Skip to main content
Sign in

Creating an extended integration for Intezer Protect assets

  • July 11, 2023 21:00
  • Updated

Let Oomnitza be your single source of truth!

You'll get complete visibility of your assets as data from Intezer is automatically transformed into consumable information and actionable insights.

The Intezer Asset Load uses the Get Hosts API. For further information, see Intezer Protect API Documentation: GET /v1-0/hosts.

Connect Oomnitza and Intezer in minutes

Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:

  • Configurable dashboards and list views of key asset information
  • Configurable reports to share information about your assets with your colleagues and management
  • Configurable workflows that you can easily create for:
    • Getting and removing hosts.
    • Adding and removing host labels.

Contents

  1. Before you start
  2. Creating the asset integration
  3. Creating custom mappings

Before you start

Before you create the asset integration you must ensure that you have added your Intezer Protect credentials to Oomnitza.

Creating the asset integration

  1. In Oomnitza, click Configuration> Integrations> Overview.
  2. Click Block view block_view.PNG
  3. Scroll down to the Extended section for asset integrations.
  4. Click NEW INTEGRATION.
  5. Select the integration in the sidebar.
  6. Click ADD.

Integration Overview

More information is provided about the following fields to help you complete the integration:

  • Integration preferences:  By default, the option Create & Update is selected, which allows for editing existing asset records and adding new ones. If your goal is only to edit existing asset records, choose Update Only. On the other hand, if you only want to add new records, select Create Only.

Integration details

To review or update the integrations details, click the pencil:

  1. Update the integration name if necessary. 
  2. For installation type decide whether you want to store the credentials locally or in Oomnitza:
    1. Select Local if you want to store credentials locally. This mode does not support OAuth or AWS authentication.
    2. Select Cloud if you want to store credentials in your Oomnitza instance.
  3. For integration preferences, select an option.
  4. Enter the name of the integration user.

Credential details

Choose one of the following options:

  • Select the credentials that were created for the integration.
  • Edit the credentials that were created for the integration.
  • Create new credentials

Schedule

By default, user data is streamed to Oomnitza once every day.

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

  1. Click the pencil.
  2. Configure your schedule.
  3. Click Update.

Mappings

To map the fields to Oomnitza, click the pencil.

Creating custom mappings

Map Intezer fields to Oomnitza fields to get the user information that you need. For the field mapping, it is recommended to follow these steps:

  1. Click Smart Mapping to automatically detect appropriate mapping fields. Values from the integration can also be dragged to the appropriate field on the Oomnitza side, or selected from the integration field dropdown.
  2. Create custom mappings for fields that do not exist on the Oomnitza side such as the Intezer Host ID.
    1. Click the down arrow on the Intezer ID field.
    2. Select Add new Oomnitza assets field.
    3. Update the Name field to Intezer Host ID.
    4. Select the Unique checkbox.
    5. Click CREATE
  3. Map and assign a sync key to a unique field, such as the Intezer Host ID.

Tracking information for asset loads 

When the integration is run, you can track the name of the credentials that were used and the source of the data. To do this, you map the following fields to Oomnitza:   

  • Connect: Credentials

Custom mappings

Boot Time
Cluster ID
Connector Sync Time
Distribution
Hardware ID
Has Vpn
Host Group
Host Type
Hostname
ID*
Instance ID
Is Online?
Label
Last Seen
OS Release Version
OS System Name
Project ID
Protect URL
Public IP Address
Removed?
Security Status
Sensor Version
Vulnerability Status

*Suggested sync key

Did you know? 
You can define rules for your integration by selecting Edit integration edit_integration.svg on the mapping page. For example, you may only want to run the integration if a certain contact or region exists. See Filtering integration results.  

You can add new fields to your integration by selecting Add new field  add_grey_rectangel_icon.svg on the mapping page. All you need to do is specify the property name. See Creating custom API fields. 

Launching the integration

Your integration is in Draft mode until all the required mandatory fields are added. Once you have added all of the required fields, select Launch to activate your integration. 

small_blue_link.svg If you selected Cloud as the installation type when creating the integration, refer to Running an extended integration

small_blue_link.svg If you selected Local as the installation type when creating the integration, refer to Running an extended integration locally.

Getting your results
To view the information that is collected about your assets, click Assets. To view the information about software, click the Software tab.  
To view the information that is collected about your users, click People. If you selected User plus SaaS User when running the user integration, you can also find a list of users in the Software > SaaS menu

Related Links

Unleash the power of Oomnitza

To get valuable actionable insights that help you manage your assets, learn how to:

  • Configure dashboards for your users and software
  • Configure custom reports about your users and software
  • Create workflows to automate tasks

See Getting started for more information.

Related articles

Comments

0 comments

Please sign in to leave a comment.