watchTowr
The watchTowr integration adds visibility about continuous Automated Red Teaming and Attack Surface Management. This integration enables JupiterOne users to better manage assets, assess risks, and respond to incidents more effectively by leveraging watchTowr's findings.
- Installation guide
- watchTowr data model
Installation
To use this integration, JupiterOne requires a watchTowr API Token. The process to obtain credentials is following:
- Login into watchTowr using your login credentials
- Click the 'Integrations' menu option
- Under 'Client API' section click on 'Client API'
- Click on 'Regenerate New API Token', you will see the generated token under 'API Authentication' section.
In the API Whitelist Management section, please turn off whitelisting or contact JupiterOne support to get our list of outbound IPs used for integrations.
Configuration in JupiterOne
To install the watchTowr integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select watchTowr. Click New Instance to begin configuring your integration, providing the following:
API Token: unique identifier used to authenticate and control access to watchTowr API. You should be able to find it here. If you don't have one yet see above section to generate one.
Account Name used to identify the watchTowr account in JupiterOne.
Description to assist in identifying the integration instance, if desired.
Vulnerability Filters: here you will be able to customize what severities you want to fetch when retrieving findings.
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Data Model
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | watchtowr_account | Account |
| Cloud Storage | watchtowr_cloud_storage | DataStore |
| Container | watchtowr_container | Container |
| Domain | watchtowr_domain | Domain |
| Finding | watchtowr_finding | Finding |
| IP Address | watchtowr_ip_address | IpAddress |
| Mobile Applications | watchtowr_mobile_application | Application |
| Package Manager | watchtowr_package_manager | CodeModule |
| Saas Platform | watchtowr_saas_platform | Vendor |
| Service | watchtowr_service | Service |
| Source code repositories | watchtowr_source_code_repository | Repository |
| Subdomain | watchtowr_subdomain | Domain |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
watchtowr_account | HAS | watchtowr_service |
watchtowr_cloud_storage | HAS | watchtowr_finding |
watchtowr_container | HAS | watchtowr_finding |
watchtowr_domain | HAS | watchtowr_finding |
watchtowr_ip_address | HAS | watchtowr_finding |
watchtowr_mobile_application | HAS | watchtowr_finding |
watchtowr_package_manager | HAS | watchtowr_finding |
watchtowr_saas_platform | HAS | watchtowr_finding |
watchtowr_service | SCANS | watchtowr_cloud_storage |
watchtowr_service | SCANS | watchtowr_container |
watchtowr_service | SCANS | watchtowr_domain |
watchtowr_service | IDENTIFIED | watchtowr_finding |
watchtowr_service | SCANS | watchtowr_ip_address |
watchtowr_service | SCANS | watchtowr_mobile_application |
watchtowr_service | SCANS | watchtowr_package_manager |
watchtowr_service | SCANS | watchtowr_saas_platform |
watchtowr_service | SCANS | watchtowr_source_code_repository |
watchtowr_service | SCANS | watchtowr_subdomain |
watchtowr_source_code_repository | HAS | watchtowr_finding |
watchtowr_subdomain | HAS | watchtowr_finding |