In this article:
Internal Security is part of Internal Security Suite, which is in Early Access release for selected customers. To learn more, contact your Customer Success Manager.
SecurityScorecard's Internal Security (Beta) gathers security-related information behind your firewall by communicating with your own security tools such as:
- Endpoint detection and response (EDR) devices
- Multi-factor authentication (MFA) applications
- Firewalls
Use this guide to integrate Internal Security with any of the solutions that it currently supports.
Prepare for your integrations
Before configuring any integration do the following:
- To enable Internal Security to communicate with your products, add the IP address 54.88.49.59 to your allowlist.
- Install Internal Security from Integrate360°: Marketplace. See Internal Security integration for guidance on installation and deploying the integrations in the platform.
- Contact your internal Support or Engineering team if you do not know how to provide the information required for each integration.
Note: Internal Security starts to provide data within 24 hours for each new integration as it syncs with SecurityScorecard's scanning and scoring cycles.
Integrate with your solution
- Carbon Black
- CrowdStrike
- Duo
- Fortinet FortiGate
- Fortinet FortiNAC
- Fortinet FortiSOAR
- Fortinet FortiWeb
- KnowBe4
- Mcafee MVISION
- Qualys
- Tenable.io
Integration enables Internal Security to pull specific data from each installed product using a REST API GET method. It does not interact with your tools any other way.
Note: This list will expand as we add support for more integrations.
Carbon Black
Information that Internal Security extracts:
- List of unknown apps
- All recommendations
- Threat alerts
- Device list
Required configuration settings:
Setting | Description |
API key | A token provides permission to perform the GET request |
Organization key |
An identifier that the product assigns to your organization |
Base product URL |
The public IP address and port number of the product installation. |
Documentation and resources:
-
Installed library: carbon-black-cloud-sdk
CrowdStrike
See detailed integration instructions for CrowdStrike Falcon.
Information that Internal Security extracts:
- Event streams
- Hosts data
- Incident data
- Indicator of compromise (IOC) data
- Data about threat actors in the environment
Required configuration settings:
Setting | Description |
Access token | One of a pair of tokens that authorizes a user to perform the GET request |
Secret token |
One of a pair of tokens that authorizes a user to perform the GET request |
Customer ID |
The identifier assigned by the product to the user permitted to perform the GET request |
Access URL | Base URL of the API endpoint; example: https://api.us-2.crowdstrike.com/ |
Documentation and resources:
-
Installed library: Falconpy
Duo
Information that Internal Security extracts:
- Authentication log details
- Administrative API endpoint details
- Administrative integration details
- Administrative phone details
- Administrative settings details
- Administrative usernames and activities details
Required configuration settings:
Setting | Description |
Integration key | A token that enables Internal Security to connect with your account; learn how to create the integration key and secret keys |
Secret key | A token that provides permission to perform the GET request. |
Base product URL |
The public IP address and port number of the product installation. |
Documentation and resources:
- API integration library
- External packages installed: duo-client
- Terms and conditions of use
Fortinet FortiGate
See detailed integration instructions for Fortinet FortiGate.
Information that Internal Security extracts:
- System firmware data
- Anomalies in the system
- Rate-based intrusion prevention signals
- Intrusion prevention rules
- Intrusion prevention global settings
- Intrusion prevention sensor data
- FortiGate routing table entry
- FortiGate subnet data
- Antivirus profiles
- Control enforced on applications installed on systems behind FortiGate
- Antivirus settings
- Threat traffic
- FortiGate security rating data
- WAF Firewall profiles
- WAF Firewall signatures
- DNS filter settings and data
Required configuration settings:
Setting | Description |
Access token | A token provides permission to perform the GET request. |
Base product URL |
The public IP address and port number of the product's installation. |
Documentation and resources:
- API guidance
- No internal packages installed
- End-user license agreement
Fortinet FortiNAC
Note: This integration only works if the product is installed in your internal cloud environment, not in the FortiCloud.
Information that Internal Security extracts:
- Alarm information , such as OS update and admin service fail
- Control tasks information
- Device profile details
- All event details
- Devices in the network details
- User details
Required configuration settings:
Setting | Description |
Username | A token provides permission to perform the GET request. |
Password |
The password of the user permitted to perform the GET request |
Base product URL |
The public IP address and port number of the product's installation. |
Documentation and resources:
- API guidance
- No external packages installed
- Terms of use
Fortinet FortiSOAR
Note: This integration only works if the product is installed in your internal cloud environment, not in the FortiCloud.
Information that Internal Security extracts:
- Workflow history
- Incident alerts
- System templates
- Asset list
- Task list
Required configuration settings:
Setting | Description |
Username | The name of the user permitted to perform the GET request |
Password |
The password of the user permitted to perform the GET request |
Base product URL |
The public IP address and port number of the product's installation. |
Documentation and resources:
- API guidance
- No external packages installed
- Terms of use
Fortinet FortiWeb
Note: This integration only works if the product is installed in your internal cloud environment, not in the FortiCloud.
Information that Internal Security extracts:
- Fortiweb operation status
- Fortiweb network interface configuration
- All local certificates
- tcpdump from Fortiweb
- HATopology configurations
- Open config network failure
- Topology config in manager mode
- FortiGuard configurations
- Network data source interface data
- Web application firewall signature policies
- Web application attack log data
Required configuration settings:
Setting | Description |
Access token* | A token provides permission to perform the GET request. |
Base product URL |
The public IP address and port number of the product's installation. |
To create the FortiWeb API key run the following command in your terminal, where the default value of vdom is root:
Note: "APIKEY" is the default value but still every installation is different. To learn the value for your installation see the FortiWeb API documentation, or ask Fortinet Customer Service about creating API key in terminal using your credentials.
echo '{"username":"******","password":"********","vdom":"*****"}' | base64
Documentation and resources:
- API guidance
- No external packages installed
- Terms of use
KnowBe4
Information that Internal Security extracts:
- All campaign data
- All security test data
Required configuration settings:
Setting | Description |
API key | A token provides permission to perform the GET request |
Base product URL |
The cloud API base URL for accessing the data; |
Documentation and resources:
- API guidance
- No external packages installed
- Terms of use
Mcafee MVISION
Information that Internal Security extracts:
- Devices and their metadata
- Task schedules
- Installed products
- Tags
Required configuration settings:
Setting | Description |
API key | A token provides permission to perform the GET request |
Username |
The name of the user permitted to perform the GET request |
IAM URL |
The fully qualified URL that enables SecurityScorecard to generate the authentication token; default value: https://iam.mcafee-cloud.com/iam/v1.0/token |
Password |
The password of the user permitted to perform the GET request |
Client ID |
The identifier assigned by the product to the user permitted to perform the GET request |
Base product URL |
The cloud API base URL for accessing the data; |
Documentation and resources:
- API guidance
- No external packages installed
Qualys
Information that Internal Security extracts:
- Hosts
- Virtual hosts
- Web application IDs and details
- Web scan IDs and its configs, metadata
- Web scan results
- All Amazon Elastic Compute Cloud (Amazon EC2) scans
- EC2 scan results
Required configuration settings:
Setting | Description |
Username | The username of the account with permission to perform the GET request |
Password | The password of the account with permission to perform the GET request. |
Base product URL |
The API base URL based on your deployment region; see Identify your Qualys platform. |
Gateway product URL |
API Gateway URL needed to access Asset Inventory, Endpoint Detection & Response, File Integrity Monitoring, and |
Note: Internal Security sends POST requests to create keys using the username and password and to get the list of hosts, web application IDs, and web application scan IDs from Qualys. Internal Security does not make any changes in your Qualys deployments.
Documentation and resources:
- API guidance
- No external packages installed
Tenable.io
See detailed integration instructions for Tenable.io.
Information that Internal Security extracts:
- Network details
- Asset details
- Agent group details
- Scan information
Required configuration settings:
Setting | Description |
Access token | One of a pair of tokens that authorizes a user to perform the GET request |
Secret token |
One of a pair of tokens that authorizes a user to perform the GET request |
Documentation and resources:
- API guidance
- Installed library: pytenable
- Technology interoperability program (TIP) agreement