About

The RunZero NetoFuse module provides enriched asset context to Netography Fusion from the RunZero Cyber Asset Attack Surface Management platform. It connects to the RunZero API to retrieve asset information and then adds Context Labels to Netography Fusion.

☁️

NetoFuse Modules: Cloud deployment vs. on-prem deployment

This page documents how to add and configure the context integration in the Netography Fusion Portal. This will make a direct connection from the Netography Fusion SaaS in the cloud to the vendor API. If you prefer to deploy the integration within your own environment (on-prem or in your own cloud) with a container or Python package, go to the module documentation in NetoFuse Modules.

Adding a Context Integration

In the Netography Fusion Portal:

  1. Select Settings at the bottom of the left-hand navigation menu
  2. Select Context Integrations in the Data Management section.
  3. Select the Add Integration button.
  4. Select a context integration from the list provided.
  5. Follow the configuration steps in the documentation for the context integration you selected.

Configuring

FieldRequiredDescription
Organization UUUIDYesRunZero Organization ID
Client IDYesRunZero API client ID
Client SecretYesRunZero API client secret
FieldNoFilters the fields returned by RunZero API. This is a comma-separated list of fields. Supported fields are available at https://www.runzero.com/docs/data-formats/#asset-data. If the fields parameter is not provided, all fields will be pulled. Note that the Netography API does not currently support integer fields.

RunZero Configuration

1. Register an API client in the RunZero console

Register an API client in the RunZero console to obtain the Client ID and Client Secret for authentication to the API.

2. Obtain the RunZero Organization ID to use

A list of all organization IDs for your RunZero account can be retrieved via the RunZero API.

This can be done using RunZero's Swagger API documentation site by going to the API page here:

https://app.swaggerhub.com/apis/runZero/runZero/4.0.231027.0#/Account/getAccountOrganizations

  1. Click the Authorize button to open the Available Authorizations window.
  2. Scroll down to oauthDefaults (OAuth2, clientCredentials) section and enter a client ID and client Secretthat you generated in the RunZero console by registering an API client.
  3. Click Authorize to make the authentication call and receive an API bearer token.
  4. Next to the GET /account/orgs API documentation, click the Try it out button.
  5. Click the Execute button that appears below the parameters.
  6. Scroll down to the response and identify the Organization ID to use.

Transform

The Advanced section of the context integration contains the Transform field. This field allows you to add, remove, or change the mapping of fields returned by the vendor API to Netography Fusion context labels.

See the Context Transforms documentation section for more instructions on editing this field.

It may be helpful to first configure all the parameters and the transform field with a NetoFuse container on your local system and then copy those fields into the Portal once you have validated that everything is configured properly.