
Onapsis
SAP Security- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
Data retrieved from Onapsis
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Asset | Yes | Host |
| Vulnerability | Yes | Vulnerability |
| Vulnerability Definition | Yes | Vulnerability Definition |
| Note | Yes | Note |
Model relationships
For detailed steps on how to view the data retrieved from Onapsis in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select Onapsis from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| Server URL | Yes | https://<server_name> | Onapsis platform URL |
| API Key | Yes | — | Onapsis platform user account API key |
| Page Size | No | 100 | Maximum number of records to get per API request |
| Max Retries | No | 5 | Maximum number of retry attempts for failed API requests |
| Parallel Requests | No | min(2, availableProcessors) | Maximum number of parallel API requests |
| SSL / TLS | No | false | Skip certificate verification |
How to obtain Onapsis credentials
The connector uses API key-based authentication to obtain a Bearer token from the Onapsis API.
Obtain the required credentials (url, apiKey) from your Onapsis administrator or the Onapsis admin console, then enter them in the connection settings above.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
Asset
| Source Field Name | SDM Attribute |
|---|---|
| asset_role_type | ASSET_ROLE_TYPE |
| business_value | BUSINESS_VALUE |
components[].ip | HOSTNAMES |
components[].ip | INSTANCES |
description | DESCRIPTION |
| detection_status | DETECTION_STATUS |
| discovered_on | FIRST_SEEN |
id | UID |
| is_being_deleted | IS_BEING_DELETED |
| last_alarm_triggered_on | LAST_ALARM_TRIGGERED_ON |
| last_scanned | LAST_ASSESSED |
| last_updated | SOURCE_LAST_MODIFIED |
name | NAME |
| owner_id | OWNER_ID |
sid | SID |
snc.protection_mode | SNC_PROTECTION_MODE |
snc.status | SNC_STATUS |
stack | STACK |
stack | CATEGORIES |
status | SOURCE_STATUS |
status | STATUS |
| status_updated_on | STATUS_UPDATED_ON |
| sync timestamp | LAST_CAPTURED |
tags[].name | TAGS |
type | TYPE |
Vulnerability
| Source Field Name | SDM Attribute |
|---|---|
acceptance.accepted_by.name | ACCEPTED_BY |
acceptance.due_date.date | ACCEPTANCE_DUE_DATE |
acceptance.from | ACCEPTANCE_START_FROM |
asset.components[].ip | HOSTNAMES |
asset.id | TARGETS |
assignee.name | ASSIGNEE |
| days_unresolved | DAYS_UNRESOLVED |
due_date.date | DUE_DATE |
| first_occurrence_date | FIRST_FOUND |
id | UID |
issue.name | NAME |
issue.okb_id | TYPE |
| last_detected_date | LAST_FOUND |
| last_module_output | LAST_MODULE_OUTPUT |
| last_module_output | RESULTS |
| last_module_output_id | LAST_MODULE_OUTPUT_ID |
| last_scan_date | LAST_SCAN_DATE |
last_transition.date | LAST_TRANSITION_DATE |
last_transition.expired_acceptance | LAST_TRANSITION_EXPIRED_ACCEPTANCE |
| parent_path | PARENT_PATH |
reason | REASON |
scope | SCOPE |
| scope_type | SCOPE_TYPE |
state | SOURCE_STATUS |
state | STATUS |
state | STATUS_CATEGORY |
| sync timestamp | LAST_CAPTURED |
| transitioned_by | TRANSITIONED_BY |
| unresolved_since | UNRESOLVED_SINCE |
Vulnerability Definition
| Source Field Name | SDM Attribute |
|---|---|
| business_impact | BUSINESS_IMPACT |
category | CATEGORIES |
cve | CVE_IDS |
cve | CVE_RECORDS |
description | DESCRIPTION |
name | NAME |
| okb_id | UID |
| onapsis_research_lab | ONAPSIS_RESEARCH_LAB |
| public_exploit | PUBLIC_EXPLOIT |
references | REFERENCES |
references[].CVE_AND_CVSS | CVSS_V3_VECTOR |
references[].CVE_AND_CVSS | CVSS_V3_BASE_SCORE |
references[].CVE_AND_CVSS | CVSS_V3_TEMPORAL_SCORE |
references[].CVE_AND_CVSS | CVSS_V3_AV |
references[].CVE_AND_CVSS | CVSS_V3_AC |
references[].CVE_AND_CVSS | CVSS_V3_PR |
references[].CVE_AND_CVSS | CVSS_V3_UI |
references[].CVE_AND_CVSS | CVSS_V3_CI |
references[].CVE_AND_CVSS | CVSS_V3_II |
references[].CVE_AND_CVSS | CVSS_V3_AI |
references[].CVE_AND_CVSS | CVSS_V3_SEVERITY |
references[].CVE_AND_CVSS | CVSS_V3_E |
references[].CVE_AND_CVSS | CVSS_V3_RL |
references[].CVE_AND_CVSS | CVSS_V3_RC |
risk | RISK |
risk | SOURCE_SEVERITY |
risk | SEVERITY |
risk | SEVERITY_SCORE |
| sap_notes_links | SAP_NOTE_LINKS |
solution | RECOMMENDATION |
| sync timestamp | LAST_CAPTURED |
Note
| Source Field Name | SDM Attribute |
|---|---|
asset.id | TARGETS |
asset.id | ASSET_ID |
asset.sid | ASSET_SID |
| implementation_status | SOURCE_STATUS |
| last_updated | SOURCE_LAST_MODIFIED |
note.cvss_score | CVSS_SCORE |
note.id | UID |
note.latest_release_date | LATEST_RELEASE_DATE |
note.name | NAME |
note.note_url | NOTE_URL |
note.priority | PRIORITY |
related_vulnerability.id | RELATED_VULNERABILITY |
| sync timestamp | LAST_CAPTURED |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
Asset
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
The connector README does not document a data source for this object.
Vulnerability
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
The connector README does not document a data source for this object.
Vulnerability Definition
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
The connector README does not document a data source for this object.
Note
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
The connector README does not document a data source for this object.
Changelog
The Onapsis connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 3.0.10 | Improvements - The Asset model's "Instances" attribute now participates in cross-connector consolidation with the correct priority (registered via the shared attribute helper), so connector-sourced values are consolidated consistently rather than treated as independent. Bug Fixes - Corrected the Vulnerability "Acceptance start date" attribute to be stored as a proper timestamp. The API returns the acceptance "from" value as a date string, which was being written into a timestamp attribute and aborting the Vulnerability sync; the string is now parsed to a timestamp (and omitted when absent or unparseable). | • Vulnerability: re-sync the Onapsis connector to populate "Acceptance start date" with the corrected timestamp value. |
| 3.0.8 | New Features - Vulnerability Module Output: Added support for collecting detailed module output data from Onapsis. This information is now available in the LAST_MODULE_OUTPUT and RESULTS attributes on vulnerability records as a structured JSON string, providing deeper context for identified issues. | N/A |
| 3.0.9 | Improvements - Improved formatting and JSON serialization of the vulnerability module output to enhance readability - Streamlined the handling of CVSS metrics - Replaced the TYPE attribute with a more descriptive ASSET_TYPE attribute on Asset records - Improved data quality by strengthening validation of empty and blank values across all models - Standardized retry configuration to align with platform defaults - Fixed a typo in configuration validation error messagesz | • Asset: The TYPE attribute has been replaced with ASSET_TYPE — Action: re-sync Asset data |