Skip to content

Data sources

Introduction to data sources

Data sources can be any existing security tool, threat feed, ticketing system or database. The Brinqa connector framework formalizes the common ways of interconnection between these systems via APIs, database extracts and structured formats like CSV, JSON, and XML. Connecting your tools to Brinqa products allows you to automate, simplify and streamline the process of extracting data for analysis, while simultaneously accomplishing critical tasks such as transformation, normalization and contextualization.

Administration > Data Integration > Data Sources will take you to the Manage Data Sources page, which displays a list view of all configured data sources at the top and available connectors for new sources at the bottom.

Table 1: List view contents

Columns Description
Title Title of the data source
Connector Connector the data source uses
Version Version of the connector your system is currently using
Server Server that the data source provides data through
Last Synced Last time the data for this source was synced

Create a new data source

Procedure

  1. Navigate to Administration > Data Integration > Data Sources
  2. Click the icon that corresponds with the desired data source
  3. Fill in the properties below and click Test Connection. If the connection fails, check the access credentials. If the connector requires user credentials, that user must have at least read access to the data source.
  4. Click Create

Table 2: New data source properties

Field Description
Title Title of the data source. The title will be displayed wherever the data server appears in the UI.
Name Reference name for queries and scripts. The name can contain only letters, numbers, and underscores.
Description Description of the data source.
Connector Connector used for this source.
Data Server Data server that provides data for the source. Externally facing data sources will use the local server, while on-premise data sources will require selection of the configured data server.
Connector Properties Properties required to access the data from this source on the data server. E.g. if the source is in the cloud, the cloud instance URL, and a username and password with access to the instance may be required.

Each connector will have unique properties to fill in.
Accessible From Specifies whether data gathered from this source will be available to all Brinqa applications or only the application you are currently administrating.

Editing or deleting a data source

Existing data sources can be edited or deleted by clicking the Actions button that appears to the right on mouseover of the entry on the list view.

Manually syncing a data source

You can manually sync data from a data source by clicking the sync icon that appears next to the Last Synced date when moused over. A modal window will open and allow you to select the time period for which you want data, as well as filtering options for that data. Filtering options are specific to the data source's connector.

TUTORIAL: Qualys Vulnerability Data Source

This tutorial will walk through the steps of setting up a Qualys Vulnerability Management data source. Once the data source is set up, it should be mapped so that data can be synced into your Brinqa application. A Qualys mapping tutorial can be found in the Data Mapping article.

  1. Navigate to Administration > Data Integration > Data Sources
  2. Click the Qualys Vulnerability Management button
  3. Enter the details in Table 3 below.
  4. Click Test Connection. A pop-up will appear if the connection was successful.
  5. Click Create
  6. Proceed to the Data Mappings module to map the newly created data source to a data model.

Table 3. Data source settings

Field Description Tutorial Example
Title Title of the data source. The title will be displayed wherever the data source appears in the UI. Qualys Vulnerability Management
Name Reference name for queries and scripts. The name can contain only letters, numbers, and underscores. qualys_vulnerability_management
Description Description of the data source. Description is displayed on the reports list view and can be searched from the reports list view search bar. Qualys host and vulnerability data source.
Connector The connector this data source will use to transfer data from the data server to the Brinqa cloud. The connector field defaults to the connector whose button was clicked in step 2. Qualys Vulnerability Management (version)
Data Server The data server that will sync Qualys data to the Brinqa cloud. When using a cloud instance of Qualys, rather than an on-premise instance, select local host as the data server. See the Data Servers article for more information on creating data servers. Local host
Qualys Platform URL The URL of your Qualys cloud instance. Your Qualys URL
Username Username of an account with at least read access to your Qualys instance. Username
Password Password associated with the username in the above field. Password
Accessible From Specifies whether this report will be available to all Brinqa applications or only the application you are currently administrating. Owning application only

TUTORIAL: Rapid7 Nexpose Vulnerability Data Source

This tutorial will walk through the steps of setting up a Rapid7 Nexpose data source. Once the data source is set up, it should be mapped so that data can be synced into your Brinqa application. A Rapid7 Nexpose mapping tutorial can be found in the Data Mapping article.

  1. Navigate to Administration > Data Integration > Data Sources
  2. Click the Rapid7 Nexpose button. Note: select the non-XML Nexpose option.
  3. Enter the details in Table 4 below.
  4. Click Test Connection. A pop-up will appear if the connection was successful.
  5. Click Create
  6. Proceed to the Data Mappings module to map the newly created data source to a data model.

Table 4. Data source settings

Field Description Tutorial Example
Title Title of the data source. The title will be displayed wherever the data source appears in the UI. Rapid7 Nexpose
Name Reference name for queries and scripts. The name can contain only letters, numbers, and underscores. rapid7_nexpose
Description Description of the data source. Description is displayed on the reports list view and can be searched from the reports list view search bar. Nexpose host and vulnerability data source.
Connector The connector this data source will use to transfer data from the data server to the Brinqa cloud. The connector field defaults to the connector whose button was clicked in step 2. Rapid7 Nexpose (version)
Data Server The data server that will sync Nexpose data to the Brinqa cloud. When using a cloud instance of Nexpose, rather than an on-premise instance, select local host as the data server. See the Data Servers article for more information on creating data servers. Local host
Server URL The URL of your Nexpose cloud instance. Your Nexpose URL
Username Username of an account with at least read access to your Nexpose instance. Username
Password Password associated with the username in the above field. Password
Skip certificate verification Whether the system should check for secure SSL certificates before connecting. Check this box when initially testing the connection, then uncheck it when the connection is known to work and certificates are set up. Checked for step 4, unchecked for step 5
Accessible From Specifies whether data from this source will be available to all Brinqa applications or only the application you are currently administrating. Owning application only