
company.id() | UID |
company.name() | NAME |
company.projectId() | PROJECT_ID |
company.projectName() | PROJECT_NAME |
company.riskScore() | RISK_SCORE |
company.tags[].name | TAGS |
company.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
DNS Domain
Table 10: DNS Domain attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
domain.assetOwner() | ASSET_OWNER |
domain.clientName() | CLIENT_NAME |
domain.createdAt() | SOURCE_CREATED_DATE |
domain.description() | DESCRIPTION |
domain.id() | UID |
domain.name() | NAME |
domain.portNumber() | PORT |
domain.portProtocol() | PROTOCOL |
domain.projectId() | PROJECT_ID |
domain.projectName() | PROJECT_NAME |
domain.riskScore() | RISK_SCORE |
domain.subdomainName() | SUB_DOMAIN_NAME |
domain.tags[].name | TAGS |
domain.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (set to "Domain") | CATEGORIES |
| Generated (sync capture timestamp) | LAST_CAPTURED |
DNS Record
Table 11: DNS Record attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
record.active() | ACTIVE |
record.clientName() | CLIENT_NAME |
record.createdAt() | SOURCE_CREATED_DATE |
record.domain() | DOMAIN |
record.id() | UID |
record.ipAddress() | IP_ADDRESSES |
record.name() | DNS_NAMES |
record.name() | NAME |
record.projectId() | PROJECT_ID |
record.projectName() | PROJECT_NAME |
record.recordTypeId() | RECORD_TYPE_ID |
record.riskScore() | RISK_SCORE |
record.subDomain() | SUB_DOMAIN |
record.tags[].name | TAGS |
record.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
File Share
Table 12: File Share attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
fileShare.clientName() | CLIENT_NAME |
fileShare.createdAt() | SOURCE_CREATED_DATE |
fileShare.fileCount() | FILE_COUNT |
fileShare.fileListHash() | FILE_LIST_HASH |
fileShare.fileListTotalFileSize() | FILE_LIST_TOTAL_FILE_SIZE |
fileShare.fileShareType() | FILE_SHARE_TYPE |
fileShare.id() | UID |
fileShare.identity() | IDENTITY |
fileShare.lastAccessed() | LAST_ACCESSED |
fileShare.path() | PATH |
fileShare.projectId() | PROJECT_ID |
fileShare.projectName() | PROJECT_NAME |
fileShare.riskScore() | RISK_SCORE |
fileShare.tags[].name | TAGS |
fileShare.uncPath() | UNC_PATH |
fileShare.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
File
Table 13: File attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
file.clientName() | CLIENT_NAME |
file.createdAt() | SOURCE_CREATED_DATE |
file.fileShare() | FILE_SHARE |
file.hash() | HASH |
file.hasNonPublicData() | HAS_NON_PUBLIC_DATA |
file.hasPasswords() | HAS_PASSWORDS |
file.hasSensitiveData() | HAS_SENSITIVE_DATA |
file.hashPasswordsVerified() | HASH_PASSWORDS_VERIFIED |
file.highRisk() | HIGH_RISK |
file.host() | HOST |
file.id() | UID |
file.identity() | IDENTITY |
file.lastAccessed() | LAST_ACCESSED |
file.path() | PATH |
file.projectId() | PROJECT_ID |
file.projectName() | PROJECT_NAME |
file.riskScore() | RISK_SCORE |
file.tags[].name | TAGS |
file.uncPath() | UNC_PATH |
file.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Finding
Table 14: Finding attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
finding.affectedSource(), finding.affectedSourceLine(), finding.affectedUrl() | PATH |
finding.assetId(), finding.projectId(), finding.targets() | TARGETS |
finding.assetLabel() | ASSET_NAME |
finding.attackParameter() | ATTACK_PARAM |
finding.authenticationState() | USER_AUTH_STATE |
finding.confidenceLevel() | CONFIDENCE_LEVEL |
finding.createdAt() | SOURCE_CREATED_DATE |
finding.dctAlertLevel() | DETECTION_CONTROL_ALERT_LEVEL |
finding.dctBlockLevel() | DETECTION_CONTROL_BLOCK_LEVEL |
finding.dctDetectionLevel() | DETECTION_CONTROL_DETECTION_LEVEL |
finding.dctLogLevel() | DETECTION_CONTROL_LOG_LEVEL |
finding.dctResponseLevel() | DETECTION_CONTROL_RESPONSE_LEVEL |
finding.detectionLevel() | DETECTION_LEVEL |
finding.externalIdentifier() | EXTERNAL_IDENTIFIER |
finding.findingTemplateUid() | TYPE |
finding.firstSeenAt() | FIRST_SEEN |
finding.id() | UID |
finding.isEntryPoint() | ENTRY_POINT |
finding.lastSeenAt() | LAST_SEEN |
finding.name() | NAME |
finding.port() | PORT |
finding.portProtocol() | PROTOCOL |
finding.projectId() | PROJECT_ID |
finding.remediationActualDate() | REMEDIATED_ON |
finding.remediationDueDate() | REMEDIATION_DUE_DATE |
finding.state() | PROVIDER_STATUS |
finding.state() (normalized) | SOURCE_STATUS |
finding.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Finding Definition
Table 15: Finding Definition attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
finding.businessImpact() | BUSINESS_IMPACT |
finding.cvssV2Score() | CVSS_V2_BASE_SCORE |
finding.cvssV2Vector() (calculated) | CVSS_V2_VECTOR |
finding.cvssV3Score() | CVSS_V3_BASE_SCORE |
finding.cvssV3Vector() (calculated) | CVSS_V3_VECTOR |
finding.cvssV4Score() | CVSS_V4_BASE_SCORE |
finding.cvssV4Vector() (calculated) | CVSS_V4_VECTOR |
finding.cwe() | CWE_IDS |
finding.cwe() (prefixed with "CWE-") | WEAKNESSES |
finding.description() | DESCRIPTION |
finding.name() | NAME |
finding.remediationInstructions() | RECOMMENDATION |
finding.severityId() (calculated) | SEVERITY_SCORE |
finding.severityId() (normalized) | SEVERITY |
finding.severityId() | SOURCE_SEVERITY |
findingTemplateUid | UID |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Generic Asset
Table 16: Generic Asset attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
genericAsset.assetPhysicalLocation() | PHYSICAL_LOCATION |
genericAsset.clientName() | CLIENT_NAME |
genericAsset.createdAt() | SOURCE_CREATED_DATE |
genericAsset.id() | UID |
genericAsset.projectId() | PROJECT_ID |
genericAsset.projectName() | PROJECT_NAME |
genericAsset.riskScore() | RISK_SCORE |
genericAsset.tags[].name | TAGS |
genericAsset.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Group
Table 17: Group attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
group.adDistinguishedName() | AD_DISTINGUISHED_NAME |
group.adObjectSid() | AD_OBJECT_SID |
group.clientName() | CLIENT_NAME |
group.createdAt() | SOURCE_CREATED_DATE |
group.externalIdentifier() | EXTERNAL_IDENTIFIER |
group.groupTypeId() | GROUP_TYPE_ID |
group.id() | NAME |
group.id() | UID |
group.isDisabled() | IS_DISABLED |
group.isFixedRole() | IS_FIXED_ROLE |
group.owner() | OWNER |
group.projectId() | PROJECT_ID |
group.projectName() | PROJECT_NAME |
group.riskScore() | RISK_SCORE |
group.samAccountName() | SAM_ACCOUNT_NAME |
group.tags[].name | TAGS |
group.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Host
Table 18: Host attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
host.clientName() | CLIENT_NAME |
host.createdAt() | SOURCE_CREATED_DATE |
host.domain() | DOMAIN |
host.hostType() | HOST_TYPE |
host.id() | UID |
host.ipAddresses[].address | IP_ADDRESSES |
host.ipAddresses[].address (private) | PRIVATE_IP_ADDRESSES |
host.ipAddresses[].address (public) | PUBLIC_IP_ADDRESSES |
host.names() | HOSTNAMES |
host.projectId() | PROJECT_ID |
host.projectName() | PROJECT_NAME |
host.riskScore() | RISK_SCORE |
host.tags[].name | TAGS |
host.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (set to "Host") | CATEGORIES |
| Generated (sync capture timestamp) | LAST_CAPTURED |
IP Address
Table 19: IP Address attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
ipAddress.address() | IP_ADDRESSES |
ipAddress.address() (private) | PRIVATE_IP_ADDRESSES |
ipAddress.address() (public) | PUBLIC_IP_ADDRESSES |
ipAddress.clientName() | CLIENT_NAME |
ipAddress.createdAt() | SOURCE_CREATED_DATE |
ipAddress.id() | UID |
ipAddress.isDiscoveredByNetspi() | DISCOVERED_BY_NETSPI |
ipAddress.projectId() | PROJECT_ID |
ipAddress.projectName() | PROJECT_NAME |
ipAddress.riskScore() | RISK_SCORE |
ipAddress.tags[].name | TAGS |
ipAddress.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (set to "Host") | CATEGORIES |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Identity
Table 20: Identity attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
identity.adDistinguishedName() | AD_DISTINGUISHED_NAME |
identity.adDomain() | AD_DOMAIN |
identity.adObjectSid() | AD_OBJECT_SID |
identity.authenticationRealm() | AUTHENTICATION_REALM |
identity.clientName() | CLIENT_NAME |
identity.createdAt() | SOURCE_CREATED_DATE |
identity.email() | EMAILS |
identity.firstName() | FIRST_NAME |
identity.id() | UID |
identity.identityType() | IDENTITY_TYPE |
identity.isMfaEnabled() | IS_MFA_ENABLED |
identity.isPrivileged() | IS_PRIVILEGED |
identity.isRole() | IS_ROLE |
identity.isUnAuthenticated() | IS_UNAUTHENTICATED |
identity.lastName() | LAST_NAME |
identity.projectId() | PROJECT_ID |
identity.projectName() | PROJECT_NAME |
identity.riskScore() | RISK_SCORE |
identity.samAccountName() | SAM_ACCOUNT_NAME |
identity.tags[].name | TAGS |
identity.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (set to "Person", "Identity") | CATEGORIES |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Location
Table 21: Location attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
location.address() | ADDRESS |
location.city() | CITY |
location.clientName() | CLIENT_NAME |
location.country() | COUNTRY |
location.createdAt() | SOURCE_CREATED_DATE |
location.id() | UID |
location.locationZone() | LOCATION_ZONE |
location.projectId() | PROJECT_ID |
location.projectName() | PROJECT_NAME |
location.riskScore() | RISK_SCORE |
location.state() | STATE |
location.tags[].name | TAGS |
location.updatedAt() | SOURCE_LAST_MODIFIED |
location.zip() | POSTAL_CODE |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Network Device
Table 22: Network Device attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
device.clientName() | CLIENT_NAME |
device.createdAt() | SOURCE_CREATED_DATE |
device.id() | NAME |
device.id() | UID |
device.projectId() | PROJECT_ID |
device.projectName() | PROJECT_NAME |
device.riskScore() | RISK_SCORE |
device.tags[].name | TAGS |
device.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Operating System
Table 23: Operating System attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
operatingSystem.build() | BUILD |
operatingSystem.clientName() | CLIENT_NAME |
operatingSystem.createdAt() | SOURCE_CREATED_DATE |
operatingSystem.endOfLifeDate() | END_OF_LIFE_DATE |
operatingSystem.extendedSupportEndDate() | EXTENDED_SUPPORT_END_DATE |
operatingSystem.id() | UID |
operatingSystem.majorVersion() | MAJOR_VERSION |
operatingSystem.minorVersion() | MINOR_VERSION |
operatingSystem.osType() | OS_TYPE |
operatingSystem.parentCompany() | PARENT_COMPANY |
operatingSystem.platform() | PLATFORM |
operatingSystem.projectId() | PROJECT_ID |
operatingSystem.projectName() | PROJECT_NAME |
operatingSystem.releaseDate() | RELEASE_DATE |
operatingSystem.riskScore() | RISK_SCORE |
operatingSystem.tags[].name | TAGS |
operatingSystem.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Person
Table 24: Person attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
person.clientName() | CLIENT_NAME |
person.companyId() | COMPANY_ID |
person.createdAt() | SOURCE_CREATED_DATE |
person.emails() | EMAILS |
person.employeeId() | EMPLOYEE_ID |
person.firstName() | FIRST_NAME |
person.id() | UID |
person.jobTitle() | JOB_TITLE |
person.lastName() | LAST_NAME |
person.parentLocation() | PARENT_LOCATION |
person.projectId() | PROJECT_ID |
person.projectName() | PROJECT_NAME |
person.riskScore() | RISK_SCORE |
person.tags[].name | TAGS |
person.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (set to "Person", "Identity") | CATEGORIES |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Physical Component
Table 25: Physical Component attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
physicalComponent.clientName() | CLIENT_NAME |
physicalComponent.createdAt() | SOURCE_CREATED_DATE |
physicalComponent.id() | UID |
physicalComponent.parentCompany() | PARENT_COMPANY |
physicalComponent.parentLocation() | PARENT_LOCATION |
physicalComponent.parentPhysicalComponent() | PARENT_PHYSICAL_COMPONENT |
physicalComponent.physicalComponentTypeId() | PHYSICAL_COMPONENT_TYPE_ID |
physicalComponent.projectId() | PROJECT_ID |
physicalComponent.projectName() | PROJECT_NAME |
physicalComponent.riskScore() | RISK_SCORE |
physicalComponent.tags[].name | TAGS |
physicalComponent.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Policy
Table 26: Policy attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
policy.clientName() | CLIENT_NAME |
policy.createdAt() | SOURCE_CREATED_DATE |
policy.department() | DEPARTMENT |
policy.id() | UID |
policy.owner() | OWNER |
policy.parentCompany() | PARENT_COMPANY |
policy.policyCategoryId() | POLICY_CATEGORY_ID |
policy.policySubTypeId() | POLICY_SUB_TYPE_ID |
policy.policyTypeId() | POLICY_TYPE_ID |
policy.projectId() | PROJECT_ID |
policy.projectName() | PROJECT_NAME |
policy.riskScore() | RISK_SCORE |
policy.tags[].name | TAGS |
policy.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Project
Table 27: Project attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
project.assetCategoryName() + Application | CATEGORIES |
project.assets() | ASSETS |
project.clientName() | CLIENT_NAME |
project.description() | DESCRIPTION |
project.endDate() | END_DATE |
project.id() | UID |
project.industryRiskScore() | INDUSTRY_RISK_SCORE |
project.name() | NAME |
project.openFindings() | OPEN_FINDINGS |
project.projectType() | PROJECT_TYPE |
project.remediationRiskScore() | REMEDIATION_RISK_SCORE |
project.riskScore() | RISK_SCORE |
project.scope() | SCOPE |
project.shortName() | SHORT_NAME |
project.startDate() | START_DATE |
project.tags[].name | TAGS |
project.vulnerabilityRiskScore() | VULNERABILITY_RISK_SCORE |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Source Code
Table 28: Source Code attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
sourceCode.clientName() | CLIENT_NAME |
sourceCode.createdAt() | SOURCE_CREATED_DATE |
sourceCode.id() | NAME |
sourceCode.id() | UID |
sourceCode.projectId() | PROJECT_ID |
sourceCode.projectName() | PROJECT_NAME |
sourceCode.riskScore() | RISK_SCORE |
sourceCode.tags[].name | TAGS |
sourceCode.updatedAt() | SOURCE_LAST_MODIFIED |
| Generated (sync capture timestamp) | LAST_CAPTURED |
Subnet
Table 29: Subnet attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
subnet.cidr() | CIDR |
subnet.clientName() | CLIENT_NAME |
subnet.createdAt() | SOURCE_CREATED_DATE |
subnet.description() | DESCRIPTION |
subnet.dhcpRange() | DHCP_RANGE |
subnet.endIp() | END_IP |
subnet.id() | UID |
subnet.interfaceName() | INTERFACE_NAME |
subnet.isDHCP() | IS_DHCP |
subnet.isIPV4() | IS_IPV4 |
subnet.isWireless() | IS_WIRELESS |
subnet.netMask() | NET_MASK |
subnet.ownerId() | OWNER_ID |
subnet.projectId() | PROJECT_ID |
subnet.projectName() | PROJECT_NAME |
subnet.riskScore() | RISK_SCORE |
subnet.sid() | SID |
subnet.startIp() | START_IP |
subnet.subnetExternalIdentifier() | SUBNET_EXTERNAL_IDENTIFIER |
subnet.tags[].name | TAGS |
subnet.updatedAt() | SOURCE_LAST_MODIFIED |
subnet.vlanId() | VLAN_ID |
| Generated (sync capture timestamp) | LAST_CAPTURED |
APIs
The NetSPI connector uses the NetSPI Query API. Specifically, it uses the following endpoint for all connector objects:
Table 30: NetSPI API endpoints
| Connector Object | API Endpoint |
|---|---|
| AD Domain | POST {baseUrl}/api/query — query model: ad_domain |
| AD Forest | POST {baseUrl}/api/query — query model: ad_forest |
| AD Organizational Unit | POST {baseUrl}/api/query — query model: ad_organizational_unit |
| AD Service Principal Name | POST {baseUrl}/api/query — query model: ad_service_principal_name |
| AD Trusted Domain | POST {baseUrl}/api/query — query model: ad_trusted_domain |
| Application Instance | POST {baseUrl}/api/query — query model: application_instance |
| Cloud Resource | POST {baseUrl}/api/query — query model: cloud_resource |
| Company | POST {baseUrl}/api/query — query model: company |
| DNS Domain | POST {baseUrl}/api/query — query model: domain |
| DNS Record | POST {baseUrl}/api/query — query model: dns_record |
| File | POST {baseUrl}/api/query — query model: file |
| File Share | POST {baseUrl}/api/query — query model: file_share |
| Finding, Finding Definition | POST {baseUrl}/api/query — query model: finding |
| Generic Asset | POST {baseUrl}/api/query — query model: generic_asset |
| Group | POST {baseUrl}/api/query — query model: group |
| Host | POST {baseUrl}/api/query — query model: host |
| Identity | POST {baseUrl}/api/query — query model: identity |
| IP Address | POST {baseUrl}/api/query — query model: ip_address |
| Location | POST {baseUrl}/api/query — query model: location |
| Network Device | POST {baseUrl}/api/query — query model: network_device |
| Operating System | POST {baseUrl}/api/query — query model: operating_system |
| Person | POST {baseUrl}/api/query — query model: person |
| Physical Component | POST {baseUrl}/api/query — query model: physical_component |
| Policy | POST {baseUrl}/api/query — query model: policy |
| Project | POST {baseUrl}/api/query — query model: project |
| Source Code | POST {baseUrl}/api/query — query model: source_code |
| Subnet | POST {baseUrl}/api/query — query model: subnet |
Changelog
The NetSPI connector has undergone the following changes:
Table 31: NetSPI connector changelog
| Version | Description | Date Published |
|---|---|---|
| 3.0.2 | Fixed Host sync failure caused by null elements in names arrays. Fixed IPAddress sync failure caused by tags data type mismatch. Refactored tag handling across all asset and project models. Improved handling of missing data in API responses. | April 30th, 2026 |
| 3.0.0 | Initial Integration+ release. | April 30th, 2026 |