Onapsis
Onapsis is a Systems, Applications, and Products (SAP) security tool that identifies and mitigates risks in enterprise applications. You can bring asset and security data from Onapsis into Brinqa to enhance your vulnerability management capabilities and provide a comprehensive view of your application security landscape.
This document details the information you must provide for the connector to authenticate with Onapsis and how to obtain that information from Onapsis. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Onapsis from the Connector dropdown. If you cannot find the connector in the dropdown, make sure that you have installed it first. You must provide the following information to authenticate Onapsis with Brinqa:
-
Server URL: Your organization's Onapsis platform URL.
-
API key: The API key associated with the Onapsis account, which must have permissions to log in to the API server and return data.
Generate an Onapsis API key
For the Onapsis connector to use the Onapsis GraphQL API, you must provide an API key. Since Onapsis does not allow retrieval of an active key, you must generate a new one. To do so, follow these steps:
-
Log in to your organization's Onapsis portal.
-
Click Settings in the bottom-left corner of the page, and then click API Keys.
-
Give your new API key a name and click Generate Key.
A new API key displays. You cannot view this API key again. Copy the API key and save it in a secure location.
-
Click Close and then Yes.
Consult Onapsis documentation for accuracy. If you do not have the permissions to create an API key, contact your Onapsis administrator.
Additional settings
The Onapsis connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.
-
Skip certificate verification: Select this option to allow for untrusted certificates.
Types of data to retrieve
The Onapsis connector can retrieve the following types of data from the Onapsis API:
Table 1: Data retrieved from Onapsis
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Asset | Yes | Host |
| Note | Yes | — |
| Vulnerability | Yes | Vulnerability |
| Vulnerability Definition | Yes | Vulnerability Definition |
The Onapsis connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from Onapsis in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Asset
Table 2: Asset attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
asset_role_type | ASSET_ROLE_TYPE |
business_value | BUSINESS_VALUE |
components[].ip | HOSTNAMES |
components[].ip | INSTANCES |
description | DESCRIPTION |
detection_status | DETECTION_STATUS |
discovered_on | FIRST_SEEN |
| Generated (sync capture timestamp) | LAST_CAPTURED |
id | UID |
is_being_deleted | IS_BEING_DELETED |
last_alarm_triggered_on | LAST_ALARM_TRIGGERED_ON |
last_scanned | LAST_ASSESSED |
last_updated | SOURCE_LAST_MODIFIED |
name | NAME |
owner_id | OWNER_ID |
sid | SID |
snc.protection_mode | SNC_PROTECTION_MODE |
snc.status | SNC_STATUS |
stack | CATEGORIES |
stack | STACK |
status | SOURCE_STATUS |
status | STATUS |
status_updated_on | STATUS_UPDATED_ON |
tags[].name | TAGS |
type | ASSET_TYPE |
Vulnerability
Table 3: Vulnerability attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
acceptance.accepted_by.name | ACCEPTED_BY |
acceptance.due_date.date | ACCEPTANCE_DUE_DATE |
acceptance.from | ACCEPTANCE_START_FROM |
asset.components[].ip | HOSTNAMES |
asset.id | TARGETS |
assignee.name | ASSIGNEE |
days_unresolved | DAYS_UNRESOLVED |
due_date.date | DUE_DATE |
first_occurrence_date | FIRST_FOUND |
id | UID |
issue.name | NAME |
issue.okb_id | TYPE |
last_detected_date | LAST_FOUND |
| Generated (sync capture timestamp) | LAST_CAPTURED |
last_module_output | LAST_MODULE_OUTPUT |
last_module_output | RESULTS |
last_module_output_id | LAST_MODULE_OUTPUT_ID |
last_scan_date | LAST_SCAN_DATE |
last_transition.date | LAST_TRANSITION_DATE |
last_transition.expired_acceptance | LAST_TRANSITION_EXPIRED_ACCEPTANCE |
parent_path | PARENT_PATH |
reason | REASON |
scope | SCOPE |
scope_type | SCOPE_TYPE |
state | SOURCE_STATUS |
state | STATUS |
state | STATUS_CATEGORY |
transitioned_by | TRANSITIONED_BY |
unresolved_since | UNRESOLVED_SINCE |
Vulnerability Definition
Table 4: Vulnerability Definition attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
business_impact | BUSINESS_IMPACT |
category | CATEGORIES |
cve | CVE_IDS |
cve | CVE_RECORDS |
references[].CVE_AND_CVSS | CVSS_V3_AC |
references[].CVE_AND_CVSS | CVSS_V3_AI |
references[].CVE_AND_CVSS | CVSS_V3_AV |
references[].CVE_AND_CVSS | CVSS_V3_BASE_SCORE |
references[].CVE_AND_CVSS | CVSS_V3_CI |
references[].CVE_AND_CVSS | CVSS_V3_E |
references[].CVE_AND_CVSS | CVSS_V3_II |
references[].CVE_AND_CVSS | CVSS_V3_PR |
references[].CVE_AND_CVSS | CVSS_V3_RC |
references[].CVE_AND_CVSS | CVSS_V3_RL |
references[].CVE_AND_CVSS | CVSS_V3_SEVERITY |
references[].CVE_AND_CVSS | CVSS_V3_TEMPORAL_SCORE |
references[].CVE_AND_CVSS | CVSS_V3_UI |
references[].CVE_AND_CVSS | CVSS_V3_VECTOR |
description | DESCRIPTION |
| Generated (sync capture timestamp) | LAST_CAPTURED |
name | NAME |
onapsis_research_lab | ONAPSIS_RESEARCH_LAB |
public_exploit | PUBLIC_EXPLOIT |
references | REFERENCES |
risk | RISK |
risk | SEVERITY |
risk | SEVERITY_SCORE |
risk | SOURCE_SEVERITY |
sap_notes_links | SAP_NOTE_LINKS |
solution | RECOMMENDATION |
okb_id | UID |
Note
Table 5: Note attribute mappings
| Source Field Name | SDM Attribute |
|---|---|
asset.id | ASSET_ID |
asset.id | TARGETS |
asset.sid | ASSET_SID |
implementation_status | SOURCE_STATUS |
| Generated (sync capture timestamp) | LAST_CAPTURED |
last_updated | SOURCE_LAST_MODIFIED |
note.cvss_score | CVSS_SCORE |
note.id | UID |
note.latest_release_date | LATEST_RELEASE_DATE |
note.name | NAME |
note.note_url | NOTE_URL |
note.priority | PRIORITY |
related_vulnerability.id | RELATED_VULNERABILITY |
Generated indicates that the attribute value is computed by the connector rather than mapped directly from an API response field.
APIs
The Onapsis connector uses the Onapsis GraphQL API. Specifically, it uses the /graphql endpoint and the following queries:
Asset GraphQL query
The following GraphQL query retrieves asset data from Onapsis, such as the unique identifier, name, System ID, asset type, technology stack, description, business value, status, deletion status, last updated date, discovery date, owner ID, detection status, status updated date, last alarm triggered date, last scanned date, and associated tags with their names.
query getAssets($first: Int, $after: Int) {
nodes: assets(first: $first, after: $after, order_by: {by: last_scanned, order: asc}) {
id
name
sid
type
stack
description
business_value
status
is_being_deleted
last_updated
discovered_on
owner_id
detection_status
status_updated_on
last_alarm_triggered_on
last_scanned
tags {
name
}
}
}
Vulnerability GraphQL query
The following GraphQL query retrieves vulnerability data from Onapsis, such as the unique identifier, Onapsis Knowledge Base ID, last detected date, first occurrence date, last scan date, assignee information, scope type, parent path, scope, days unresolved, unresolved since date, reason for the vulnerability, acceptance details, due date, state, last transition details, last module output ID, last module output data, person who transitioned the vulnerability, vulnerability issue information, and associated asset information.
query getOccurrences($first: Int, $after: Int) {
nodes: vulnerabilities(first: $first, after: $after, order_by: {by: last_detected_date, order: asc}) {
id
okb_id
last_detected_date
first_occurrence_date
last_scan_date
assignee {
id
name
}
scope_type
parent_path
scope
days_unresolved
unresolved_since
reason
acceptance {
from
due_date {
date
type
}
reason
accepted_by {
name
}
}
due_date {
date
type
}
state
last_transition {
date
expired_acceptance
}
last_module_output_id
last_scan_date
transitioned_by
last_module_output {
headers
rows
table_title
}
issue {
okb_id
name
}
asset {
id
name
}
}
}
Vulnerability Definition GraphQL query
The following query retrieves vulnerability data from Onapsis, such as the Onapsis Knowledge Base ID, name, risk level, description, solution, business impact, associated CVE identifier, CVSS score, SAP Notes links, category, and references with their types and values.
query getIssues($first: Int, $after: Int) {
nodes: issues(first: $first, after: $after, order_by: {by: okb_id_numeric, order: asc}) {
okb_id
name
risk
description
solution
business_impact
cve
cvss
sap_notes_links
category
references {
type
value
}
}
}
Note GraphQL query
The following GraphQL query retrieves SAP security note implementation status data from Onapsis, such as the note unique identifier, name, latest release date, note URL, priority, CVSS score, associated asset information, implementation status, last updated date, and related vulnerability information.
query getSapNoteStatus($first: Int, $after: Int) {
nodes: sap_notes_status(first: $first, after: $after) {
note {
id
name
latest_release_date
note_url
priority
cvss_score
}
asset {
id
sid
}
implementation_status
last_updated
related_vulnerability {
id
okb_id
}
}
}
Changelog
The Onapsis connector has undergone the following changes:
Table 6: Onapsis connector changelog
| Version | Description | Date Published |
|---|---|---|
| 3.0.10 | Improvements - The Asset model's 'Instances' attribute now participates in cross-connector consolidation with the correct priority (registered via the shared attribute helper), so connector-sourced values are consolidated consistently rather than treated as independent. Bug Fixes - Corrected the Vulnerability 'Acceptance start date' attribute to be stored as a proper timestamp. The API returns the acceptance 'from' value as a date string, which was being written into a timestamp attribute and aborting the Vulnerability sync; the string is now parsed to a timestamp (and omitted when absent or unparseable). Migration Required - Vulnerability: re-sync the Onapsis connector to populate 'Acceptance start date' with the corrected timestamp value. | June 9th, 2026 |
| 3.0.9 | Improved formatting and JSON serialization of vulnerability module output to enhance readability. Streamlined the handling of CVSS metrics. Replaced the TYPE attribute with ASSET_TYPE on Asset records. Improved data quality by strengthening validation of empty and blank values across all models. Standardized retry configuration to align with platform defaults. Fixed a typo in configuration validation error messages. Migration required: re-sync Asset data to apply the TYPE → ASSET_TYPE attribute rename. | May 28th, 2026 |
| 3.0.8 | Added support for collecting detailed module output data from vulnerability records. The LAST_MODULE_OUTPUT and RESULTS attributes are now available on the Vulnerability object as structured JSON strings, providing deeper context for identified issues. No migration required. | May 22nd, 2026 |
| 3.0.6 | Fixed an issue where the Vulnerability object sync was failing. No migration required. | February 25th, 2025 |
| 3.0.5 | Renamed the HOST_NAME attribute to HOST_NAMES on the Asset, Vulnerability, and Vulnerability Definition objects. Added the ASSET_ROLE_TYPE, SNC_PROTECTION_MODE, and SNC_STATUS attributes to the Asset object. Added the SAP_NOTE_LINKS attribute to the Vulnerability Definition object. No migration required. | December 30th, 2024 |
| 3.0.4 | Added the INSTANCES attribute to the Asset object. Added the ONAPSIS_RESEARCH_LAB and PUBLIC_EXPLOIT attributes to the Vulnerability Definition object. No migration required. | September 20th, 2024 |
| 3.0.3 | Added the STACK and TYPE attributes to the Asset object. No migration required. | August 22nd, 2023 |
| 3.0.2 | Removed the STATUS_CATEGORY attribute from the Asset object. Fixed the list of status categories in the Vulnerability object. No migration required. | August 17th, 2023 |
| 3.0.1 | Added the SOURCE_STATUS attribute to the Asset object. No migration required. | July 10th, 2023 |
| 3.0.0 | Initial Integration+ release. | April 23rd, 2023 |