Armis Centrix Integration

• Overview
• Solution Brief
• Video Overview
• Integration Architecture
• Configuration DASM
• Configuration Centrix
• Administration and Operations

Overview

The Armis Centrix integration offers data attack surface publishing of high risk hosts identified by DASM with custom attribute of cyberstorage with a numeric  weight from 1-100 to indicate how high the data risk this host represents based on the Superna AI data risk model.  

Solution Brief

Video Overview

Integration Architecture

Configuration DASM

1. The integration requires API access to the Centrix,  once the integration is completed a new Superna Data Attack Surface site is configured to sync  data risk scores to hosts within . 
2. The configuration files require the following information to authenticate to Centrix 

   1. ARMIS_API_BASE_URL = 'PLACEHOLDER' # Replace with Armis API Base URL

      ARMIS_SECRET_KEY = 'PLACEHOLDER' # Replace with Armis API Secret Key
3. Each new Data Risk Score host will be synced to the Asset with the custom property set and Data Risk Score applied.

Configuration Centrix 

1. Follow the steps below to customized your Centrix portal with a custom asset property and custom risk policy to update the Risk Score on assets that touch data and have been flagged as a risk to data.  The custom risk factor policy will scan assets with the cyberstorage property score and apply the Risk increase.
2. Create custom device property to import the Data Risk Score computed by DASM.
   1. 
      
   2. 
   3. 
      
3. Use this property to set risk score with 100 being highest and 1 lowest
   1. Map these to risk score with a custom risk factor policy
4. 
5. Superna_CyberStorage_Data_Attack_Surface_Risk_Factor
6. 
   1. customProperties:(cyberstorage>80)
7. 
8. 
9. 

Administration and Operations

1. Once the integration is in place and the Superna AI model has generated the data attack surface and synced assets into Centrix, you will be able to run a query to locate hosts that are part of the data attack surface
2.  This ASQ query can locate assets that have been flagged as data attack surface. "in:riskFactors timeFrame:"7 Days" type:(CyberStorage)"
   1. 
   2. Clicking on Devices will list devices within your Data Attack Surface that have had the Risk Score increased due to data breach risks.  The inventory Custom properties menu and the Data Risk Score value.
      1.  
   3. To view the Custom Risk Factor policy that affected the overall risk score of the asset.
      1. In the example below, the Data Risk Factor applied a score of 10. 
      2. 
      3.