Skip to main content

Drata integration

Getting started with our Drata integration

Updated over a month ago

With our Drata integration you can send scan reports directly to the Reports & Docs section of Drata, streamlining and simplifying your compliance process.

Adding the integration

On the Drata Site

Log in to https://app.drata.com > Click on your profile name > Settings

Select API Keys


Click 'Create API Key':

Fill out the Create API Key Form using the guidance below and be sure to save it:

  • Expiration Date: We recommend a long expiration date so that your integration does not unexpectedly stop working

  • The following scopes must be enabled:

    • Read: Personnel list; List workspaces; Controls List; List evidence

    • Write: Add evidence; Update evidence

      User-uploaded Image


      User-uploaded Image

Copy the API Key and save it somewhere secure!


Intruder Portal

  1. Go to the Intruder Integrations page > Drata integration:

Paste the API key, enter the region (North America/Europe) and click Connect:

If you see the following error message, please confirm your Drata region and hit the 'Try Again' button:

  • Select the workspace you want the vulnerability reports to be sent to and the user you want to be marked as the owner.

  • Select Quarterly Vulnerability Scan (DCF-18)
    (If you don't see it show up, simply search DCF-18 and select it that way. This shouldn't be an issue, unless you have changed the control name in your environment).

  • Select the Owner.

Your integration is now set up!

Manually send reports to Drata

  1. There are two places you can upload reports from.

    • Scans Overview Page
      Choose the Scan you wish to use as evidence for your compliance > click the Ellipsis icon (), and choose Send To Drata:


    • Scan's detail page
      Simply hit Send to Drata:

  2. This process will take a few seconds for the report to be prepared and sent.
    Once complete you will see a screen like the one below:

Automatically send reports to Drata

Existing scans (must be a recurring scan)

  1. Head to the Scans page > Navigate to Scheduled scans on the right-hand side> Select the ellipsis of the scan you wish to automate for compliance > Press Edit:

  2. Assuming you're happy with the repetition frequency (daily, weekly, monthly or quarterly), you can just toggle Auto send to Drata > Update scan:

  3. The scheduled scan will now show 'Send to Drata':

New scans (must be a recurring scan)

  1. Head to the scans page > click + Schedule scan:

    1. Choose the targets you wish to scan

    2. The date you'd like the first scan to run

    3. The time you'd like it to run

    4. Preferred repetition frequency: daily, weekly, monthly or quarterly.

      1. One-off scans cannot be automatically sent to Drata, these can still be sent manually

    5. Toggle Auto send to Drata

    6. Give the scan a name

    7. Hit Schedule scan

  3. The scheduled scan will now show 'Send to Drata':

Finding the reports in Drata

Inside Drata, reports will appear under Evidence library.

NB: Each time a new report is sent from Intruder, it will update the 'Current version', moving the previous version to 'Version history':

Do you alert users to errors with the integration?

Yes, if any errors occur during the process, you will find a modal appear, similar to the one shown below:


Any additional data on the error that has occurred will be shown in the field below.

Note: The Drata integration is available for users on Cloud, Pro, Enterprise, and Vanguard plans.

Related Articles
Getting Started
AWS 'account' integration
Bug Hunting explained
Vanta integration
Vulnerability Disclosure Program
Did this answer your question?