Set up and use the Aqua Security CSPM connector

Aqua Security Cloud Security Posture Management (CSPM) identifies, prioritizes, and remediates your most critical cloud security risks in real-time.

By integrating Aqua Security, Veracode Risk Manager (VRM) leverages its insights to recommend the best next actions for security teams, ensuring seamless alignment with their broader tool stack and promoting a unified, strategic approach to security management.

Aqua requirements

The VRM connector for Aqua Security CSPM must be able to access the vulnerability data in Aqua. To set up the connector, you must meet the following requirements:

• Have an Aqua Security account with Administrator permissions.
• If you use an on-premises instance of Aqua Security, know the endpoint URL of your instance.

Configure API key

1. Log in to the Aqua Security platform.

2. From the top-left menu, select Account Management.

   

3. From the left navigation menu, select Settings > API Keys.

4. Select Generate Key.

5. Enter a description for the new API Key and select Create.

6. Copy the API key and Secret values to a secure location. You will not be able to view them again after you close the window.

Create a VRM connector

1. In VRM, from the left navigation menu, select the Settings icon .
2. Select Add Connector.
3. Select the Aqua Security CSPM tile.
4. Enter a name for the connector.
5. Enter the API key and secret you generated in Aqua.
6. If you want to pull the findings from an on-premises Aqua Security instance, enter the endpoint URL of the instance. The SaaS endpoint URL is populated by default.
7. Select Add Connector.

After the connector is created, VRM begins fetching your findings, which can take several minutes.

To view the fetched findings in VRM, select Findings from the left navigation menu and search for findings with a Finding Source of Aqua Security CSPM.