Skip to main content

Onapsis

Onapsis is a Systems, Applications, and Products (SAP) security tool that identifies and mitigates risks in enterprise applications. You can bring asset and security data from Onapsis into Brinqa to enhance your vulnerability management capabilities and provide a comprehensive view of your application security landscape.

This document details the information you must provide for the connector to authenticate with Onapsis and how to obtain that information from Onapsis. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Onapsis from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Onapsis with Brinqa:

  • Server URL: Your organization's Onapsis platform URL.

  • API key: The API key associated with the Onapsis account, which must have permissions to log in to the API server and return data.

Generate an Onapsis API key

For the Onapsis connector to use the Onapsis GraphQL API, you must provide an API key. Since Onapsis does not allow retrieval of an active key, you must generate a new one. To do so, follow these steps:

  1. Log in to your organization's Onapsis portal.

  2. Click Settings in the bottom-left corner of the page, and then click API Keys.

  3. Give your new API key a name and and click Generate Key.

    A new API key displays. You cannot view this API key again. Copy the API key and save it in a secure location.

  4. Click Close and then Yes.

note

Consult Onapsis documentation for accuracy. If you do not have the permissions to create an API key, contact your Onapsis administrator.

Additional settings

The Onapsis connector contains additional options for specific configuration:

  • Set page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.

  • Skip certificate verification: Select this option to allow for untrusted certificates.

Types of data to retrieve

The Onapsis connector can retrieve the following types of data from the Onapsis API:

Table 1: Data retrieved from Onapsis

Connector ObjectRequiredMaps to Data Model
AssetYesHost
VulnerabilityYesVulnerability
Vulnerability DefinitionYesVulnerability Definition
info

The Onapsis connector does not currently support operation options for the types of data it retrieves.

For detailed steps on how to view the data retrieved from Onapsis in the Brinqa Platform, see How to view your data.

Attribute mappings

Click the tabs below to view the mappings between the source and the Brinqa data model attributes.

Table 2: Asset attribute mappings

Source Field NameMaps to Attribute
business_valueLocal variable
descriptiondescription
detection_statusLocal variable
discovered_onfirstSeen
iduid
is_being_deletedLocal variable
last_alarm_triggered_onLocal variable
last_scannedlastAssessed
last_updatedsourceLastModified
namehostnames, name
owner_idLocal variable
sidLocal variable
stackcategories
statusstatus, statusCategory
status_updated_onLocal variable
tagstags
typecategories
info

Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.

APIs

The Onapsis connector uses the Onapsis GraphQL API. Specifically, it uses the /graphql endpoint and the following queries:

Table 5: Onapsis GraphQL API queries

Connector ObjectGraphQL Query
AssetAsset GraphQL query
VulnerabilityVulnerability GraphQL query
VulnerabilityVulnerability Definition GraphQL query

You must log in to your organization's Onapsis portal to view the Onapsis GraphQL API documentation. To view the Onapsis GraphQL API documentation, follow these steps:

  1. Log in to your organization's Onapsis portal.

  2. Click ? in the upper-right corner of the page, and then click Need support.

  3. Navigate to Setup > Third-party integrations > Onapsis Platform API.

    The link to the GraphQL API documentation is towards the bottom of the page under the Execute your first query video. This page also contains steps and a video on how to generate an API key.

Asset GraphQL query

The following GraphQL query retrieves asset data from Onapsis, such as the unique identifier, name, System ID, asset type, technology stack, description, business value, status, deletion status, last updated date, discovery date, owner ID, detection status, status updated date, last alarm triggered date, last scanned date, and associated tags with their names.

query getAssets($first: Int, $after: Int) {
  nodes: assets(first: $first, after: $after, order_by: {by: last_scanned, order: asc}) {
    id
    name
    sid
    type
    stack
    description
    business_value
    status
    is_being_deleted
    last_updated
    discovered_on
    owner_id
    detection_status
    status_updated_on
    last_alarm_triggered_on
    last_scanned
    tags {
      name
    }
  }
}

Vulnerability GraphQL query

The following GraphQL query retrieves vulnerability data from Onapsis, such as the unique identifier, Onapsis Knowledge Base ID, last detected date, first occurrence date, last scan date, assignee information, scope type, parent path, scope, days unresolved, unresolved since date, reason for the vulnerability, acceptance details, due date, state, last transition details, last module output ID, person who transitioned the vulnerability, vulnerability issue information, and associated asset information.

query getOccurrences($first: Int, $after: Int) {
  nodes: vulnerabilities(first: $first, after: $after, order_by: {by: last_detected_date, order: asc}) {
    id
    okb_id
    last_detected_date
    first_occurrence_date
    last_scan_date
    assignee {
      id
      name
    }
    scope_type
    parent_path
    scope
    days_unresolved
    unresolved_since
    reason
    acceptance {
      from
      due_date {
        date
        type
      }
      reason
      accepted_by {
        name
      }
    }
    due_date {
      date
      type
    }
    state
    last_transition {
      date
      expired_acceptance
    }
    last_module_output_id
    last_scan_date
    transitioned_by
    issue {
      okb_id
      name
    }
    asset {
      id
      name
    }
  }
}

Vulnerability definition GraphQL query

The following query retrieves vulnerability data from Onapsis, such as the Onapsis Knowledge Base ID, name, risk level, description, solution, business impact, associated CVE identifier, CVSS score, SAP Notes links, category, and references with their types and values.

query getIssues($first: Int, $after: Int) {
  nodes: issues(first: $first, after: $after, order_by: {by: okb_id_numeric, order: asc}) {
    okb_id
    name
    risk
    description
    solution
    business_impact
    cve
    cvss
    sap_notes_links
    category
    references {
      type
      value
    }
  }
}

Changelog

The Onapsis connector has undergone the following changes:

3.0.3

  • Added two attributes in the Asset object: TYPE and STACK.

3.0.2

  • Removed the STATUS_CATEGORY attribute from the Asset object.
  • Fixed the list of status categories in the Vulnerability object.

3.0.1

  • Added a SOURCE_STATUS attribute in the Asset object.

3.0.0