Apiiro

Apiiro is an application security posture management (ASPM) platform that helps you understand and manage application security risks.

Integrating Apiiro with Cortex allows you to:

  • View risks on entity pages in Cortex, quickly connecting issues to entities and their owners

  • Use Scorecards to drive quality improvements to your security practices relating to Apiiro applications, and set Initiatives to prioritize tasks and set deadlines.

How to configure Apiiro with Cortex

Prerequisites

Before getting started:

  • Create an Apiiro API key. Include the following permissions:

    • Risks > Read

    • Inventory management > Applications > Read

    • Inventory management > Repositories > Read

Configure the integration in Cortex

  1. In Cortex, navigate to the Apiiro settings page:

    1. In Cortex, click your avatar in the lower left corner, then click Settings.

    2. Under "Integrations," click Browse all integrations, then click Apiiro.

  2. Click Add configuration.

  3. Configure the integration form:

    • Alias: Enter an alias for your configuration.

    • API key: Enter the API key you generated in Apiiro.

    • Host: Enter the base URL of your Apiiro instance. If left blank, the default host will be used.

  4. Click Save.

After saving your configuration, you are redirected to the Apiiro integration settings page in Cortex. In the upper right corner of the page, click Test configuration to ensure Apiiro was configured properly.

How to connect Cortex entities to Apiiro

Discovery

Cortex uses the entity name, entity tag, or repository as the "best guess" for the corresponding Apiiro application. For example, if your entity name is "My Service" or your tag is my-service, then the corresponding application name in Apiiro should also be My Service or my-service.

If your Apiiro application names don’t cleanly match the Cortex entity name or tag, you can override this in the Cortex entity descriptor.

Editing the entity descriptor

You can define repositories and applications in the entity descriptor under the x-cortex-apiiro block:

x-cortex-apiiro:
  repositories:
    - alias: alias-one
      repositoryId: repository-one
    - alias: alias-two
      repositoryId: repository-two
  applications:
    - alias: alias-one
      applicationId: application-one
    - alias: alias-two
      applicationId: application-two

Using the Apiiro integration

Viewing Apiiro risks on an entity

Entity page overview

On an entity details page overview, see risks listed under the Code & security block. Within this block, issues and vulnerabilities are grouped by severity: Critical, High, Medium, and Low. Click into any of these to open a list of all applicable issues and vulnerabilities.

Entity code & security sidebar

In an entity's sidebar, click Code & security > Apiiro to view risks from Apiiro.

Scorecards and CQL

With the Apiiro integration, you can create Scorecard rules and write CQL queries based on Apiiro risks.

See more examples in the CQL Explorer in Cortex.

List risks

List all risks for a given entity's Apiiro application.

Definition: apiiro.risks()

Example

A Scorecard's top level might include a rule to ensure that entities have a low number of Apiiro risks:

apiiro.risks().length < 3
Check if Apiiro application is set

Check if entity has a registered Apiiro application in its entity descriptor.

Definition: apiiro ≠ null

Example

An initial level in a security Scorecard might include a rule to make sure entities are associated with an Apiiro application. Without this, Cortex won't pick up data about applications in Apiiro:

apiiro != null

Still need help?

The following options are available to get assistance from the Cortex Customer Engineering team:

  • Email: [email protected], or open a support ticket in the in app Resource Center

  • Chat: Available in the Resource Center

  • Slack: Users with a connected Slack channel will have a workflow added to their account. From here, you can either @CortexTechnicalSupport or add a :ticket: reaction to a question in Slack, and the team will respond directly.

Don’t have a Slack channel? Talk with your Customer Success Manager.

Last updated

Was this helpful?