runZero
runZero (formerly Rumble Network Discovery) is an asset management tool that discovers, identifies, and manages assets across your environments. You can bring asset and security data from runZero into Brinqa to gain insights into the relationships between your vulnerabilities and assets, thus constructing a unified view of your attack surface.
This document details the information you must provide for the connector to authenticate with runZero and how to obtain that information from runZero. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select runZero from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate runZero with Brinqa:
-
API URL: The runZero API URL. The default URL is
https://console.runzero.run. -
API token: The Organization API or Export token associated with the runZero account, which must have permissions to log in to the API server and return data.
Generate a runZero API token
For the runZero connector to access the runZero API, you must provide an API token. To generate a new API token, follow these steps:
-
Log in to your organization's runZero console as an administrator.
-
Click Organizations in the menu.
-
Click the organization you want to generate a token for, and then click Edit organization.
-
Locate the API token section on the page. You have two options:
-
Export token: Provides a read-only access token that lets you extract inventory data from your organization within runZero. Its primary function is to allow this data to be transferred or integrated into other platforms or systems. Click Generate export token if you want to use this token.
-
Organization API: Provides a broader level of access, allowing administrative operations within your organization's resources in runZero. In addition to its own specific uses, the Organization API key can be employed for accessing the Export API. Click Generate API key if you want to use this token.
Copy the token and save it in a secure location.
-
-
Click Save.
If you do not have permissions to generate a token, contact your runZero administrator. For additional information, see runZero documentation.
Additional settings
The runZero connector contains an additional option for specific configuration:
- Skip certificate verification: Select this option to allow for untrusted certificates.
Types of data to retrieve
The runZero connector can retrieve the following types of data from the runZero API:
Table 1: Data retrieved from runZero
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Asset | Yes | Device |
| Vulnerability | Yes | Vulnerability |
| Vulnerability Definition | Yes | Vulnerability Definition |
The runZero connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from runZero in the Brinqa Platform, see How to view your data.
Attribute mappings
Click the tabs below to view the mappings between the source and the Brinqa data model attributes.
- Asset
- Vulnerability
- Vulnerability Definition
Table 2: Asset attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| alive | Local variable |
| asset_type | categories, Local variable |
| created_at | sourceCreatedDate |
| detected_by | Local variable |
| first_seen | firstSeen |
| hardware | Local variable |
| ipv4_address | ipAddresses, publicIpAddresses, privateIpAddresses |
| ipv6_address | ipAddresses, publicIpAddresses, privateIpAddresses |
| last_seen | lastSeen |
| mac_address | macAddress |
| mac_vendors | Local variable |
| names | Local variable |
| open_ports | Local variable |
| org_id | Local variable |
| org_name | Local variable |
| os | os |
| os_version | os |
| site_id | Local variable |
| site_name | Local variable |
| status | status |
| sys_id | uid |
| tags | tags |
| updated_at | sourceLastModified |
Table 3: Vulnerability attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| STATUS | status |
| STATUS_CATEGORY | statusCategory |
| vulnerability_asset_id | targets |
| vulnerability_attributes | Local variable |
| vulnerability_created_at | sourceCreatedDate |
| vulnerability_first_detected_at | firstSeen |
| vulnerability_id | uid |
| vulnerability_last_detected_at | lastSeen |
| vulnerability_organization_id | Local variable |
| vulnerability_service_address | Local variable |
| vulnerability_service_port | port |
| vulnerability_service_transport | Local variable |
| vulnerability_source_id | Local variable |
| vulnerability_updated_at | sourceLastModified |
Table 4: Vulnerability definition attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| vulnerability_description | description |
| vulnerability_severity_score | Local variable |
| vulnerability_name | name |
| vulnerability_severity | severity, severityScore |
| vulnerability_cvss2_temporal_score | cvssV2TemporalScore |
| vulnerability_solution | recommendation |
| vulnerability_cvss2_base_score | cvssV2BaseScore |
| vulnerability_cve | uid, cveIds |
| vulnerability_cvss3_temporal_score | cvssV3TemporalScore |
| vulnerability_category | categories |
| vulnerability_cvss3_base_score | cvssV3BaseScore |
| vulnerability_vuln_id | type, uid |
| vulnerability_published_at | publishedDate |
| vulnerability_cpe23 | affected |
| vulnerability_risk_score | Local variable |
| vulnerability_risk | Local variable |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
APIs
The runZero connector uses the runZero API. Specifically, it uses the following endpoints:
Table 5: runZero API Endpoints
| Connector Object | API Endpoint |
|---|---|
| Asset | GET /api/v1.0/export/org/assets.json |
| Vulnerability | GET /api/v1.0/export/org/vulnerabilities.json |
| Vulnerability Definition | GET /api/v1.0/export/org/vulnerabilities.json |
Changelog
The runZero connector has undergone the following changes:
3.0.2
- Updated dependencies.
3.0.1
- Added an option to skip certificate verification.
3.0.0
- Initial Integration+ release.