"size": 1, "page": 1, "pagelen": 10, "previous": null, "next": "https://example-domain.safeone.ai/api/v3/users?page=2&pagelen=100", "values": [ { "peopleId": 1, "emailId": "john.doe@domain.com", "firstName": "John", "lastName": "Doe", "uuid": "12345678-1234-1234-1234-123456789012", "updatedAt": "2022-01-13T05:03:50.428Z", "lastLoginTime": "2022-01-13T05:03:50.428Z", "role": "Admin", "authenticationType": "Native" } ] } No links 401 UNAUTHORIZED Media type application/json Example Value Schema { "status": "error", "message": "invalid authorization header!" } No links 403 FORBIDDEN Media type application/json Example Value Schema { "Message": "User is not authorized to access this resource with an explicit deny" } No links POST /api/v3/reports: This API helps SAFE users to trigger reports. We can use the same API to trigger Audit Logs export. It will return a UUID which needs to be used in the next API. Parameters Name Description NA NA Example Request: The following example shows how

About this document This document provides the step-by-step procedure to configure SumoLogic in SAFE. Introduction SAFE integrates with SumoLogic and fetches the security misconfiguration of the SumoLogic account in SAFE. Prerequisites Access required in SAFE : SAFE Admin Access Access required in SumoLogic : SumoLogic Admin Required User Inputs: API Instance URL Access ID Access Key Asset Name in SAFE (optional) Required Scope: Admin Access Generate Connection Details How to generate Access ID Log in to your SumoLogic account as Admin . Click on the Profile icon at the bottom left corner Click on the Preferences Click on the + Add Access Key Open image-20240321-095345.png Enter the Access Key Name Click on the Create Key button Open image-20240321-095506.png The system displays an Access ID and Access Key . Copy and save the Access ID and Access Key to use it later while configuring SumoLogic in SAFE. It

Introduction Risk scenarios describe in detail the asset at risk, who or what can act against it, their intent or motivation (if applicable), the circumstances and threat actor methods associated with the threat event, the effect on the company if/when it happens, and when or how often the event might occur. All Risk Scenarios in SAFE are fully FAIR-compliant and built upon the FAIR methodology. SAFE provides an Out-of-the-Box (OOTB) Risk Scenario Library, offering a comprehensive set of pre-defined Risk Scenarios to expedite the risk assessment process. Each Risk Scenario generates key risk assessment outputs, including: Likelihood Loss Magnitude Annualized Loss The Risk Scenario page in SAFE provides an overview of risk scenarios and key insights. It includes: Top Risk Scenario Bubble Graph: A visual representation of Likelihood vs. Loss Magnitude. Worst Performing Risk Scenarios: Displays high-risk scenarios requiring attention. Best Performing Risk

1. About this document This document serves as the integration guide for the Rapid7 InsightsVM Cloud Dashboard. It provides a step-by-step procedure for configuring the "InsightVM Cloud" integration in SAFE. 2. Introduction This integration allows you to import assets and their vulnerabilities into SAFE from the Rapid7 InsightsVM Cloud Dashboard. These assets and vulnerabilities are discovered and scanned using the InsightsVM Security Console and are synced to the cloud dashboard at regular intervals. Please note that this integration does not pull assets and vulnerabilities directly from the Security Console and requires a cloud dashboard setup to be in place. For detailed instructions on setting up the cloud dashboard, please refer to the documentation: Activate Your Console on the Insight Platform | InsightVM Documentation . To fetch assets and vulnerabilities from the Security Console, please refer to the “Rapid7 InsightsVM” connector and its documentation: Rapid7 InsightVM . This connector syncs only existing

About this document This document gives you the step-by-step procedure to configure CrowdStrike Falcon Exposure Management in SAFE. Pre-requisite You need the following connection details for this integration: CrowdStrike URL Client ID Client Secret Note  To create API clients and secrets, you must have a Falcon Administrator role in CrowdStrike. The API client secret value is only shown when a new API client is created or while resetting it.  Generate Connection Details Follow the below step-by-step procedure to get the connector details: Login to your CrowdStrike instance. Navigate to the Support and Resources > API Clients and Keys from the left navigation. Under OAuth2 API clients, click the Create API Client button. Enter the Client Name and Description.  Mark the below checkboxes: Read for Vulnerabilities Read for Hosts Click the Create button. The system displays the connection details (URL, Client ID, and Client Secret).  Copy and

About this document This document provides step-by-step instructions to configure Armis Integration in SAFE and pull assets and vulnerability findings from the tool. Introduction Armis integration allows you to import your assets and any security issues (vulnerabilities) from Armis into SAFE. Admins in SAFE can set this up from the Armis card on the Integrations page. Once you set it up, all your assets from Armis, including OT (Other Technologies) and IoT (Internet of Things) assets, will be imported. This helps you understand the security risks of your assets and offers steps to improve your security. Prerequisites Assets are already set up and assessed in Armis. An Armis user account with Admin rights or enough permissions to create a new user and role for SAFE. SAFE access with Admin rights. Generate connection details To connect SAFE with Armis, you'll need two things: the Armis Base URL and

About this document This document provides the step-by-step procedure to configure Tableau in SAFE. Introduction SAFE integrates with Tableau and fetches the security misconfiguration of the Tableau account in SAFE. Prerequisites Access required in SAFE : SAFE Admin Access Access required in Tableau : Tableau Admin Required User Inputs: API Instance URL Personal Access Token Name Personal Access Token Secret Site Name Site ID Required Scope: Site Administrator Creator Generate Connection Details How to generate API Token Log in to your Tableau accou nt as Admin . Click on the Settings icon at the bottom left corner Click on the Enable personal access tokens option Click on the Save button Open image-20240322-132340.png Click on the User profile option on top left corner Click on the My Account Settings option Under Personal Access Tokens enter the token name Click on the Create Token Open image-20240322-133217.png The

About this document This document provides step-by-step instructions for configuring the PAN Cortex XDR integration in SAFE. Introduction This integration allows you to pull EDR findings from Cortex XDR, contributing to Likelihood calculations. SAFE Admins can configure this integration from the "PAN Cortex XDR" card available on the Integrations page. Prerequisites To configure this integration, you must have one of the following Cortex XDR licenses: Cortex XDR Prevent Cortex XDR Pro per Endpoint Cortex XDR Pro per GB Note : Assets must already be onboarded and actively assessed within Cortex XDR. User Permissions You’ll need access to a Cortex XDR user account with either: Admin role, or Sufficient permissions to generate read-only API keys If you don’t have the necessary permissions, please get in touch with your Cortex XDR administrator for assistance. Generate connection details To integrate SAFE with PAN Cortex XDR, we need 3 details

About this document This document provides step-by-step instructions to upload a phishing report in CSV format in SAFE. Introduction SAFE allows users to upload phishing campaign results obtained from any phishing tool via the Phishing report upload functionality. You can now download a phishing campaign result report from the source Phishing tool, convert it into a format that SAFE supports, and upload it to SAFE. Phishing Report Template Download Phishing Report Template You can download the Phishing Report Template CSV file from SAFE by following the below step-by-step procedure: Go to Integrations,  on the left navigation. Click the Phishing Report Upload card. On the upload report page, click the Download Template button available at the top-right corner of the page. The system downloads a CSV template file on your system. Instructions to fill the Phishing report template CSV files of up to 10 MB are

Create a Custom Dashboard SAFE allows you to create Private and Global Dashboards. Private Dashboard : Visibility of this dashboard is restricted to you. Global Dashboard : It will be visible to all SAFE users. To create a Custom Dashboard: Navigate to Dashboards. Click the drop-down arrow adjacent to the dashboard name. Click the Add Dashboard option. Enter a name for your dashboard. Select a template from the drop-down. SAFE enables the creation of dashboards using predefined templates, including one specifically designed for configuring an SEC Materiality Report. Select the Blank Template option from the drop-down menu if you prefer to start with a blank canvas. Click the Save button. If you wish to restrict the visibility of this dashboard solely to yourself, mark the Make Private checkbox. Click the +Add Widget button to include the necessary widgets for your dashboard. The system opens the Widget Library. On the

About this document This document provides the step-by-step procedure to configure Jamf in SAFE. Introduction SAFE integrates with Jamf, and fetches the security misconfiguration of the Jamf account in SAFE. Prerequisites Access required in SAFE : SAFE Admin Access Access required in Jamf: Jamf Admin Access Required User Inputs: API Instance URL Client ID Client Secret Required Scope: Read Patch Management Software Titles Read SSO Settings Read Push Certificates Read Computers Read Accounts Read Patch Management Settings Generate Connection Details How to generate Client ID and Client Secret Login to your Jamf account as Admin . Click on the Settings from left navigation. Search for “ API roles and clients ” and open it On the API Keys page, Click on the New button available at the top-right of the screen Enter the Display Name Select the below permission from the dropdown Read Patch Management Software Titles Read SSO Settings Read

Important Malware Patrol comes pre-configured with your SAFE instance. SAFE seamlessly integrates with Malware patrol to fetch the threat intelligence on malware, crypto mining, and phishing. Malware Patrol monitors the latest malicious campaigns to collect a variety of indicators. These range from malware, ransomware, and phishing to command-and-control systems and DoH servers. Each indicator is verified daily and crucial context, like ATT&CK TTPs, is incorporated.

Primary User (First User) Once the SAFE instance for your organization is configured, the first user gets an invitation email from SAFE to sign up. Sign Up SAFE admins can invite users to SAFE from Settings > Invitations/User Management. If you require access to SAFE, ask the SAFE admin of your organization to invite you to SAFE. Once the SAFE admin invites you to the SAFE application, you will receive the invitation via email. The email will include a link to sign up for SAFE. Invite Email Format Requirements When sending invite emails, make sure to follow these rules: The part of the email address before the '@' symbol (the username) should not be longer than 64 characters. The whole email address, including the username, '@' symbol, and domain, should not be longer than 104 characters. For example, in the email john.doe@example.com, john.doe is the username and it

About this document This document provides step-by-step instructions to configure "Microsoft Defender for Endpoint" in SAFE. Introduction This integration allows you to onboard endpoints from MS Defender for Endpoint and fetch vulnerability and/or EDR (Endpoint detection and response) findings in SAFE. SAFE Admins can configure this integration from the "Microsoft Defender for Endpoint" card available on the Integrations page. Prerequisites Microsoft Defender for Endpoint Plan 2 is enabled for your Organization. The following privileges are needed for a user in Azure to generate the connection details: For manually creating Entra ID applications and assigning permissions: Sufficient privileges/permissions to create an Entra ID application. Sufficient privileges/permissions to add API permissions to the created application. SAFE Admin access. Generate connection details To integrate SAFE with Microsoft Defender for Endpoint, we need 3 details to be generated from Azure: Tenant Id Client Id Client Secret To generate these

About this document This document provides the step-by-step procedure to configure Claroty xDome in SAFE. Introduction This integration enables users to import assets and their associated vulnerabilities from Claroty xDome into SAFE. When configured, it automatically onboards assets with at least one open vulnerability. These assets can belong to any of the following categories: OT (Operational Technology), IT (Information Technology), or IoT (Internet of Things) unless specific categories are defined in the integration settings. Prerequisites SAFE Admin Access Claroty xDome API URL Claroty API token (Site permission and a read-only user role) The user generating the API token must have access to view Sites , Categories , Assets , and Vulnerabilities in the Claroty Dashboard. Generate Connection Details (API Token) Login to Claroty xDome with a user account that has access to view Assets, Vulnerabilities, Sites, and Categories. Navigate to Settings > Admin Settings. Click the Add User button. Select the

About this document This document provides the step-by-step procedure to configure Zendesk in SAFE. Introduction SAFE integrates with Zendesk and fetches the security misconfiguration of the Zendesk account in SAFE. Prerequisites Access required in SAFE : SAFE Admin Access Access required in Zendesk : Zendesk Admin Required User Inputs: API URL Username API Token Asset Name in SAFE (optional) Required Scope: Admin Access Generate Connection Details Generate an API Token Steps: Log in to your Zendesk account as Admin . Click on the Setting icon on the left panel. Click Go to Admin Center option. Open image-20240321-123739.png1 Navigate to Apps and Integrations. Click on Zendesk API . Click the Add API token button. Open image-20240321-123926.png Enter the API token description. The system displays the API token. Copy and save the API token to use it while configuring Zendesk in SAFE. Click the Save button. Open image

About this document This document provides the step-by-step procedure to configure Datadog in SAFE. Introduction SAFE integrates with Datadog, and fetches the security misconfiguration of the Datadog account in SAFE. Prerequisites Access required in SAFE : SAFE Admin Access Access required in Datadog : Datadog Admin Access Access required in Datadog : Datadog User Custom Access User Access Manage Org Management User APP Keys Org App Keys Read API Keys Read Dashboards Read Audit Trail Read Required User Inputs API URL (Region Specific) Organization Name API Key Application Key Generate Connection Details Generate an API Key Steps: Login to your Datadog account as Admin. Click on the User Profile in the bottom left corner. Click on Organization Settings. Click the API Keys  option under Access. Click the New Key button. Enter a Name and click on the Create Key button. The system displays an API Key . Copy and save the Key

About this document This document outlines a detailed process for setting up integrations in SAFE using APIs. Unlike the user interface method, which only permits onboarding a single account per integration, this advanced approach allows you to onboard multiple accounts in SAFE. Following these steps, you can seamlessly connect with other tools and streamline your integration process. Prerequisite SAFE API Credentials (Refer to Accessing SAFE REST APIs ) Connection details for establishing a particular integration. Mostly it is the API URL, username, and password. Suppose you want to integrate with Qualys SCA; then you need the Qualys SCA API URL, Username, and Password. SAFE APIs to be used The following SAFE REST APIs will be used to establish an integration via APIs. GET /api/v3/integrations/products: This provides the integration meta details of all the product integrations supported in SAFE GET /api/v3/integrations/products/{id}: This return all the

About this document This document provides step-by-step instructions to onboard a ServiceNow account in SAFE. Introduction SAFE integrates with ServiceNow via read-only APIs and fetches the security configuration of the ServiceNow account in SAFE. Prerequisites To configure ServiceNow in SAFE, you need the following details: Instance Name : Instance name of the user’s ServiceNow Instance (e.g., safe.service-now.com) Client ID and Secret Key : To generate a Client ID and Secret Key, you must have a ServiceNow Administrator role. Generate Connection Details (Client ID and Secret Key) Log in to your ServiceNow Account as admin.  Click the All  tab, and search for  System OAuth > Application Registry .   Click the Application Registry option. Click the New  button available at the top-right corner of the screen.   On the New page, click the “Create an OAuth API endpoint for external clients ” option.   Enter a Name for the application

Overview As a customer, when you sign up for SAFE, you are allocated a tenant. The default region application data is stored in the US (North Virginia) . If this does not meet your business needs, additional regions are available, and this can be discussed with the SAFE Account Managers. There are different data collected, processed, and managed by SAFE. Most of the data managed by SAFE are always kept in the chosen geographic region. Certain data are stored in our global data center. The encryption options for the regional data are explained in the section Data pinning to regions Data that is stored in the selected region and encrypted by a tenant KMS key Questionnaire assessment data. Assessment data under technology verticals. This includes assessment data generated by SAFE Hooks. Asset Groups configuration data. Cyber Security Products Assessment data. Controls status, comments and evidence against controls. Third-party assessment data