WatchTowr
Overview
Section titled “Overview”With real-time, asynchronous data flow, this integration automatically syncs WatchTowr findings to your Adversarial Risk Register.
- Source: Attack Surface Monitoring
- Type: Configuration
- Opened By: “WatchTowr Integration”
The integration can be enabled directly from your Adversarial tenant via Settings > Integrations. The necessary details to connect your WatchTowr environment are the tenant URL and API Token.
Data Flow
Section titled “Data Flow”This is a one-way, ingest-only integration:
- Adversarial pulls the findings endpoint to ensure only legitimate records are created. Hunts that may not apply to your attack surface will not appear in Adversarial.
- Subsequent updates are reflected in the Adversarial RSK record.
- Changes in Adversarial do not impact WatchTowr.
- Findings with Low or Info severity are not imported.
Status Mapping
Section titled “Status Mapping”Once a finding is established, records with status “Confirmed” or “Unconfirmed” are created in Adversarial with status “New”. The Discovered Date is captured based on Date Identified in WatchTowr, and IRU is populated by the Severity field.
| WatchTowr Status | Adversarial Status | Notes |
|---|---|---|
| Confirmed | New | Discovered Date from Date Identified; IRU from Severity |
| Unconfirmed | New | Discovered Date from Date Identified; IRU from Severity |
| Remediated | Closure Proposed | |
| Closed | Closure Proposed | |
| Risk Accepted | Closed | |
| Asset no longer tracked | Closed |
Severity Mapping
Section titled “Severity Mapping”WatchTowr severity maps to Adversarial Initially Reported Urgency (IRU):
| WatchTowr Severity | Adversarial IRU |
|---|---|
| Critical | Critical |
| High | High |
| Medium | Medium |
| Low | Low |
| Info | Low |