From 8c739323d19c7531b4f46fdd9a112b36a46ef090 Mon Sep 17 00:00:00 2001 From: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Date: Wed, 1 Jul 2026 17:38:03 -0600 Subject: [PATCH] docs(connectors): add Group-IB ASM connector setup guide Document the Group-IB Attack Surface Management connector in the Pro connectors tool reference and add it to the supported-tools list. Covers Basic Auth (username = ASM login, password = API key), the fixed https://asm.group-ib.com location, per-company Record discovery, assets mapped as endpoints, incremental sync, and the optional company_id scoping fallback. Co-Authored-By: Claude Opus 4.8 (1M context) --- .../pro/connectors/about_connectors.md | 1 + .../connectors/connectors_tool_reference.md | 34 +++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/docs/content/import_data/pro/connectors/about_connectors.md b/docs/content/import_data/pro/connectors/about_connectors.md index 6a2fcae017f..2b78d03154f 100644 --- a/docs/content/import_data/pro/connectors/about_connectors.md +++ b/docs/content/import_data/pro/connectors/about_connectors.md @@ -32,6 +32,7 @@ We currently support Connectors for the following tools, with more on the way: * **BurpSuite** * **Checkmarx ONE** * **Dependency-Track** +* **Group-IB ASM** * **IriusRisk** * **JFrog Xray** * **Probely** diff --git a/docs/content/import_data/pro/connectors/connectors_tool_reference.md b/docs/content/import_data/pro/connectors/connectors_tool_reference.md index ae54394f7db..fc6f8ca3077 100644 --- a/docs/content/import_data/pro/connectors/connectors_tool_reference.md +++ b/docs/content/import_data/pro/connectors/connectors_tool_reference.md @@ -148,6 +148,40 @@ To generate a Dependency\-Track API key: For more information, see **[Dependency\-Track Documentation](https://docs.dependencytrack.org/integrations/rest-api/)**. +## **Group-IB ASM** + +The Group-IB ASM (Attack Surface Management) connector uses the Group-IB ASM REST API to pull external attack-surface **issues** (findings) into DefectDojo. DefectDojo discovers each Group-IB **company/tenant** as a separate Record and imports that company's issues on a scheduled, incremental basis. The asset each issue relates to (a domain, IP, or URL) is attached to the resulting finding as an **Endpoint**. + +#### Prerequisites + +You will need your Group-IB ASM login and an API key. We recommend creating a dedicated service account for DefectDojo so that automated activity can be distinguished from manual team actions. + +To generate an API key: + +1. Open Group-IB Attack Surface Management, click **Help** in the lower-left corner, and select **API**. +2. Click **Generate API Key** (top-right, under your username). +3. Enter your SSO password and click **Next**, then click **Copy token**. +4. Store the key in a secret manager and plan for regular rotation. + +#### Connector Mappings + +Group-IB ASM authenticates with HTTP Basic Auth, where the username is your ASM login and the password is your API key. **Both values are required** — the API key alone is not sufficient. + +1. Enter `https://asm.group-ib.com` in the **Location** field. This is the same for all Group-IB ASM tenants. +2. Enter your ASM login (usually an email address) in the **Username** field. +3. Enter your API key in the **API Key** (Secret) field. +4. Optionally, set a **Minimum Severity** to limit which findings are imported. Findings below the selected severity are not imported. + +DefectDojo maps each Group-IB **company** as a separate Record, using the company ID as the identifier. On the first Sync, DefectDojo backfills recent issue history; subsequent Syncs are incremental, pulling only issues changed since the last Sync (tracked by each issue's most recent `lastSeen` timestamp). + +#### Scoping to a single company (optional) + +By default, the connector automatically discovers the companies available to your API credentials (via the ASM `clients` endpoint) and creates one Record per company. This is the recommended setup and requires no extra configuration. + +If the `clients` endpoint is not available for your tenant — for example, when it is restricted to partner/MSP accounts — the connector can be scoped to one company by supplying its **company ID** as a `company_id` tool-specific field on the connector configuration. When `company_id` is set, DefectDojo uses that company directly instead of enumerating companies. Leave it unset to use automatic discovery. + +See the Group-IB ASM REST API manual (available in-product via **Help → API**) for more information. + ## **IriusRisk** The IriusRisk connector uses an API token to pull threat modeling data from your IriusRisk instance.