Skip to main content

Detectify

Visualize Detectify scan reports and monitor changes through queries and alerts.

Installation

The integration connects directly to Detectify REST API to obtain application scan assets, reports, and findings. By default, it only ingests finding from the past 30 days. If you have an Enterprise Plan with Detectify, the configuration can be changed to ingest finding from the latest scan reports.

info

For this integration, you will need to create an API Key key on Detectify. See their documentation for more information.

Configuration in JupiterOne

To install the Detectify integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Detectify. Click New Instance to begin configuring your integration.

Creating an instance requires the following:

  • The Account Name used to identify the Detectify account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.

  • Description to assist in identifying the integration instance, if desired.

  • Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.

  • Your Detectify API Key, configured for read access.

Click Create once all values are provided to finalize the integration.

Data Volume Configuration

The Detectify integration provides configuration options to control the volume of data ingested into JupiterOne:

FieldDescriptionDefaultOptions
Get findings from the latest scansThis option requires Enterprise Plan from Detectify. When enabled, the integration will pull findings only from the latest scan reports. When disabled, the integration will pull all findings within the last 30 days.Disabled (pulls findings from last 30 days)Enable to pull only latest scan findings (requires Enterprise Plan)

Configuration in JupiterOne

The JupiterOne vulnerability management and scanner integration is built on this high level data model:


Vendor   - HOSTS    ->       Account
Account  - PROVIDES ->       Service (*)
Service  - SCANS or TESTS -> <Entity> (*)
<Entity> - HAS      ->       Finding

(*) Examples:

  • Service (E.g., SAST, DAST, IAST, MAST, PenTest, etc.)
  • <Entity> (E.g., Application, Host, or Device)

Optionally, the following is added when each scan/assessment/report is also tracked by the integration:


Service    - PERFORMS   -> Assessment
Assessment - IDENTIFIED -> Finding

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.