URIP Connector Catalogue
Last updated: 2026-04-29
Status: Stable
Total connectors: 61 live production connectors
Overview
URIP's connector framework handles authentication, data retrieval, normalisation, and health monitoring for every tool — automatically. Adding a connector takes a few minutes in the Tool Catalog wizard.
Your credentials are encrypted with a unique key for your organisation. They are never logged, never displayed after saving, and never leave URIP's secure storage.
Poll frequencies:
| Volume | Frequency | Examples |
|---|---|---|
| High-volume | 15 minutes | Tenable, SentinelOne, Zscaler |
| Medium-volume | 60 minutes | Netskope, Entra ID, ManageEngine |
| Low-volume | 4 hours | Burp Enterprise, GTB, CloudSEK |
Categories
- VM — Vulnerability Management
- EDR — Endpoint Detection & Response
- CSPM — Cloud Security Posture
- DSPM — Data Security Posture
- IDENTITY — Identity & Access
- NETWORK — Network Security
- DLP — Data Loss Prevention
- FIREWALL — Firewall & NGFW
- SOC — SIEM & SOC Platforms
- EMAIL — Email Security
- COLLABORATION — Collaboration Security
- ITSM — IT Service Management
- LMS — Security Awareness Training
- PAM — Privileged Access Management
- NAC — Network Access Control
- OT — Operational Technology
- DAST — Application Security
- BAS — Breach & Attack Simulation
- EASM — External Attack Surface
- EXTERNAL_THREAT — External Threat Intelligence
- ADVISORY — Government Advisories
- BUG_BOUNTY — Bug Bounty Platforms
- GRC — GRC Platforms
- BGV — Background Verification
- HRIS — HR Information Systems
VM — Vulnerability Management
Tenable Vulnerability Manager
| Field | Value |
|---|---|
| Category | VM |
| Poll frequency | Every 15 minutes |
| What's pulled | Asset inventory, per-asset CVE findings, severity scores |
| Prerequisites | Tenable.io subscription; API key with Scanner role |
| Setup guide | Generate a Tenable.io API key pair (Tenable docs) |
| API reference | Tenable Developer Portal — REST API reference |
| Troubleshooting | Tenable Community · Tenable status page |
Setup: 1. Sign into Tenable.io → Settings → My Account → API Keys → Generate new key pair 2. Enter Access Key and Secret Key in the URIP connector wizard 3. Leave the API URL at the default unless you use a self-hosted Tenable instance
See also: guides/connectors-setup.md
Qualys VMDR
| Field | Value |
|---|---|
| Category | VM |
| Poll frequency | Every 15 minutes |
| What's pulled | VMDR detections and vulnerability detections, asset host list |
| Prerequisites | Qualys platform subscription; API credentials with VMDR module access |
| Setup guide | Getting started with Qualys VMDR (Qualys docs) |
| API reference | Qualys VM API reference |
| Troubleshooting | Qualys Community · Qualys status page |
Setup: Enter Qualys Platform URL, Username, and Password (or API token).
Rapid7 InsightVM
| Field | Value |
|---|---|
| Category | VM |
| Poll frequency | Every 15 minutes |
| What's pulled | InsightVM vulnerability assessments, asset inventory, CVSS data |
| Prerequisites | InsightVM or Nexpose subscription; API key (Platform Administrator or restricted API user) |
| Setup guide | Manage Insight Platform API keys (Rapid7 docs) |
| API reference | InsightVM REST API reference |
| Troubleshooting | Rapid7 support portal · Rapid7 community |
EDR — Endpoint Detection & Response
CrowdStrike Falcon
| Field | Value |
|---|---|
| Category | EDR |
| Poll frequency | 15 minutes |
| What's pulled | Falcon Insight detections, Spotlight VM vulnerabilities, ExPRT scores, device inventory |
| Prerequisites | Falcon platform subscription; API client ID + secret with Detections:Read, Vulnerabilities:Read, Hosts:Read |
| Setup guide | Create an API client (CrowdStrike docs) |
| API reference | CrowdStrike OAuth2 APIs |
| Troubleshooting | CrowdStrike support portal · Engineering blog |
SentinelOne Singularity
| Field | Value |
|---|---|
| Category | EDR |
| Poll frequency | 15 minutes |
| What's pulled | Threat detections, vulnerability assessments, agent inventory |
| Prerequisites | SentinelOne Singularity subscription; API token + Site ID (Viewer role minimum) |
| Setup guide | Generate a SentinelOne API token (SentinelOne docs) |
| API reference | SentinelOne REST API explorer |
| Troubleshooting | SentinelOne support portal · SentinelOne status page |
Microsoft Defender for Endpoint
| Field | Value |
|---|---|
| Category | EDR |
| Poll frequency | 15 minutes |
| What's pulled | Defender alerts, vulnerability recommendations, device inventory |
| Prerequisites | Microsoft E5 or Defender for Endpoint Plan 2; Azure App Registration with SecurityAlert.Read.All, VulnerabilityAssessment.Read.All |
| Setup guide | Register an Azure AD application for Defender for Endpoint |
| API reference | Microsoft Defender for Endpoint API reference |
| Troubleshooting | Defender for Endpoint troubleshooting guide · Azure status |
ManageEngine Endpoint Central
| Field | Value |
|---|---|
| Category | EDR |
| Poll frequency | 60 minutes |
| What's pulled | Patch compliance status, software inventory, vulnerability detections |
| Prerequisites | ManageEngine Endpoint Central (formerly Desktop Central); API key |
| Setup guide | Endpoint Central API authentication (ManageEngine docs) |
| API reference | Endpoint Central REST API reference |
| Troubleshooting | ManageEngine Endpoint Central support · Community forums |
Microsoft Intune (MDM)
| Field | Value |
|---|---|
| Category | EDR (Mobile Device Management) |
| Poll frequency | 60 minutes |
| What's pulled | Device compliance status, managed device inventory, non-compliant devices |
| Prerequisites | Microsoft Intune license; Azure App Registration with DeviceManagementManagedDevices.Read.All |
| Setup guide | Use the Microsoft Graph API with Intune |
| API reference | Intune Microsoft Graph API overview |
| Troubleshooting | Get support for Microsoft Intune · Azure status |
Jamf Pro (Mac MDM)
| Field | Value |
|---|---|
| Category | EDR (Mac MDM) |
| Poll frequency | 60 minutes |
| What's pulled | Mac device compliance, patch levels, managed device inventory |
| Prerequisites | Jamf Pro subscription; API client credentials with Computers:Read and Patch Management:Read |
| Setup guide | Create API roles and clients in Jamf Pro |
| API reference | Jamf Pro REST API reference |
| Troubleshooting | Jamf Nation community · Jamf support portal |
ManageEngine MDM
| Field | Value |
|---|---|
| Category | EDR (Mobile MDM) |
| Poll frequency | 60 minutes |
| What's pulled | Mobile device compliance status, enrolled device inventory |
| Prerequisites | ManageEngine MDM subscription; API key |
| Setup guide | ManageEngine MDM API authentication |
| API reference | ManageEngine MDM REST API reference |
| Troubleshooting | ManageEngine MDM support · Community forums |
CSPM — Cloud Posture
AWS Cloud Security Posture
| Field | Value |
|---|---|
| Category | CSPM |
| Poll frequency | 60 minutes |
| What's pulled | AWS Config findings, Security Hub controls, S3 bucket policies, IAM misconfigs |
| Prerequisites | AWS account; IAM role with SecurityHub:GetFindings, Config:GetComplianceDetailsByConfigRule, IAM:GetAccountSummary |
| Setup guide | Getting started with AWS Security Hub |
| API reference | AWS Security Hub API reference |
| Troubleshooting | AWS Knowledge Center · AWS Service Health Dashboard |
Azure Cloud Security Posture
| Field | Value |
|---|---|
| Category | CSPM |
| Poll frequency | 60 minutes |
| What's pulled | Azure Security Center recommendations, Azure Policy compliance, resource inventory |
| Prerequisites | Azure subscription; Service Principal with Security Reader role |
| Setup guide | Connect your Azure subscription to Defender for Cloud |
| API reference | Microsoft Defender for Cloud REST API reference |
| Troubleshooting | Defender for Cloud FAQ · Azure status |
GCP Cloud Security Posture
| Field | Value |
|---|---|
| Category | CSPM |
| Poll frequency | 60 minutes |
| What's pulled | GCP Security Command Center findings, Asset Inventory, IAM policy issues |
| Prerequisites | GCP project; Service Account with Security Center Admin Viewer role |
| Setup guide | Quickstart: Set up Security Command Center (GCP docs) |
| API reference | Security Command Center REST API reference |
| Troubleshooting | Google Cloud support · Google Cloud status |
Wiz CNAPP
| Field | Value |
|---|---|
| Category | CSPM |
| Poll frequency | 60 minutes |
| What's pulled | Wiz Issues, cloud vulnerabilities, toxic combinations, identity risks |
| Prerequisites | Wiz subscription; API Client ID + Secret with Issues:read scope |
| Setup guide | Create a Wiz API client (Wiz docs) |
| API reference | Wiz API overview and GraphQL reference |
| Troubleshooting | Wiz troubleshooting guide · Wiz support |
Prisma Cloud CNAPP (Palo Alto Networks)
| Field | Value |
|---|---|
| Category | CSPM |
| Poll frequency | 60 minutes |
| What's pulled | Prisma Cloud alerts, compliance violations, vulnerability findings |
| Prerequisites | Prisma Cloud subscription; Access Key + Secret Key |
| Setup guide | Create and manage Prisma Cloud access keys |
| API reference | Prisma Cloud CSPM REST API reference |
| Troubleshooting | Prisma Cloud troubleshooting · Palo Alto status |
Orca Security CNAPP
| Field | Value |
|---|---|
| Category | CSPM |
| Poll frequency | 60 minutes |
| What's pulled | Orca alerts, risks, asset inventory across cloud providers |
| Prerequisites | Orca Security subscription; API token |
| Setup guide | Create an Orca API token (Orca docs) |
| API reference | Orca Security REST API reference |
| Troubleshooting | Orca troubleshooting guide · Orca support |
DSPM — Data Security Posture
BigID (Structured DSPM)
| Field | Value |
|---|---|
| Category | DSPM |
| Poll frequency | 4 hours |
| What's pulled | Data discovery findings in databases and data warehouses, PII exposure, over-privileged access |
| Prerequisites | BigID subscription; API key with scans:read |
| Setup guide | Generate a BigID API token (BigID docs) |
| API reference | BigID REST API reference |
| Troubleshooting | BigID troubleshooting guide · BigID support portal |
Varonis (Unstructured DSPM)
| Field | Value |
|---|---|
| Category | DSPM |
| Poll frequency | 4 hours |
| What's pulled | File share exposure, SharePoint/NAS sensitive data, stale access, data sprawl |
| Prerequisites | Varonis Data Advantage; API token |
| Setup guide | Generate a Varonis REST API token (Varonis help) |
| API reference | Varonis REST API reference |
| Troubleshooting | Varonis help center · Varonis community |
IDENTITY — Identity & Access
Microsoft Entra ID
| Field | Value |
|---|---|
| Category | IDENTITY |
| Poll frequency | 60 minutes |
| What's pulled | Risk detections (impossible travel, leaked creds), risky users, privileged role changes, audit log events |
| Prerequisites | Azure AD P2 license; App Registration with SecurityEvents.Read.All, IdentityRiskEvent.Read.All, AuditLog.Read.All, IdentityRiskyUser.Read.All |
| Setup guide | Register an application in Microsoft Entra ID |
| API reference | Microsoft Graph permissions reference |
| Troubleshooting | Entra ID troubleshooting guide · Azure status |
Setup: OAuth admin-consent flow. Click Authorize with Microsoft in the connector wizard.
Okta Workforce Identity
| Field | Value |
|---|---|
| Category | IDENTITY |
| Poll frequency | 60 minutes |
| What's pulled | Okta system log events, suspicious logins, MFA bypass attempts, user lifecycle events |
| Prerequisites | Okta Workforce Identity subscription; API token with okta.logs.read scope |
| Setup guide | Create an Okta API token (Okta developer docs) |
| API reference | Okta Core API reference |
| Troubleshooting | Okta support portal · Okta status page |
NETWORK — Network Security
Zscaler ZIA / ZTA / CASB
| Field | Value |
|---|---|
| Category | NETWORK |
| Poll frequency | 15 minutes |
| What's pulled | ZIA web security events, blocked threats, CASB shadow IT, ZPA access anomalies |
| Prerequisites | Zscaler ZIA or ZPA subscription; API key + tenant URL |
| Setup guide | Getting started with the ZIA API (Zscaler help) |
| API reference | Zscaler ZIA API reference |
| Troubleshooting | Zscaler help portal · Zscaler trust & status |
Netskope CASB + DLP
| Field | Value |
|---|---|
| Category | DLP (also NETWORK) |
| Poll frequency | 60 minutes |
| What's pulled | CASB alerts, DLP incidents, threat events, app risk scores |
| Prerequisites | Netskope subscription; API v1 token |
| Setup guide | Netskope REST API v1 overview (Netskope docs) |
| API reference | Netskope API reference |
| Troubleshooting | Netskope support portal · Netskope status page |
Cloudflare WAF + DDoS + Zero Trust
| Field | Value |
|---|---|
| Category | NETWORK |
| Poll frequency | 15 minutes |
| What's pulled | WAF rule fires, DDoS events, Zero Trust access anomalies, firewall analytics |
| Prerequisites | Cloudflare subscription; API token with Zone:Read, Logs:Read |
| Setup guide | Create a Cloudflare API token |
| API reference | Cloudflare API reference |
| Troubleshooting | Cloudflare community forum · Cloudflare status page |
Cisco Meraki
| Field | Value |
|---|---|
| Category | FIREWALL |
| Poll frequency | 15 minutes |
| What's pulled | Meraki cloud networking events, IDS/IPS alerts, rogue device detection |
| Prerequisites | Meraki subscription; Dashboard API key |
| Setup guide | Authorizing with the Meraki Dashboard API |
| API reference | Meraki Dashboard API v1 reference |
| Troubleshooting | Meraki community forum · Meraki status page |
DLP — Data Loss Prevention
GTB Endpoint Protector
| Field | Value |
|---|---|
| Category | DLP |
| Poll frequency | 4 hours |
| What's pulled | DLP policy violations, content inspection events, exfiltration attempts |
| Prerequisites | GTB Endpoint Protector; API credentials |
| Setup guide | GTB Technologies support portal (request API access) |
| API reference | GTB Endpoint Protector product documentation |
| Troubleshooting | GTB Technologies support portal |
Microsoft Purview DLP
| Field | Value |
|---|---|
| Category | DLP |
| Poll frequency | 60 minutes |
| What's pulled | Microsoft Purview DLP policy match events, sensitive data classifications, alert activity |
| Prerequisites | Microsoft 365 E5 Compliance or Purview add-on; App Registration with SecurityAlert.Read.All, InformationProtectionPolicy.Read.All |
| Setup guide | Set up Microsoft Purview DLP policies (Microsoft docs) |
| API reference | Microsoft Graph Security API overview |
| Troubleshooting | Microsoft Purview DLP alerts troubleshooting · Microsoft 365 status |
FIREWALL — Firewall & NGFW
Fortinet Fortiguard
| Field | Value |
|---|---|
| Category | FIREWALL |
| Poll frequency | 15 minutes |
| What's pulled | CEF syslog blocked threats, IPS events, REST API firewall blocks |
| Prerequisites | FortiGate appliance / FortiManager; syslog forwarding or REST API credentials |
| Setup guide | Create a FortiGate API administrator (Fortinet docs) |
| API reference | FortiOS REST API solution guide |
| Troubleshooting | Fortinet community forum · Fortinet service status |
Palo Alto Networks NGFW (Panorama)
| Field | Value |
|---|---|
| Category | FIREWALL |
| Poll frequency | 15 minutes |
| What's pulled | Panorama threat logs, URL filtering events, IPS blocks, WildFire verdicts |
| Prerequisites | Palo Alto Panorama; API key |
| Setup guide | Create a PAN-OS API key (Palo Alto docs) |
| API reference | PAN-OS Panorama REST API reference |
| Troubleshooting | Palo Alto Networks community · Palo Alto status |
Check Point Quantum Security Gateway
| Field | Value |
|---|---|
| Category | FIREWALL |
| Poll frequency | 15 minutes |
| What's pulled | Threat Prevention events, IPS alerts, anti-bot detections |
| Prerequisites | Check Point Management Server; API credentials |
| Setup guide | Enable the Check Point Management API |
| API reference | Check Point Management API reference |
| Troubleshooting | Check Point community · Check Point service status |
SOC — SIEM & SOC Platforms
Microsoft Sentinel (native)
| Field | Value |
|---|---|
| Category | SOC |
| Poll frequency | On-demand webhook / 15 minutes polling |
| What's pulled | Sentinel incidents, analytics rule triggers, security alerts |
| Prerequisites | Azure Sentinel workspace; App Registration with Microsoft.SecurityInsights/incidents/read (Microsoft Sentinel Reader role) |
| Setup guide | Connect Microsoft Sentinel data sources |
| API reference | Microsoft Sentinel REST API reference |
| Troubleshooting | Microsoft Sentinel troubleshooting guide · Azure status |
Google SecOps / Chronicle
| Field | Value |
|---|---|
| Category | SOC |
| Poll frequency | On-demand webhook / 15 minutes polling |
| What's pulled | Chronicle detections, IOC matches, SIEM alerts |
| Prerequisites | Google SecOps subscription; Service Account credentials with Chronicle API access |
| Setup guide | Configure data ingestion in Google SecOps (Google docs) |
| API reference | Google SecOps / Chronicle REST API reference |
| Troubleshooting | Google Cloud support · Google Cloud status |
Splunk Enterprise / Cloud (native HEC)
| Field | Value |
|---|---|
| Category | SOC |
| Poll frequency | On-demand webhook / 15 minutes polling |
| What's pulled | Splunk notable events via HEC push and indexer search; security alerts |
| Prerequisites | Splunk Enterprise or Cloud; HEC token or search head API token |
| Setup guide | Set up Splunk HTTP Event Collector |
| API reference | Splunk REST API reference |
| Troubleshooting | Splunk Answers community · Splunk Cloud status |
Generic SIEM / SOC
| Field | Value |
|---|---|
| Category | SOC |
| Poll frequency | On-demand webhook |
| What's pulled | Generic SIEM alerts via webhook or syslog |
| Prerequisites | Any SIEM with webhook or CEF syslog output |
| Setup guide | Generic SIEM / webhook connector setup (URIP docs) |
| API reference | URIP webhook ingestion API reference |
| Troubleshooting | URIP connector troubleshooting |
EMAIL — Email Security
Email Security (Google Workspace + Microsoft Defender for O365)
| Field | Value |
|---|---|
| Category | |
| Poll frequency | 15 minutes |
| What's pulled | Phishing detections, BEC alerts, quarantine events, malware in attachments |
| Prerequisites | Google Workspace Admin SDK credentials OR Microsoft Defender for O365 App Registration with Mail.Read.All, SecurityAlert.Read.All |
| Setup guide | Configure Microsoft Defender for Office 365 (Microsoft docs) |
| API reference | Microsoft Defender for Office 365 API overview |
| Troubleshooting | Microsoft Defender for Office 365 troubleshooting · Microsoft 365 status |
COLLABORATION — Collaboration Security
Microsoft 365 Collaboration
| Field | Value |
|---|---|
| Category | COLLABORATION |
| Poll frequency | 60 minutes |
| What's pulled | SharePoint external sharing events, OneDrive anomalies, Teams guest access risks |
| Prerequisites | Microsoft 365 E3+; App Registration with Sites.Read.All, Files.Read.All, TeamworkDevice.Read.All |
| Setup guide | Register an app to access Microsoft Graph APIs |
| API reference | Microsoft Graph SharePoint & Teams API reference |
| Troubleshooting | Microsoft Graph error codes reference · Microsoft 365 status |
ITSM — IT Service Management
Jira Cloud / Data Center
| Field | Value |
|---|---|
| Category | ITSM |
| Poll frequency | On-demand webhook |
| What's pulled | Bidirectional ticket sync (URIP creates ticket on risk assignment; Jira webhook closes URIP risk on ticket resolve) |
| Prerequisites | Jira Cloud or Data Center; API token; project with issue type mapping |
| Setup guide | Authenticate with the Jira REST API (Atlassian docs) |
| API reference | Jira Cloud REST API v3 reference |
| Troubleshooting | Atlassian community · Jira status page |
ServiceNow
| Field | Value |
|---|---|
| Category | ITSM |
| Poll frequency | On-demand webhook |
| What's pulled | Bidirectional incident sync; CMDB asset data enrichment |
| Prerequisites | ServiceNow instance; user with incident_manager role; OAuth client credentials |
| Setup guide | Use the ServiceNow REST API (ServiceNow docs) |
| API reference | ServiceNow Table API reference |
| Troubleshooting | ServiceNow community · ServiceNow status page |
ManageEngine ServiceDesk Plus
| Field | Value |
|---|---|
| Category | ITSM |
| Poll frequency | On-demand webhook |
| What's pulled | ServiceDesk Plus incidents, CMDB data |
| Prerequisites | ManageEngine SDP; API key |
| Setup guide | ManageEngine ServiceDesk Plus API authentication |
| API reference | ServiceDesk Plus REST API reference |
| Troubleshooting | ManageEngine ServiceDesk Plus support · Community forums |
LMS — Security Awareness Training
KnowBe4 Security Awareness
| Field | Value |
|---|---|
| Category | LMS |
| Poll frequency | 4 hours |
| What's pulled | Training completion rates, phishing simulation click-through rates, user risk scores |
| Prerequisites | KnowBe4 subscription; API token |
| Setup guide | Authenticate with the KnowBe4 Reporting API |
| API reference | KnowBe4 REST API developer portal |
| Troubleshooting | KnowBe4 support portal · KnowBe4 community |
Hoxhunt Phishing Training
| Field | Value |
|---|---|
| Category | LMS |
| Poll frequency | 4 hours |
| What's pulled | Hoxhunt phishing simulation results, user threat reporting rates |
| Prerequisites | Hoxhunt subscription; API key |
| Setup guide | Hoxhunt API authentication guide |
| API reference | Hoxhunt GraphQL API reference |
| Troubleshooting | Hoxhunt support portal |
PAM — Privileged Access Management
CyberArk Privileged Access
| Field | Value |
|---|---|
| Category | PAM |
| Poll frequency | 60 minutes |
| What's pulled | Vault access logs, privileged session anomalies, shared credential usage events |
| Prerequisites | CyberArk PAM; REST API credentials with Vault permissions |
| Setup guide | Implement CyberArk Privileged Access REST API |
| API reference | CyberArk PAS REST API reference |
| Troubleshooting | CyberArk customer support portal · CyberArk community |
HashiCorp Vault
| Field | Value |
|---|---|
| Category | PAM |
| Poll frequency | 60 minutes |
| What's pulled | Vault audit log: secret access, policy violations, authentication events |
| Prerequisites | HashiCorp Vault Enterprise or Cloud; Vault token with audit log read access |
| Setup guide | Enable Vault audit logging (HashiCorp docs) |
| API reference | HashiCorp Vault HTTP API reference |
| Troubleshooting | HashiCorp Vault troubleshooting guide · HashiCorp status page |
NAC — Network Access Control
Forescout NAC
| Field | Value |
|---|---|
| Category | NAC |
| Poll frequency | 15 minutes |
| What's pulled | Rogue device alerts, NAC events, device classification, unmanaged device discovery |
| Prerequisites | Forescout eyeSight; API credentials |
| Setup guide | Forescout Web API solution guide |
| API reference | Forescout Web API reference |
| Troubleshooting | Forescout support portal · Forescout community |
Cisco ISE (Network Access Control)
| Field | Value |
|---|---|
| Category | NAC |
| Poll frequency | 15 minutes |
| What's pulled | Network access control events, posture assessment results, device authentication logs |
| Prerequisites | Cisco ISE; ERS API credentials with read access |
| Setup guide | Get started with Cisco ISE ERS API |
| API reference | Cisco ISE REST API reference |
| Troubleshooting | Cisco ISE community forum · Cisco status page |
OT — Operational Technology
Armis OT
| Field | Value |
|---|---|
| Category | OT |
| Poll frequency | 15 minutes |
| What's pulled | OT/ICS asset inventory, device vulnerabilities, risk events for industrial devices |
| Prerequisites | Armis subscription; API token with Devices:Read, Alerts:Read |
| Setup guide | Armis API overview and authentication |
| API reference | Armis REST API reference |
| Troubleshooting | Armis support portal · Armis community |
Severity mapping: Armis 0–10 scale used directly.
DAST — Application Security
Burp Suite Enterprise
| Field | Value |
|---|---|
| Category | DAST |
| Poll frequency | 4 hours |
| What's pulled | DAST scan findings, issue types, severity, affected URLs |
| Prerequisites | Burp Suite Enterprise; REST API key |
| Setup guide | Burp Suite Enterprise API documentation |
| API reference | Burp Suite Enterprise GraphQL API reference |
| Troubleshooting | PortSwigger support · PortSwigger community forum |
Snyk (SCA + Container + IaC + Code)
| Field | Value |
|---|---|
| Category | DAST |
| Poll frequency | 4 hours |
| What's pulled | SCA vulnerabilities (open source deps), container image CVEs, IaC misconfigs, SAST issues |
| Prerequisites | Snyk subscription; API token; Organisation ID |
| Setup guide | Authenticate with the Snyk API (Snyk docs) |
| API reference | Snyk REST API reference |
| Troubleshooting | Snyk support portal · Snyk status page |
GitHub Advanced Security (SAST + Secrets + Dependabot)
| Field | Value |
|---|---|
| Category | DAST |
| Poll frequency | 4 hours |
| What's pulled | Code scanning alerts, secret scanning detections, Dependabot vulnerability alerts |
| Prerequisites | GitHub Advanced Security license; Personal Access Token or GitHub App with security_events:read |
| Setup guide | GitHub security features overview (GitHub docs) |
| API reference | GitHub Code Scanning REST API reference |
| Troubleshooting | GitHub support portal · GitHub status page |
BAS — Breach & Attack Simulation
SafeBreach BAS
| Field | Value |
|---|---|
| Category | BAS |
| Poll frequency | 4 hours |
| What's pulled | BAS simulation results, control gaps, empirical attack path exposures |
| Prerequisites | SafeBreach subscription; API key |
| Setup guide | SafeBreach API authentication guide |
| API reference | SafeBreach REST API reference |
| Troubleshooting | SafeBreach support portal |
SafeBreach provides empirical validation of your security controls — URIP surfaces simulation results as risks alongside findings from real production connectors.
EASM — External Attack Surface
External Attack Surface (EASM)
| Field | Value |
|---|---|
| Category | EASM |
| Poll frequency | 4 hours |
| What's pulled | Exposed subdomains, open ports, unpatched external services via Censys, Shodan, Detectify |
| Prerequisites | At least one of: Censys API key, Shodan API key, Detectify account API key |
| Setup guide | Censys API credentials · Shodan account & API key |
| API reference | Censys Search API reference · Shodan API reference |
| Troubleshooting | Censys support · Shodan help center |
EXTERNAL_THREAT — External Threat Intelligence
CloudSEK (XVigil / BeVigil / SVigil)
| Field | Value |
|---|---|
| Category | EXTERNAL_THREAT |
| Poll frequency | 4 hours |
| What's pulled | Dark web mentions, leaked credentials, brand impersonation alerts, mobile app threats |
| Prerequisites | CloudSEK subscription (XVigil, BeVigil, or SVigil); API key |
| Setup guide | CloudSEK API authentication (CloudSEK docs) |
| API reference | CloudSEK REST API reference |
| Troubleshooting | CloudSEK support |
BitSight Security Ratings
| Field | Value |
|---|---|
| Category | EXTERNAL_THREAT |
| Poll frequency | 4 hours |
| What's pulled | BitSight company security rating, risk vectors, grade history |
| Prerequisites | BitSight subscription; API token |
| Setup guide | Manage BitSight API tokens (BitSight help) |
| API reference | BitSight API reference |
| Troubleshooting | BitSight help center · BitSight status page |
BitSight provides board-level posture grades. URIP surfaces the current rating and trend as an external risk signal.
AlienVault OTX (Threat Intelligence)
| Field | Value |
|---|---|
| Category | EXTERNAL_THREAT |
| Poll frequency | 4 hours |
| What's pulled | OTX pulses, IOC feeds, threat actor activity relevant to your asset inventory |
| Prerequisites | AlienVault OTX account; OTX API key |
| Setup guide | AlienVault OTX API overview |
| API reference | AlienVault OTX REST API reference |
| Troubleshooting | OTX documentation & support |
MITRE ATT&CK (Threat Framework)
| Field | Value |
|---|---|
| Category | EXTERNAL_THREAT |
| Poll frequency | 4 hours |
| What's pulled | ATT&CK technique updates, tactic mapping for detected TTPs |
| Prerequisites | None (public STIX/TAXII feed) |
| Setup guide | Getting started with MITRE ATT&CK |
| API reference | MITRE ATT&CK data and tools (STIX/TAXII) |
| Troubleshooting | MITRE ATT&CK FAQ |
ADVISORY — Government Advisories
CERT-In Advisories
| Field | Value |
|---|---|
| Category | ADVISORY |
| Poll frequency | 4 hours |
| What's pulled | CERT-In vulnerability advisories and alerts relevant to your asset inventory |
| Prerequisites | None (public feed) — CERT-In does not require API credentials |
| Setup guide | CERT-In vulnerability notes portal |
| API reference | CERT-In official portal (RSS/XML feeds) |
| Troubleshooting | CERT-In contact page |
US-CERT / CISA Advisories
| Field | Value |
|---|---|
| Category | ADVISORY |
| Poll frequency | 4 hours |
| What's pulled | CISA Known Exploited Vulnerabilities (KEV) catalogue, ICS-CERT advisories |
| Prerequisites | None (public feed) |
| Setup guide | CISA KEV catalogue |
| API reference | CISA KEV JSON feed |
| Troubleshooting | CISA contact page |
ENISA Advisories
| Field | Value |
|---|---|
| Category | ADVISORY |
| Poll frequency | 4 hours |
| What's pulled | ENISA threat landscape reports, advisories for EU regulatory context |
| Prerequisites | None (public feed) |
| Setup guide | ENISA publications portal |
| API reference | ENISA cyber threats resource hub |
| Troubleshooting | ENISA contact page |
BUG_BOUNTY — Bug Bounty Platforms
Bug Bounty (HackerOne + Bugcrowd + Webhook)
| Field | Value |
|---|---|
| Category | BUG_BOUNTY |
| Poll frequency | On-demand webhook |
| What's pulled | Submitted findings via HackerOne API, Bugcrowd API, or generic HMAC-signed webhook |
| Prerequisites | HackerOne or Bugcrowd program credentials (HackerOne API token or Bugcrowd API token); or configure a webhook endpoint |
| Setup guide | Create a HackerOne API token · Get started with Bugcrowd API |
| API reference | HackerOne REST API reference · Bugcrowd API reference |
| Troubleshooting | HackerOne support · Bugcrowd support |
GRC — GRC Platforms
Vanta GRC
| Field | Value |
|---|---|
| Category | GRC |
| Poll frequency | 4 hours |
| What's pulled | Inbound compliance posture from Vanta: control status, failing checks |
| Prerequisites | Vanta subscription; API key |
| Setup guide | Get started with the Vanta API |
| API reference | Vanta REST API reference |
| Troubleshooting | Vanta help center · Vanta status page |
Drata GRC
| Field | Value |
|---|---|
| Category | GRC |
| Poll frequency | 4 hours |
| What's pulled | Inbound compliance posture from Drata: control status, monitor results |
| Prerequisites | Drata subscription; API token |
| Setup guide | Generate a Drata API key (Drata help center) |
| API reference | Drata developer portal |
| Troubleshooting | Drata help center · Drata status page |
BGV — Background Verification
AuthBridge BGV
| Field | Value |
|---|---|
| Category | BGV |
| Poll frequency | 4 hours |
| What's pulled | Background verification status for employees; flags for failed or pending verifications |
| Prerequisites | AuthBridge subscription; API credentials |
| Setup guide | AuthBridge integration resources (request API access from AuthBridge support) |
| API reference | AuthBridge API documentation (available after provisioning) |
| Troubleshooting | AuthBridge support contact |
OnGrid BGV
| Field | Value |
|---|---|
| Category | BGV |
| Poll frequency | 4 hours |
| What's pulled | OnGrid background check results for employee risk scoring |
| Prerequisites | OnGrid subscription; API key |
| Setup guide | OnGrid API developer documentation |
| API reference | OnGrid REST API reference |
| Troubleshooting | OnGrid support |
GTB BGV (Global Trust Bridge)
| Field | Value |
|---|---|
| Category | BGV |
| Poll frequency | 4 hours |
| What's pulled | International background check results, cross-border employee risk verification |
| Prerequisites | GTB subscription; API credentials |
| Setup guide | Request GTB API access (GTB contact page) |
| API reference | GTB developer documentation |
| Troubleshooting | GTB support portal |
HRIS — HR Information Systems
Workday HRIS
| Field | Value |
|---|---|
| Category | HRIS |
| Poll frequency | 60 minutes |
| What's pulled | Employee lifecycle events: terminations, role changes — feeds the offboarding-loop (deprovisioning trigger) |
| Prerequisites | Workday subscription; Integration System User credentials |
| Setup guide | Create an Integration System User in Workday |
| API reference | Workday REST API reference |
| Troubleshooting | Workday community · Workday support |
Workday is the authoritative source for the offboarding identity-loop: when a user is terminated in Workday, URIP triggers identity de-provisioning alerts in Entra ID / Okta.
Per-Vendor Permission Troubleshooting
When a connector test returns HTTP 403 — insufficient permissions, the fix is always on the vendor side. Here are the exact UI clicks for the five most common connectors.
Tenable.io
Symptom: HTTP 403 when testing the Tenable connector.
How to fix: 1. Sign into Tenable.io as an administrator 2. Go to Settings → My Account → API Keys 3. Check that the key pair has the Scanner role (not just Reader) 4. If not, generate a new key pair — the role is set at creation and cannot be changed on an existing key 5. Copy the new Access Key and Secret Key into URIP's connector wizard
Still failing? Verify the Tenable user account that owns the API keys has access to all scan zones and asset groups.
CrowdStrike Falcon
Symptom: HTTP 403 or "insufficient scope" when testing the CrowdStrike connector.
How to fix: 1. Sign into the CrowdStrike Falcon console as an admin 2. Go to Support → API Clients and Keys 3. Find the API client you created for URIP (or create a new one) 4. In the Scopes section, enable these read permissions: - Detections:Read - Vulnerabilities:Read - Hosts:Read - Prevention Policies:Read (optional but recommended) 5. Save the client and copy the new Client ID + Secret into URIP
Still failing? CrowdStrike scopes are tied to the customer's subscription tier. If a scope is greyed out, contact CrowdStrike support to upgrade your API access tier.
Microsoft Entra ID
Symptom: "Admin consent required" or HTTP 403 during OAuth flow.
How to fix:
1. Sign into the Azure Portal as a Global Administrator
2. Go to Azure Active Directory → App registrations → [URIP app] → API permissions
3. Verify these Microsoft Graph permissions are listed:
- SecurityEvents.Read.All
- IdentityRiskEvent.Read.All
- AuditLog.Read.All
- IdentityRiskyUser.Read.All
4. Click Grant admin consent for [your tenant] — this button is critical; user consent is not sufficient
5. A green checkmark should appear next to each permission
6. Go to Certificates & secrets and ensure the Client Secret has not expired
Still failing? Some permissions require Azure AD P2 license. Verify your subscription includes P2.
Splunk Enterprise / Cloud
Symptom: HTTP 403 or "token invalid" when testing the Splunk connector.
How to fix (Splunk Cloud): 1. Sign into Splunk Cloud as an admin 2. Go to Settings → Tokens 3. Find your HEC token or search-head API token 4. Verify the token has search and indexes_read capabilities 5. If using HEC: go to Settings → Data Inputs → HTTP Event Collector and ensure the input is enabled
How to fix (Splunk Enterprise):
1. Sign into Splunk Web as an admin
2. Go to Settings → Access controls → Users
3. Find the user account associated with the API token
4. Ensure the role (e.g., user or power) has the search capability
5. If using a custom role: Settings → Access controls → Roles → [role] → Capabilities → enable search
Still failing? Check that the Splunk search head URL is correct and reachable from your network. If you use a self-signed certificate, ensure it is trusted.
AWS Cloud Security Posture
Symptom: AccessDenied or HTTP 403 when testing the AWS CSPM connector.
How to fix:
1. Sign into the AWS Management Console as an IAM admin
2. Go to IAM → Roles → [URIP role]
3. Review the attached policies and ensure these actions are allowed:
- securityhub:GetFindings
- securityhub:BatchImportFindings
- config:GetComplianceDetailsByConfigRule
- config:DescribeConfigRules
- iam:GetAccountSummary
- iam:ListAccountAliases
4. If any are missing: click Add permissions → Attach policies → Create inline policy and add the missing actions
5. Verify the IAM role's Trust Policy allows URIP's account or external ID (provided by your URIP account manager)
Still failing? AWS Security Hub must be enabled in the region you are connecting to. Go to Security Hub → Settings and confirm it is active.
See Also
- Connector Setup — Wizard walkthrough
- Troubleshooting — Connector Issues
- User Guide — Tool Catalogue