Cobalt

Visualize Cobalt pentests and findings, and monitor changes through queries and alerts.

Installation guide

Installation

info

For this integration, you will need to create and copy an API Token in Cobalt. See their documentation for more information.

To install the Cobalt integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Cobalt. Click New Instance to begin configuring your integration.

Creating a configuration requires the following:

• The Account Name used to identify the Cobalt account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.

• Description to assist in identifying the integration instance, if desired.

• Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.

• Your Cobalt API Key.

Click Create once all values are provided to finalize the integration.

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.

Cobalt data model

Data Model

Entities

The following entities are created:

Resources	Entity _type	Entity _class
Cobalt	cobalt_vendor	Vendor
Cobalt Account	cobalt_account	Account
Cobalt Asset	cobalt_asset	Application
Cobalt Finding	cobalt_finding	Finding
Cobalt Pentest	cobalt_pentest	Assessment
Cobalt pentest service	cobalt_service	Service

Relationships

The following relationships are created:

Source Entity _type	Relationship _class	Target Entity _type
cobalt_account	HAS	cobalt_asset
cobalt_account	HAS	cobalt_service
cobalt_asset	HAS	cobalt_finding
cobalt_finding	IS	cve
cobalt_pentest	IDENTIFIED	cobalt_finding
cobalt_service	PERFORMED	cobalt_pentest
cobalt_vendor	PERFORMED	cobalt_pentest
cobalt_vendor	PROVIDES	cobalt_service