Installing the Drata App

Using the Drata App

The Drata App helps you to collect data from the Drata Compliance platform API. You can use the provided Data and Resource Sets to work with compliance, personnel and asset information.

What Type of Data does Drata provide?

The Drata App requires that you setup the polling of the Drata Compliance API to poll the different API endpoints.

Drata API Endpoints

  • assets - Provides asset objects by assetReferenceTypes

  • connections - Provides connections to data sources feeding Drata

  • controls - Provides list of compliance controls

  • monitors - Provides configured compliance monitors

  • personnel - Provides personnel objects with devices and compliance checks and tests

  • risk-management - Provides Risks to controls and categories

  • vendors - Provides known vendors used by the organization

  • events - Provides Drata system events

Setup

Creating the Drata API Token

  1. Log into your Drata Instance.

  2. Click Your Name on the bottom left then Settings.

  3. Click API Keys under the Company Settings section of the UI.

  4. Click Create API Key.

    • Choose the desired options and expiration

    • Choose the scope of All Read

5. Record the new API token, and chosen expiration date in a secure location. When a token expires, you must update the Observe integration with a new token.

Installing the Drata App

Install the Drata app using the Apps section under Workspace Setting.

Changing the Datastream

The Drata App uses the Default datastream for polled data and resource set creation. To select another datastream, use the Configuration tab of the App Details page.

Creating an Observe Ingest Token

Create an Observe token to ingest your logs into Observe.

  1. Under the Connections section of the App Details page, select Create Drata Token and follow the prompts.

  2. Record the generated API Token value in a secure location.

  3. Use the generated test command to test that the token works appropriately.

Collecting Drata API to Observe

  1. Ask your sales engineer about configuring Drata data collection using AWS Lambda to Observe.

  2. Create one Lambda for each endpoint (DRATA_QUERY_TYPE) to collect. All the endpoints listed above need to be configured, as the data is related.

  3. Configure the environment variables for each event collector.

OBSERVE Connector Values
    OBSERVE_URL = Required: Observe Customer ID (Example: https://154418444508.observeinc.com/)
    OBSERVE_TOKEN = Required: Observe Datastream Token
    OBSERVE_LOGGING_LEVEL = Optional: Desired Logging Level (Example: DEBUG)

# Drata API Values:
    DRATA_TOKEN = Required: Drata Reader Level API Token
    DRATA_QUERY_TYPE = Required: Drata Query Type (Example: events)
    DRATA_TIME_LIMIT_HOURS = Optional: Integer in Hours To Limit Events **createdAt** time for OBSV Posting
    DRATA_LOGGING_LEVEL = Optional: Desired Logging Level (Example: DEBUG)
  • events: DRATA_TIME_LIMIT_HOURS is recommended to be 4 hours. This endpoint should be time filtered because the volume is high on the Drata events API endpoint. Time filtering also helps to reduce duplicate ingestion.

  • all other endpoints: DRATA_TIME_LIMIT_HOURS is ignored to ensure all available data is collected.

  • cron schedules, all endpoints: We recommend a cron schedule of every 4 hours to keep resource sets fresh.

Note

Some Observe instances may optionally use a name instead of Customer ID; if this is the case for your instance, contact your Observe Data Engineer to discuss implementation. A stem name will work as is, but a DNS redirect name may require client configuration.

Data Review

  1. The Drata/Drata Data Ingest Status Dashboard confirms your data collection. This provides simple confirmation that data is being successfully ingested into Observe.

You have now configured the Drata app and ready to use this data in Observe.