Axonius Documentation

    Armor Code

    ArmorCode is an application security posture management platform that provides unified exposure management, vulnerability prioritization, and remediation orchestration across security and development tooling.

    Use Cases the Adapter Solves

    • Application Security Posture Management: Gain visibility into all applications (products and sub-products) managed within ArmorCode, including their security owners, compliance requirements, and cloud exposure status.
    • Vulnerability Risk Prioritization: Correlate security findings and CVEs from ArmorCode with your asset inventory to identify which applications and systems have the highest-risk vulnerabilities requiring immediate attention.

    Asset Types Fetched

    Aggregated Security Findings, Users, Groups, Business Applications, SaaS Applications

    Data Retrieved through the Adapter

    Business Applications - Fields such as Name, Product Type, Product Status, Business Owner Email

    SaaS Applications - Fields such as Name, Parent Product ID, Version Number

    Groups (Teams) - Fields such as Team Name

    Users - Fields such as User ID, Email, Name, Tenant Role

    Aggregated Security Findings - Fields such as CVE ID, CVE Severity, Vulnerability Status

    Before You Begin

    Required Ports

    • TCP port 443 (HTTPS)

    Authentication Methods

    API Key Authentication

    The adapter authenticates using a Bearer token (API Key) generated from the ArmorCode platform.

    APIs

    Axonius uses the ArmorCode REST API. The following endpoints are called:

    • GET /user/product/elastic/paged
    • GET /user/sub-product/elastic
    • GET /api/team/filters
    • GET /user/data/users
    • POST /user/findings/
    • GET /user/findings/saved-search/{saved_search_id}

    Required Permissions

    The ArmorCode API token must have read access to the following scopes:

    API Token Permissions

    • Products - Read access to product (application) data
    • Sub-Products - Read access to sub-product (application resource) data
    • Teams - Read access to team information
    • Users - Read access to user data
    • Findings/Scans - Read access to security findings, scan history, and vulnerability data

    Supported From Version

    Supported from Axonius version 8.0.23

    Connecting the Adapter in Axonius

    Navigate to the Adapters page, search for ArmorCode, and click on the adapter tile.

    Click Add Connection.

    To connect the adapter in Axonius, provide the following parameters:

    Required Parameters

    1. Domain - Base domain for the ArmorCode API. Example: https://app.armorcode.com
    2. API Key - API key generated from the ArmorCode platform. This is passed as a Bearer token in the Authorization header.

    Optional Parameters

    1. Saved Search ID - ID of a saved search in ArmorCode for fetching findings. If you want to filter findings to a specific subset, you can create a saved search in ArmorCode and use the Saved Search ID when connecting the adapter. This allows you to retrieve only the findings that match your criteria instead of fetching all findings.
    2. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
    3. HTTPS Proxy - Connect the adapter to a proxy instead of directly connecting it to the domain.
    4. HTTPS Proxy User Name - The user name to use when connecting to the value supplied in Domain via the value supplied in HTTPS Proxy.
    5. HTTPS Proxy Password - The password to use when connecting to the server using the HTTPS Proxy.

    To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.


    Updated 21 days ago