
runZero
Asset Management- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
The runZero Connector integrates with the runZero cyber asset attack surface management (CAASM) platform. It uses runZero's organization export API to synchronize discovered assets and their associated vulnerabilities into Brinqa. The connector syncs three models: Assets (network devices discovered by runZero), Vulnerabilities (per-asset vulnerability findings), and Vulnerability Definitions (the distinct vulnerability metadata derived from those findings, including CVE, severity, and CVSS scoring).
Data retrieved from runZero
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Asset | Yes | Device |
| Vulnerability | Yes | Vulnerability |
| Vulnerability Definition | Yes | Vulnerability Definition |
Model relationships
For detailed steps on how to view the data retrieved from runZero in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select runZero from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| API URL | No | — | runZero API URL |
| API token | No | — | runZero org or export API token |
| SSL / TLS | No | — | Skip certificate verification |
Authentication
The connector authenticates to the runZero API using a Bearer token. The configured API token (an organization or export API token) is attached to every outbound request via the HTTP Authorization header. There is no separate token-exchange step — the token supplied in configuration is used directly.
Connection Test
| Method | URL |
|---|---|
| GET | {url}/api/v1.0/export/org/assets.json?page_size=1 |
Request Headers
| Header | Value |
|---|---|
| Authorization | Bearer {apiToken} |
| Accept | application/json |
How the credential is used
Every request issued by the connector (asset export, vulnerability export, and the connection test) carries the same header:
Authorization: Bearer <apiToken>
The token is stored as a confidential configuration property and is never echoed back in responses. A successful connection test returns HTTP 200 with a JSON array of asset records (limited to one record by page_size=1); any non-success status is surfaced as a connector error.
Sample Response (asset export)
[ {
"id" : "e77602e0-3fb8-4734-aef9-fbc6fdcb0fa8",
"organization_id" : "e77602e0-3fb8-4734-aef9-fbc6fdcb0fa8",
"site_id" : "e77602e0-3fb8-4734-aef9-fbc6fdcb0fa8",
"org_name" : "Test Labs",
"site_name" : "Primary",
"alive" : true,
"type" : "Server",
"os" : "Ubuntu Linux",
"os_version" : "18.04",
"hw" : "Dell PowerEdge 2500",
"addresses" : [ "192.168.0.1" ],
"macs" : [ "11:22:33:44:55:66" ],
"mac_vendors" : [ "Dell" ],
"names" : [ "www" ],
"detected_by" : "icmp",
"service_ports_tcp" : [ 22 ],
"service_ports_udp" : [ 53 ],
"tags" : { "env" : "prod" },
"attributes" : { "owner" : "infra" },
"created_at" : 1576300370,
"updated_at" : 1576300370,
"first_seen" : 1576300370,
"last_seen" : 1576300370
} ]
Response Fields (asset export)
| Field | Description |
|---|---|
| id | Unique runZero asset identifier |
| organization_id | Owning organization identifier |
| site_id | Owning site identifier |
| org_name | Organization display name |
| site_name | Site display name |
| alive | Whether the asset was responsive |
| type | runZero-classified asset type |
| os / os_version | Operating system name and version |
| hw | Hardware description |
| addresses | Discovered IP addresses |
| macs | Discovered MAC addresses |
| mac_vendors | Vendor names derived from MAC addresses |
| names | Discovered hostnames |
| detected_by | Discovery method/protocol |
| service_ports_tcp / service_ports_udp | Open TCP/UDP service ports |
| tags | Key/value tags applied to the asset |
| attributes | Custom key/value attributes |
| created_at / updated_at | Source creation / last-modified epoch seconds |
| first_seen / last_seen | First / last discovery epoch seconds |
How to obtain runZero credentials
Generate a runZero API token
For the runZero connector to access the runZero API, you must provide an API token. To generate a new API token, follow these steps:
-
Log in to your organization's runZero console as an administrator.
-
Click Organizations in the menu.
-
Click the organization you want to generate a token for, and then click Edit organization.
-
Locate the API token section on the page. You have two options:
-
Export token: Provides a read-only access token that lets you extract inventory data from your organization within runZero. Its primary function is to allow this data to be transferred or integrated into other platforms or systems. Click Generate export token if you want to use this token.
-
Organization API: Provides a broader level of access, allowing administrative operations within your organization's resources in runZero. In addition to its own specific uses, the Organization API key can be employed for accessing the Export API. Click Generate API key if you want to use this token.
Copy the token and save it in a secure location.
-
-
Click Save.
Note: If you do not have permissions to generate a token, contact your runZero administrator. For additional information, see runZero documentation.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
Asset
| Source Field Name | SDM Attribute |
|---|---|
| constant | Status |
AssetResource.addresses | Ip Addresses |
AssetResource.addresses | Private IP Addresses |
AssetResource.addresses | Public IP Addresses |
AssetResource.alive | Alive |
AssetResource.attributes | Custom attributes |
AssetResource.created_at | Source date created |
AssetResource.detected_by | Detected by |
AssetResource.first_seen | First found |
AssetResource.hw | Hardware |
AssetResource.id | Uid |
AssetResource.last_seen | Last found |
AssetResource.mac_vendors | MAC vendors |
AssetResource.macs | Mac Addresses |
AssetResource.names | Hostnames |
AssetResource.names (falls back to addresses) | Name |
AssetResource.org_name | Organization name |
AssetResource.organization_id | Organization ID |
AssetResource.os + AssetResource.os_version | Operating System |
AssetResource.service_ports_tcp + service_ports_udp | Open ports |
AssetResource.site_id | Site ID |
AssetResource.site_name | Site name |
AssetResource.tags | Tags |
AssetResource.type | Asset type |
AssetResource.type | Categories |
AssetResource.updated_at | Source last modified |
Vulnerability
| Source Field Name | SDM Attribute |
|---|---|
| constant | Provider status |
| derived | Source status |
| derived | Status |
| derived | Status category |
VulnerabilityResource.attributes | Custom attributes |
VulnerabilityResource.vulnerability_asset_id | Targets |
VulnerabilityResource.vulnerability_attributes | Vulnerability attributes |
VulnerabilityResource.vulnerability_created_at | Source date created |
VulnerabilityResource.vulnerability_first_detected_at | First seen |
VulnerabilityResource.vulnerability_id | Uid |
VulnerabilityResource.vulnerability_last_detected_at | Last seen |
VulnerabilityResource.vulnerability_organization_id | Organization ID |
VulnerabilityResource.vulnerability_service_address | Service address |
VulnerabilityResource.vulnerability_service_port | Port |
VulnerabilityResource.vulnerability_service_transport | Service transport |
VulnerabilityResource.vulnerability_source_id | Source ID |
VulnerabilityResource.vulnerability_updated_at | Source last modified |
VulnerabilityResource.vulnerability_vuln_id | Type |
Vulnerability Definition
| Source Field Name | SDM Attribute |
|---|---|
VulnerabilityResource.vulnerability_category | Categories |
VulnerabilityResource.vulnerability_cpe23 | Affected |
VulnerabilityResource.vulnerability_cve | CVE ids |
VulnerabilityResource.vulnerability_cve | CVE records |
VulnerabilityResource.vulnerability_cvss2_base_score | CVSS_V2_BASE_SCORE |
VulnerabilityResource.vulnerability_cvss2_temporal_score | CVSS_V2_TEMPORAL_SCORE |
VulnerabilityResource.vulnerability_cvss3_base_score | CVSS_V3_BASE_SCORE |
VulnerabilityResource.vulnerability_cvss3_temporal_score | CVSS_V3_TEMPORAL_SCORE |
VulnerabilityResource.vulnerability_description | Description |
VulnerabilityResource.vulnerability_name | Name |
VulnerabilityResource.vulnerability_published_at | Published date |
VulnerabilityResource.vulnerability_risk | Rumble risk |
VulnerabilityResource.vulnerability_risk_score | Rumble risk score |
VulnerabilityResource.vulnerability_severity | Severity |
VulnerabilityResource.vulnerability_severity | Source severity |
VulnerabilityResource.vulnerability_severity | Severity score |
VulnerabilityResource.vulnerability_severity_score | Vulnerability severity score |
VulnerabilityResource.vulnerability_solution | Recommendation |
VulnerabilityResource.vulnerability_vuln_id | Uid |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
Asset
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET /api/v1.0/export/org/assets.json
Vulnerability
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET /api/v1.0/export/org/vulnerabilities.json
Vulnerability Definition
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint · Endpoint:
GET /api/v1.0/export/org/vulnerabilities.json
Changelog
The runZero connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 3.0.6 | Improvements Dependency Upgrades Upgraded internal framework and model libraries to the latest stable versions for improved reliability, security patches, and alignment with the rest of the connector platform. | N/A |
| 3.0.5 | New Features - Asset and vulnerability records now include a Custom Attributes field, surfacing any custom attributes defined in runZero so they can be used in Brinqa filtering and reporting. Improvements - Refined how vulnerability severity scores and source identifiers are stored to better match the precision and format returned by runZero. | • Vulnerability: The stored data types for the Source ID and Vulnerability severity score fields changed (Source ID is now stored as a number, and the severity score now uses higher-precision values). Action: re-sync the connector so existing vulnerability records are rewritten with the new field types. |
| 3.0.4 | Bug Fixes - Asset tags that have a name but no value are no longer dropped during synchronization. Such tags are now imported using the tag name on its own, so no tagging information is lost. | N/A |
| 3.0.3 | New Features - Assets and vulnerabilities are now automatically retired after 30 days without being seen by runZero, keeping your inventory aligned with what runZero currently observes. Improvements - Asset discovery timestamps now populate the standard First found and Last found dates, providing consistent first/last-seen reporting alongside other Brinqa data sources. | • Asset: Asset discovery dates moved from the previous First seen / Last seen fields to the standard First found / Last found fields. Action: re-sync the connector so existing assets are repopulated with the new date fields. |
| 3.0.2 | Improvements Dependency Upgrades Upgraded internal framework and model libraries to the latest stable versions for improved reliability, security patches, and alignment with the rest of the connector platform. | N/A |
| 3.0.1 | New Features - Added an SSL / TLS option that allows skipping certificate verification, enabling connections to runZero consoles that use self-signed or otherwise untrusted certificates. Improvements - Updated the connector branding from Rumble to runZero, including the connector name and configuration labels. - Updated the default API URL to the current runZero console endpoint (https://console.runzero.com). | N/A |
| 3.0.0 | Overview The runZero connector integrates with the runZero cyber asset attack surface management platform to synchronize discovered assets and their associated vulnerabilities into Brinqa. Category: Asset Management Models | N/A |