Skip to main content

Onapsis

Onapsis is a Systems, Applications, and Products (SAP) security tool that identifies and mitigates risks in enterprise applications. You can bring asset and security data from Onapsis into Brinqa to enhance your vulnerability management capabilities and provide a comprehensive view of your application security landscape.

This document details the information you must provide for the connector to authenticate with Onapsis and how to obtain that information from Onapsis. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Onapsis from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Onapsis with Brinqa:

  • Server URL: Your organization's Onapsis platform URL.

  • API key: The API key associated with the Onapsis account, which must have permissions to log in to the API server and return data.

Generate an Onapsis API key

For the Onapsis connector to use the Onapsis GraphQL API, you must provide an API key. Since Onapsis does not allow retrieval of an active key, you must generate a new one. To do so, follow these steps:

  1. Log in to your organization's Onapsis portal.

  2. Click Settings in the bottom-left corner of the page, and then click API Keys.

  3. Give your new API key a name and and click Generate Key.

    A new API key displays. You cannot view this API key again. Copy the API key and save it in a secure location.

  4. Click Close and then Yes.

note

Consult Onapsis documentation for accuracy. If you do not have the permissions to create an API key, contact your Onapsis administrator.

Additional settings

The Onapsis connector contains additional options for specific configuration:

  • Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.

  • Skip certificate verification: Select this option to allow for untrusted certificates.

Types of data to retrieve

The Onapsis connector can retrieve the following types of data from the Onapsis API:

Table 1: Data retrieved from Onapsis

Connector ObjectRequiredMaps to Data Model
AssetYesHost
VulnerabilityYesVulnerability
Vulnerability DefinitionYesVulnerability Definition
info

The Onapsis connector does not currently support operation options for the types of data it retrieves.

For detailed steps on how to view the data retrieved from Onapsis in the Brinqa Platform, see How to view your data.

Attribute mappings

Click the tabs below to view the mappings between the source and the Brinqa data model attributes.

Table 2: Asset attribute mappings

Source Field NameMaps to Attribute
business_valueLocal variable
descriptiondescription
detection_statusLocal variable
discovered_onfirstSeen
iduid
is_being_deletedLocal variable
last_alarm_triggered_onLocal variable
last_scannedlastAssessed
last_updatedsourceLastModified
namehostnames, name
owner_idLocal variable
sidLocal variable
stackcategories
statusstatus, statusCategory
status_updated_onLocal variable
tagstags
typecategories
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

APIs

The Onapsis connector uses the Onapsis GraphQL API. Specifically, it uses the /graphql endpoint and the following queries:

Asset GraphQL query

The following GraphQL query retrieves asset data from Onapsis, such as the unique identifier, name, System ID, asset type, technology stack, description, business value, status, deletion status, last updated date, discovery date, owner ID, detection status, status updated date, last alarm triggered date, last scanned date, and associated tags with their names.

query getAssets($first: Int, $after: Int) {
nodes: assets(first: $first, after: $after, order_by: {by: last_scanned, order: asc}) {
id
name
sid
type
stack
description
business_value
status
is_being_deleted
last_updated
discovered_on
owner_id
detection_status
status_updated_on
last_alarm_triggered_on
last_scanned
tags {
name
}
}
}
Vulnerability GraphQL query

The following GraphQL query retrieves vulnerability data from Onapsis, such as the unique identifier, Onapsis Knowledge Base ID, last detected date, first occurrence date, last scan date, assignee information, scope type, parent path, scope, days unresolved, unresolved since date, reason for the vulnerability, acceptance details, due date, state, last transition details, last module output ID, person who transitioned the vulnerability, vulnerability issue information, and associated asset information.

query getOccurrences($first: Int, $after: Int) {
nodes: vulnerabilities(first: $first, after: $after, order_by: {by: last_detected_date, order: asc}) {
id
okb_id
last_detected_date
first_occurrence_date
last_scan_date
assignee {
id
name
}
scope_type
parent_path
scope
days_unresolved
unresolved_since
reason
acceptance {
from
due_date {
date
type
}
reason
accepted_by {
name
}
}
due_date {
date
type
}
state
last_transition {
date
expired_acceptance
}
last_module_output_id
last_scan_date
transitioned_by
issue {
okb_id
name
}
asset {
id
name
}
}
}
Vulnerability definition GraphQL query

The following query retrieves vulnerability data from Onapsis, such as the Onapsis Knowledge Base ID, name, risk level, description, solution, business impact, associated CVE identifier, CVSS score, SAP Notes links, category, and references with their types and values.

query getIssues($first: Int, $after: Int) {
nodes: issues(first: $first, after: $after, order_by: {by: okb_id_numeric, order: asc}) {
okb_id
name
risk
description
solution
business_impact
cve
cvss
sap_notes_links
category
references {
type
value
}
}
}

Changelog

The Onapsis connector has undergone the following changes:

3.0.4

  • Added the INSTANCES attribute to the Asset object.

  • Added the ONAPSIS_RESEARCH_LAB and PUBLIC_EXPLOIT attributes to the Vulnerability Definition object.

3.0.3

  • Added two attributes to the Asset object: STACK and TYPE.

3.0.2

  • Removed the STATUS_CATEGORY attribute from the Asset object.

  • Fixed the list of status categories in the Vulnerability object.

3.0.1

  • Added a SOURCE_STATUS attribute to the Asset object.

3.0.0