Tufin

Visualize Tufin-managed firewalls, security policies, firewall rules, network zones, and policy violations, map violations to the rules that triggered them, and monitor firewall policy changes through queries and alerts.

Installation

Installation

info

You will need credentials for a Tufin Orchestration Suite (TOS) user with access to the SecureTrack and optionally SecureChange APIs. See the Tufin user management documentation and user roles documentation for full details.

SecureTrack user setup

The integration uses SecureTrack to collect firewalls, policies, firewall rules, network zones, and policy violations.

1. Log in to the TOS web UI as an administrator.

2. Navigate to Settings → Administration → Users.

3. Create a dedicated user and assign it the Administrator role in SecureTrack.

   A User role is sufficient for devices, policies, rules, and policy violations, but the Administrator role is required to access network zones via the API.

4. Assign the user access to all relevant devices.

SecureChange user setup (optional)

SecureChange is a separate application within TOS and requires independent user configuration. Skip this section if you do not want to ingest SecureChange users or tickets.

1. Navigate to Settings → Users in the SecureChange UI (or use LDAP group import).
2. Add the user to SecureChange and assign the appropriate role:
   • Auditor — read-only access to tickets. Sufficient if you only need ticket ingestion.
   • System Administrator — required if you also want to ingest SecureChange users.

To install the Tufin integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Tufin. Click New Instance to begin configuring your integration.

Creating a Tufin instance requires the following:

• The Account Name used to identify the Tufin account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.

• Description to assist in identifying the integration instance, if desired.

• Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.

• Your TOS server Hostname (or IP address), e.g. tos.example.com.

• Your TOS Username and Password to authenticate with the SecureTrack and SecureChange APIs.

Click Create once all values are provided to finalize the integration.

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.

Authorization

Data Model

Entities

The following entities are created:

Resources	Entity _type	Entity _class
Account	tufin_account	Account
Firewall	tufin_firewall	Firewall
FirewallRule	tufin_firewall_rule	Rule
NetworkZone	tufin_network_zone	Group
Policy	tufin_policy	Ruleset
PolicyViolation	tufin_policy_violation	Finding
SecurityPolicy	tufin_security_policy	ControlPolicy
Ticket	tufin_ticket	Record
User	tufin_user	User

Relationships

The following relationships are created:

Source Entity _type	Relationship _class	Target Entity _type
tufin_account	HAS	tufin_firewall
tufin_account	HAS	tufin_security_policy
tufin_account	HAS	tufin_network_zone
tufin_account	HAS	tufin_user
tufin_firewall	HAS	tufin_policy
tufin_firewall_rule	HAS	tufin_policy_violation
tufin_policy	HAS	tufin_firewall_rule
tufin_user	OPENED	tufin_ticket

Types

Tufin Account

tufin_account inherits from Account

Property	Type	Description	Specifications
hostname *	string	The hostname or IP address of the TOS server.

---

Tufin Firewall

tufin_firewall inherits from Firewall

Property	Type	Description	Specifications
deviceId *	string	The unique identifier of the device in Tufin SecureTrack.
domainId *	number | null	The identifier of the SecureTrack domain that owns this device.
domainName *	string | null	The name of the SecureTrack domain that owns this device.
hasTopology *	boolean | null	Whether the device participates in the SecureTrack topology map.
ipAddress *	string | null	The management IP address of the device.
isOffline *	boolean | null	Whether the device is currently offline from Tufin SecureTrack.
model *	string | null	The model of the device as reported by SecureTrack.
parentId *	number | null	The identifier of the parent device, when this device is virtual or managed.
vendor *	string | null	The vendor of the device as reported by SecureTrack.
virtualType *	string | null	The virtualization type reported by SecureTrack (e.g. context, vsys).

---

Tufin Firewall Rule

tufin_firewall_rule inherits from Rule

Property	Type	Description	Specifications
action *	string | null	The action enforced by the rule (e.g. accept, drop, reject).
comment *	string | null	Free-form comment associated with the rule.
deviceId *	number	The identifier of the device that owns this rule.
isImplicit *	boolean | null	Whether the rule is implicitly added by the device rather than user-defined.
ruleId *	number	The unique identifier of the rule in SecureTrack.
ruleNumber *	number | null	The order of the rule within its policy.
ruleType *	string | null	The type/category of the rule as reported by SecureTrack.

---

Tufin Network Zone

tufin_network_zone inherits from Group

Property	Type	Description	Specifications
domainId *	number | null	The identifier of the SecureTrack domain that owns this zone.
domainName *	string | null	The name of the SecureTrack domain that owns this zone.
zoneId *	number	The unique identifier of the zone in SecureTrack.

---

Tufin Policy

tufin_policy inherits from Ruleset

Property	Type	Description	Specifications
deviceId *	number	The identifier of the device that owns this policy.
policyId *	number	The unique identifier of the policy in SecureTrack.

---

Tufin Policy Violation

tufin_policy_violation inherits from Finding

Property	Type	Description	Specifications
deviceId *	number	The identifier of the device whose rule triggered the violation.
policyName *	string | null	The Unified Security Policy control name (policy_control_name) that this rule violates.
ruleId *	number	The identifier of the rule that triggered the violation.
ruleNumber *	number | null	The order of the violating rule within its policy.

---

Tufin Security Policy

tufin_security_policy inherits from ControlPolicy

Property	Type	Description	Specifications
domainId *	number | null	The identifier of the SecureTrack domain that owns this policy.
domainName *	string | null	The name of the SecureTrack domain that owns this policy.
policyId *	number	The unique identifier of the Unified Security Policy in SecureTrack.

---

Tufin Ticket

tufin_ticket inherits from Record

Property	Type	Description	Specifications
currentStep *	string | null	The current workflow step the ticket is on.
expiresOn *	number | null	The ticket expiration date as a Unix timestamp in milliseconds.
priority *	string | null	The priority assigned to the ticket.
requester *	string | null	The username of the user who opened the ticket.
slaStatus *	string | null	The SLA status reported by SecureChange.
ticketId *	number	The unique identifier of the ticket in SecureChange.
ticketStatus *	string | null	The current status of the ticket as reported by SecureChange.
workflowName *	string | null	The name of the SecureChange workflow handling the ticket.

---

Tufin User

tufin_user inherits from User

Property	Type	Description	Specifications
authenticationMethod *	string | null	The authentication method configured for the user (e.g. local, LDAP).
userId *	number	The unique identifier of the user in SecureChange.
userType *	string | null	The party type reported by SecureChange (e.g. user, group, ldap_user).

---

Release Notes