Skip to main content
Drata integration

Getting started with our Drata integration

Updated over a month ago

With our Drata integration you can send scan reports directly to the Reports & Docs section of Drata, streamlining and simplifying your compliance process.


Adding the integration

On the Drata Site

Log in to https://app.drata.com > Click on your profile name > Settings

Select API Keys


Click 'Create API Key':

Fill out the Create API Key Form using the guidance below and be sure to save it:

  • Expiration Date: We recommend a long expiration date so that your integration does not unexpectedly stop working

  • The following scopes must be enabled:

    • Read: Personnel list; List workspaces; Controls List; List evidence

    • Write: Add evidence; Update evidence

      User-uploaded Image


      User-uploaded Image

Copy the API Key and save it somewhere secure!


Intruder Portal

  1. Go to the Intruder Integrations page > Drata integration:

Paste the API key, enter the region (North America/Europe) and click Connect:

If you see the following error message, please confirm your Drata region and hit the 'Try Again' button:

  • Select the workspace you want the vulnerability reports to be sent to and the user you want to be marked as the owner.

  • Select Quarterly Vulnerability Scan (DCF-18)
    (If you don't see it show up, simply search DCF-18 and select it that way. This shouldn't be an issue, unless you have changed the control name in your environment).

  • Select the Owner.

Your integration is now set up!


Manually send reports to Drata

  1. There are two places you can upload reports from.

    • Scans Overview Page
      Choose the Scan you wish to use as evidence for your compliance > click the Ellipsis icon (), and choose Send To Drata:


    • Scan's detail page
      Simply hit Send to Drata:

  2. This process will take a few seconds for the report to be prepared and sent.
    Once complete you will see a screen like the one below:

  3. Inside Drata, reports will appear under Evidence library.

    NB: Each time a new report is sent from Intruder, it will update the 'Current version', moving the previous version to 'Version history':

  4. If any errors occur during the process, you will find a modal appear, similar to the one shown below:


    Any additional data on the error that has occurred will be shown in the field below.


Automatically send reports to Drata

Existing scans (must be a recurring scan)

  1. Head to the Scans page > Navigate to Scheduled scans on the right-hand side> Select the ellipsis of the scan you wish to automate for compliance > Press Edit:

  2. Assuming you're happy with the repetition frequency (daily, weekly, monthly or quarterly), you can just toggle Auto send to Drata > Update scan:

  3. The scheduled scan will now show 'Send to Drata':

New scans (must be a recurring scan)

  1. Head to the scans page > click + Schedule scan:

    1. Choose the targets you wish to scan

    2. The date you'd like the first scan to run

    3. The time you'd like it to run

    4. Preferred repetition frequency: daily, weekly, monthly or quarterly.

      1. One-off scans cannot be automatically sent to Drata, these can still be sent manually

    5. Toggle Auto send to Drata

    6. Give the scan a name

    7. Hit Schedule scan

  2. The scheduled scan will now show 'Send to Drata':


Note: The Drata integration is available for users on Pro, Premium and Vanguard plans.

Did this answer your question?