Dragos Platform

Dragos is a cybersecurity platform with an ecosystem tailored for industrial environments. Dragos's Operational Technology (OT) offers clear visibility into your Industrial Control System (ICS) assets and communications. For detailed information, please refer to Dragos’s official documentation.

Integration Method: API

Tables: Device Inventory Info (5001), Detection Finding (2004), Vulnerability Finding (2002)

This integration supports the following type of events.

This integration supports the following versions.

Prerequisites

• The user should have access to the Dragos Platform portal. 

• The user should have access to the DataBee console.

Configuration Overview

1. Generate API Key with required permissions.

   • Create New Role with required permissions.

   • Create New User and API Key.

2. Create Dragos Platform Data Feed in the DataBee console with the required credentials.

   DataBee Parameter	Dragos Parameter
   Username	ID
   Password	Secret
   API Base URL(<instance>)	Dragos Instance

Dragos Configuration

For the latest information on configuring Dragos, refer to Dragos’s Administrator User Guide.

Add New Role

1. Sign in to the Dragos platform as an Administrator.

2. Copy the instance value from the URL for later use.
   Example instance value: Dragos Cloud.
    

3. Navigate to the Admin > User Management > Roles.
    

4. Click on Add New Role, the “Add New Role” window will appear.
    

5. On “Add New Role” window:

   1. Under the ‘Name’ field enter the Name for the Role.

   2. Under the ‘Description’ field enter the Description for the Role.

   3. Under ‘Permissions’, check the following permissions, then click on Save.

      1. asset:read

      2. detection:read

      3. vulnerability:read

   

Create New User and API Key

1. Navigate to Admin > User Management > Users.
    

2. Click on Add New user, the “Create User” window will appear.
    

3. On the “Create User” window, enter the ‘Name’ then click on Create. The “Edit User” window will appear.
    

4. On “Edit User” window, click on Data Access.
    

5. Under Data Access, in ‘Role Access’, select the role that we created in the previous step. Then click on Authentication.
    

6. Under Authentication, click on Add New API Key.
    

7. Under Generate New API Key, enter ‘Name’ of the API key, then click on Generate Key.
    

8. Copy the ID and Secret generated.

   

   Note:

   This is the only time the secret is displayed. Once this message box is closed, there is no way to retrieve the secret. If the secret is lost, then the API Key must be deleted and a new API Key needs to be created.

DataBee Configuration

1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
    

2. Search for the Dragos Platform and click it as shown below.
    

3. Click on the API Ingest option for collection method. 

   

4. Enter basic contact information in the contact form.
    

5. In the following dialog box, enter the following:

   • Authorization Method: Basic

   • Username: enter above generated ID. 

   • Password: enter above generated Secret. 

   • API Base URL: replace <instance> by your instance value.

   • Event types: preselected for all the event types that integration pulls.
      

6. Click Submit.

Troubleshooting Tips

• If you are facing a response code - 401 this might be possibly due to incorrect credentials. Ensure the ID and Secret are pasted correctly.

• If you are facing a response code - 403 this might be possibly due to missing permission. Ensure that all the required permissions are granted correctly as per the above-mentioned steps.

• Make sure that the IPs of the Databee are whitelisted.