Horizon3-Nodezero
Visualize Horizon3 Nodezero Attack Paths, Discovered Hosts, Operation Templates, Pentest Operations, Asset Groups, Data Stores, Runner Agents, Client Accounts, and Weaknesses while monitoring changes through advanced queries and automated alerts.
- Installation
- Data Model
- Types
Horizon3-Nodezero Integration Installation in Jupiterone
Overview
This guide walks you through how to connect your Horizon3 Nodezero account with JupiterOne to monitor and manage your security data.
Prerequisites
- An active Horizon3 account with user role as Org Admin or User to Generate API Key.
- API Key should have Permission Level as Read-only or User.
- Access to JupiterOne with permission to configure integrations.
Setup in Horizon3 Nodezero
Generate API Token in Horizon3
Steps:
-
Login to your Horizon3 account.
-
Click on Profile at top right corner.
-
Navigate to the Settings tab and open My Settings tab.
-
Navigate to API Keys section and click Generate API Key.
-
Select the Permission level as Read-only or User and click Generate.
-
Copy the generated API key and save it securely for further use.
-
Identify your account region based on the URL.
Account region Base URL US https://api.horizon3ai.comEU https://api.horizon3ai.eu
Configure Integration in JupiterOne
Now that you have required tokens and Region, let's connect everything in JupiterOne.
Steps:
-
In JupiterOne, go to the left navigation menu and click Integrations.
-
Scroll down and click the Horizon3 Nodezero integration tile.
-
Click Add Configuration and fill in the fields:
Field What to Enter Nodezero API Key Paste your API token generated in Horizon3 Nodezero portal here Nodezero Region Select the region based on your account region Account Name A friendly name (e.g., “Nodezero - US Region”) Description Optional – notes to identify this setup Polling Interval How often to collect data (or choose DISABLEDto run manually) -
Click Create Configuration to save it.
That’s it! JupiterOne will now start pulling data from Horizon3 Nodezero based on the schedule you set.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Nodezero Asset Group | nodezero_asset_group | Group |
| Nodezero Attack Path | nodezero_attack_path | Risk |
| Nodezero Client Account | nodezero_client_account | Account |
| Nodezero Data Store | nodezero_data_store | DataStore |
| Nodezero Discovered host | nodezero_host | Host |
| Nodezero Git Integration | nodezero_git_account | Service |
| Nodezero Operation template | nodezero_operation_template | Configuration |
| Nodezero Pentest Operation | nodezero_operation | Assessment |
| Nodezero Runner Agent | nodezero_agent | HostAgent |
| Nodezero User Account | nodezero_user_account | User |
| Nodezero Weakness | nodezero_weakness | Finding |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
nodezero_agent | PERFORMED | nodezero_operation |
nodezero_attack_path | EXPLOITS | nodezero_weakness |
nodezero_client_account | HAS | nodezero_operation |
nodezero_data_store | HAS | nodezero_weakness |
nodezero_host | HAS | nodezero_weakness |
nodezero_operation | USES | nodezero_git_account |
nodezero_operation | IDENTIFIED | nodezero_attack_path |
nodezero_operation | SCANS | nodezero_host |
nodezero_operation | SCANS | nodezero_data_store |
nodezero_operation | IDENTIFIED | nodezero_weakness |
nodezero_operation_template | DEFINES | nodezero_operation |
nodezero_user_account | CREATED | nodezero_operation_template |
nodezero_user_account | CREATED | nodezero_operation |
Nodezero Agent
nodezero_agent inherits from HostAgent
| Property | Type | Description | Specifications |
|---|---|---|---|
lastCommand | string | ||
logFile | string | ||
systemInfo | string |
Nodezero Asset Group
nodezero_asset_group inherits from Group
| Property | Type | Description | Specifications |
|---|---|---|---|
assetsCount | number | ||
authorizedAssetsCount | number | ||
authorizedExternalDomainCount | number | ||
authorizedIPCount | number | ||
clientAccountCompanyName | string | ||
clientAccountUUID | string | ||
externalDomainCount | number | ||
inScopeIPCount | number | ||
lastAssetDiscoveryCompletedAt | string | ||
pentestSeriesUUID | string | ||
pentestTemplateUUID | string | ||
userAccountName | string | ||
userAccountUUID | string |
Nodezero Attack Path
nodezero_attack_path inherits from Risk
| Property | Type | Description | Specifications |
|---|---|---|---|
affectedAssetText | string | ||
attackPathTitle | string | ||
baseScore | number | ||
contextScoreDescription | string | ||
credentialRefs | array of strings | ||
hostName | string | ||
hostRefs | array of strings | ||
hostText | string | ||
id | string | ||
impactDescription | string | ||
impactTitle | string | ||
impactType | string | ||
ipAddress | string | ||
pentestId | string | ||
severity | string | ||
targetEntityText | string | ||
timeToFind | string | Time took (in seconds or in HH:MM:SS) from the start of the pentest until this particular attack path was discovered | |
weaknessRefs | array of strings |
Nodezero Client Account
nodezero_client_account inherits from Account
| Property | Type | Description | Specifications |
|---|---|---|---|
assetsCount | number | ||
childClientAccountsCount | number | ||
companyLogoUrl | string | ||
companyShortName | string | ||
externalAssetsCount | number | ||
internalAssetsCount | number | ||
isWhiteLabelReportsCascaded | boolean | ||
isWhiteLabelReportsEnabled | boolean | ||
parentUUID | string | ||
secondaryCompanyLogoUrl | string | ||
sessionUserRoleId | string |
Nodezero Data Store
nodezero_data_store inherits from DataStore
| Property | Type | Description | Specifications |
|---|---|---|---|
account | string | ||
address | string | ||
attackPathsCount | number | ||
authenticated | boolean | ||
baseScore | number | ||
baseSeverity | string | ||
cloudProvideName | string | ||
cloudResourceARN | string | ||
cloudServiceName | string | ||
contextScore | number | ||
contextSeverity | string | ||
dataResourcesCount | number | ||
dataResourcesLabel | string | ||
dataStoreType | string | ||
dnsAddress | string | ||
downstreamImpactTypes | array of strings | ||
downstreamImpactTypesAndCounts | array of strings | ||
hostname | string | ||
impactPathsCount | number | ||
ipAddress | string | ||
pentestId | string | ||
permissions | array of strings | ||
port | number | ||
protocol | string | ||
score | number | ||
sensitiveDataItemCount | number | ||
sensitiveDataItemTitlesAndCounts | array of strings | ||
sensitiveDataItemTypes | string | ||
sensitiveDataItemTypesAndCounts | array of strings | ||
sensitiveResourcesCount | number | ||
serviceType | string | ||
severity | string | ||
title | string | ||
weaknessesCount | number |
Nodezero Git Account
nodezero_git_account inherits from Service
| Property | Type | Description | Specifications |
|---|---|---|---|
source | string |
Nodezero Host
nodezero_host inherits from Host
| Property | Type | Description | Specifications |
|---|---|---|---|
actionLogsCount | number | ||
actionLogsCsvUrl | string | ||
attackPathsCount | number | ||
cloudARNs | array of strings | ||
cloudProvider | string | ||
cloudRegion | string | ||
cNameChains | array of strings | ||
confirmedCredentialsCount | number | ||
confirmedWeaknessesCount | number | ||
contextScoreDescription | string | ||
credentialsCount | number | ||
dataResourcesCount | number | ||
dataStoresCount | number | ||
downstreamImpactTypes | array of strings | ||
firstSeenOn | string | ||
isDatabaseServer | boolean | ||
isDomainController | boolean | ||
isInScope | boolean | ||
isLoadBalancer | boolean | ||
isMailServer | boolean | ||
isPublic | boolean | ||
isVPN | boolean | ||
isWebApplicationFirewall | boolean | ||
ldapHostname | string | ||
pentestId | string | ||
score | number | ||
servicesCount | number | ||
severity | string | ||
subnet | string | ||
subnetSource | string | ||
weaknessesCount | number | ||
webSharesCount | number |
Nodezero Operation
nodezero_operation inherits from Assessment
| Property | Type | Description | Specifications |
|---|---|---|---|
attackPathsCount | number | ||
awsAccountIds | array of strings | ||
cancelledOn | string | ||
clientName | string | ||
createdBy | string | ||
credAccessCount | number | ||
credentialsCount | number | ||
dataResourcesCount | number | ||
dataStoresCount | number | ||
duration | number | Pentest duration in seconds | |
etCompletedOn | string | ||
excludeScope | array of strings | ||
externalDomainsCount | number | ||
hostsCount | number | ||
impactPathsCount | number | ||
impactsCount | number | ||
maxScope | array of strings | ||
minScope | array of strings | ||
nodezeroIP | string | ||
nodezeroScriptUrl | string | ||
outOfScopeHostsCount | number | ||
pentestType | string | ||
phishedAttackPathsCount | number | ||
phishedImpactPathsCount | number | ||
runnerAgentUUID | string | ||
scheduledOn | string | ||
servicesCount | number | ||
state | string | ||
usersCount | number | ||
weaknessesCount | number | ||
weaknessTypesCount | number | ||
websitesCount | number |
Nodezero Operation Template
nodezero_operation_template inherits from Configuration
| Property | Type | Description | Specifications |
|---|---|---|---|
assetGroupUUID | string | ||
autoInjectedCredentialsUUID | array of strings | ||
blacklistedScope | string | ||
clientAccountUUID | string | ||
companyNames | array of strings | ||
domainsList | array of strings | ||
maximumRunTime | number | ||
maximumScope | string | ||
minimumRunTime | number | ||
minimumScope | string | ||
passwordsToSpray | array of strings | ||
pentestName | string | ||
pentestType | string | ||
runnerName | string | ||
runnerUUID | string | ||
targetedTestId | string | ||
userAccountUUID | string |
Nodezero User Account
nodezero_user_account inherits from User
| Property | Type | Description | Specifications |
|---|---|---|---|
lastSignInOn | string |
Nodezero Weakness
nodezero_weakness inherits from Finding
| Property | Type | Description | Specifications |
|---|---|---|---|
affectedAssetShortText | string | ||
affectedAssetText | string | ||
attackPathsCount | number | ||
baseScore | number | ||
baseSeverity | string | ||
contextScore | number | ||
contextScoreDescription | string | ||
contextSeverity | string | ||
downstreamImpactTypes | array of strings | ||
downstreamImpactTypesAndCounts | array of strings | ||
hasProof | boolean | ||
id | string | ||
impactPathsCount | number | ||
ip | string | ||
isCISAKnownExploitedVulnerability | boolean | ||
isCISAKnownRansomwareCampaignVulnerability | boolean | ||
pentestId | string | ||
proofFailureCode | string | ||
proofFailureReason | string | ||
score | number | ||
timeToFinding | number | ||
vulnerabilityAliases | array of strings | ||
vulnerabilityCategory | string | ||
vulnerabilityId | string | ||
vulnerabilityName | string | ||
vulnerabilityShortName | string |