Skip to main content

Drata integration

Getting started with our Drata integration

Updated yesterday

πŸ’‘ The Drata integration is available for users on Cloud, Pro, Enterprise, and Vanguard plans.

With our Drata integration, you can send scan reports directly to the Reports & Docs section of Drata, streamlining and simplifying your compliance process.

Adding the integration

On the Drata Site

Log in to https://app.drata.com > Click on your profile name > Settings
​

Select API Keys
​


​

Click 'Create API Key':
​

Fill out the Create API Key Form using the guidance below and be sure to save it:

  • Expiration Date: We recommend a long expiration date so that your integration does not unexpectedly stop working

  • The following scopes must be enabled:

    • Read: Personnel list; List workspaces; Controls List; List evidence

    • Write: Add evidence; Update evidence
      ​

      User-uploaded Image


      ​

      User-uploaded Image

Copy the API Key and save it somewhere secure!
​


Intruder Portal

  1. Go to the Intruder Integrations page > Drata integration:
    ​

Paste the API key, enter the region (North America/Europe) and click Connect:
​

If you see the following error message, please confirm your Drata region and hit the 'Try Again' button:

  • Select the workspace you want the vulnerability reports to be sent to and the user you want to be marked as the owner.

  • Select Quarterly Vulnerability Scan (DCF-18)
    (If you don't see it show up, simply search DCF-18 and select it that way. This shouldn't be an issue, unless you have changed the control name in your environment).

  • Select the Owner.

Your integration is now set up!

Manually send reports to Drata

  1. There are two places you can upload reports from.

    • Scans Overview Page
      Choose the Scan you wish to use as evidence for your compliance > click the Ellipsis icon (…), and choose Send To Drata:
      ​

    • Scan's detail page
      Simply hit Send to Drata:
      ​

  2. This process will take a few seconds for the report to be prepared and sent.
    Once complete you will see a screen like the one below:
    ​

Automatically send reports to Drata

Existing scans (must be a recurring scan)

  1. Head to the Scans page > Navigate to Scheduled scans on the right-hand side> Select the ellipsis of the scan you wish to automate for compliance > Press Edit:
    ​

  2. Assuming you're happy with the repetition frequency (daily, weekly, monthly, or quarterly), you can just toggle Auto send to Drata > Update scan:
    ​

  3. The scheduled scan will now show 'Send to Drata':
    ​

New scans (must be a recurring scan)

  1. Head to the scans page > click + Schedule scan:
    ​

    1. Choose the targets you wish to scan

    2. The date you'd like the first scan to run

    3. The time you'd like it to run

    4. Preferred repetition frequency: daily, weekly, monthly, or quarterly.

      1. One-off scans cannot be automatically sent to Drata, these can still be sent manually

    5. Toggle Auto send to Drata

    6. Give the scan a name

    7. Hit Schedule scan
      ​

  3. The scheduled scan will now show 'Send to Drata':
    ​

Finding the reports in Drata

Inside Drata, reports will appear under Evidence library.
​
NB: Each time a new report is sent from Intruder, it will update the 'Current version', moving the previous version to 'Version history':
​

Do you alert users to errors with the integration?

Yes, if any errors occur during the process, you will find a modal appear, similar to the one shown below:
​


Any additional data on the error that has occurred will be shown in the field below.

Related Articles
Getting Started
Microsoft Azure Integration
Quality Reporting & Compliance
Vanta integration
Cloud Security Scans on Microsoft Azure
Did this answer your question?