UpGuard

Introduction

UpGuard Cyber Risk is a third-party risk management and security ratings platform used by organizations to continuously monitor cyber risk posture, security findings, and vendor risk events. This guide provides instructions for integrating the UpGuard Cyber Risk API into the ThreatDefence SIEM platform, enabling UpGuard notifications to be ingested, normalized, and converted into SIEM events.

The integration assumes access to an UpGuard Cyber Risk account with API access enabled.

UpGuard provides access to resources (data entities) through a RESTful API. The ThreatDefence SIEM platform uses the API to make authenticated HTTP requests to retrieve public notifications data.

UpGuard Cyber Risk API endpoints follow this general structure:

https://cyber-risk.upguard.com/api/<resource>

All API requests must be authenticated using an API Key provided by UpGuard, with Admin permissions enabled for the API Key.

For information on generating an API key, refer to the UpGuard documentation: https://www.upguard.com/platform/documentation/api

Integration Steps

To activate the integration, supply the following information to your ThreatDefence representative:

• Your generated API Key with Admin permissions enabled.