Element Security

Element Security is a platform that provides continuous threat-exposure management to discover internet-facing assets, validate exploitable exposures, and guide remediation of risks.

The Element Security adapter enables Axonius to fetch and catalog internet-facing assets, providing visibility into their exposure status and associated security risks.

Asset Types Fetched

• Devices
• Vulnerabilities
• Users
• SaaS Applications
• Domains & URLs
• Object Storage
• Certificates
• Alerts/Incidents

Data Retrieved through the Adapter

The adapter retrieves information to provide visibility into your publicly accessible assets. The retrieved data for each asset type may include:

• Devices - Data such as hostnames, IP address details, asset technology classifications, and compromise indicators.
• Web Infrastructure - Data such as domain names, subdomains, and base URL information.
• Users - Data such as contact information and recent login activity.
• Certificates - Data such as certificate identification, validity status, and creation timestamps.
• Cloud Resources - Data regarding object storage assets, including bucket descriptions and current status.
• Security Alerts & Vulnerabilities - Data such as threat descriptions, severity ratings, remediation guidance, and industry-standard risk scores (CVSS).

Required Ports

• TCP port 443 (HTTPS)

Authentication Methods

Axonius uses an API key that is sent as a Bearer Token in the authorization header of API requests.

Required Permissions

The account generating the API key must have permission to view assets and alerts within the Element Security console.

APIs

Axonius uses the Element Security API to retrieve asset data.

📘

Note

Public documentation for the Element Security API may not be available. Please contact Element Security support for specific API details.

Generating the API Key

1. Log in to the Element Security console.
2. Navigate to the Settings or Integrations menu (specific location may vary).
3. Generate a new API Key (Bearer Token) and copy it for use in the Axonius configuration.

Supported from Version

This adapter is supported from Axonius version 8.0.5.

Connection Parameters

To connect the adapter in Axonius, provide the following parameters.

Required Parameters

1. Host Name or IP Address - Enter the hostname or IP address of the Element Security server.

2. API Key - Enter the Bearer Token generated from the Element Security console.

Optional Parameters

1. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

2. HTTPS Proxy - Enter an HTTPS proxy address to connect the adapter to a proxy instead of directly connecting it to the domain.

3. HTTPS Proxy User Name - Enter the user name to use when connecting to the value supplied in Host Name or IP Address via the value supplied in HTTPS Proxy.

4. HTTPS Proxy Password - Enter the password to use when connecting to the server using the HTTPS Proxy.

To learn about additional optional/common adapter connection parameters, see Adding a New Adapter Connection.

Expand Endpoints Config to configure the following options:

• Enrich Device Assets with Alerts (default: false) - Enable this option to fetch alerts associated with fetched devices.
• Enrich Domain Assets with Alerts (default: false) - Enable this option to fetch alerts associated with domain assets.
• Enrich Subdomain Assets with Alerts (default: false) - Enable this option to fetch alerts associated with subdomains.
• Enrich Certificate Assets with Alerts (default: false) - Enable this option to fetch alerts associated with certificates.
• Enrich Object Storage Assets with Alerts (default: false) - Enable this option to fetch alerts associated with object storage assets.
• Fetch Incidents from Alerts (default: false) - Enable this option to parse fetched alerts as incidents.