DefenseStorm
Visualize DefenseStorm GRID network assets and users, map devices to their owners, and monitor changes through queries and alerts.
- Installation
- Data Model
- Types
Installation
To set up this integration, you will need to generate an API token from your DefenseStorm GRID console and provide the resulting credentials to JupiterOne.
Configuration in DefenseStorm
DefenseStorm GRID authenticates API requests using an API Key and an API Secret obtained from an Input Token. These credentials must belong to a user account with sufficient permissions to read assets and users.
To generate an API token:
- Log in to your DefenseStorm GRID console.
- Navigate to Settings in the left-hand menu.
- Select Input Tokens at the top of the Settings page.
- Click Get API Token in the top-right corner of the Input Tokens page.
- Record the Key and Secret values that are displayed — you will need both to configure the JupiterOne integration.
The API Secret is only shown once. Store it securely before closing the dialog.
The API token must be associated with a user account that has read access to the resources you intend to ingest (assets and/or users). Tokens tied to restricted accounts may result in empty or partial data ingestion.
Configuration in JupiterOne
To install the DefenseStorm integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select DefenseStorm. Click New Instance to begin configuring your integration.
Creating an instance requires the following:
-
The Account Name used to identify the DefenseStorm account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled. -
Description to assist in identifying the integration instance, if desired.
-
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration. -
Your DefenseStorm API Key and API Secret obtained from the Input Tokens page in GRID Settings.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | defense_storm_account | Account |
| Device | defense_storm_device | Device |
| User | defense_storm_user | User |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
defense_storm_account | HAS | defense_storm_device |
defense_storm_account | HAS | defense_storm_user |
Defense Storm Account
defense_storm_account inherits from Account
Defense Storm Device
defense_storm_device inherits from Device
| Property | Type | Description | Specifications |
|---|---|---|---|
dataLastSentOn * | number | null | ||
importance | string | ||
labels | array of strings | ||
owner | string | ||
softwareNames | array of strings | ||
tag | string | ||
tracked * | boolean |
Defense Storm User
defense_storm_user inherits from User
| Property | Type | Description | Specifications |
|---|---|---|---|
authorizedOrgIds | array of strings | ||
dataRestrictionId | string | ||
google2faEnabled * | boolean | ||
orgId | string | ||
phoneNumber | string | ||
roleId | string | ||
shortName | string | ||
u2fEnabled * | boolean |