FAQ - Integrations 2.0

Workato’s environment

  • Where can I learn more about Workato’s core concepts?
    Since Workato is a third-party tool to Detectify, its terminology and concepts may be unique to its environment. To learn more about the core concepts and terminology that are good to know when using Workato, we recommend visiting Workato’s documentation site.

  • How do I create new connections on Workato?
    There are two ways to connect apps in Workato: through the recipe editor (recommended) and through the connection wizardTo add a connection through the recipe editor, follow these steps:
    • Go to the recipe editor and click an app from the side menu.
    • Click the trigger or action you want to use.
    • Follow the prompts and setup guide for the app to successfully add a connection.

  • Why is my app connection invalid? 
    App connections can become invalid for various reasons. The most common reasons include modified credentials or insufficient permissions. If you encounter an invalid connection error, we recommend verifying the authorizing user's permissions, verifying that the connection's credentials are correct, and re-authorizing the connection.

  • I have started my recipe but I am not receiving any alerts?
    If you have started your recipe but are not receiving any alerts, it may be due to a missed configuration with the API. To integrate your preferred third-party applications with Detectify, you must create a new Detectify API key or use an existing one to establish a connection. Integrations will need the corresponding API key permissions depending on the action you want to take. For example, if you want to be notified when a new vulnerability is found or updated, your API key will need the permissions to list the vulnerabilities for your team.

    We recommend that your API key have at least the following permissions:
    • Allow reading vulnerabilities
    • Allow listing domains
    • Allow listing scan profiles
    • Allow reading scan status

  • I can only see findings from Application Scanning results but not from Surface Monitoring or vice versa. Why is that?
    If you're experiencing a situation where you can only see findings from Application Scanning results but not from Surface Monitoring, it could be due to the filter settings you have applied to the recipe trigger. If you have set up filters in the trigger that specify a scan profile, it will only retrieve results from Application Scanning for that particular scan profile, excluding Surface Monitoring findings.

    To resolve this issue and ensure you receive findings from both Surface Monitoring and Application Scanning, we recommend leaving the trigger filter fields blank. By doing so, you will receive notifications for all findings without any specific filter restrictions.

  • How can I modify the recipes to display the information that I want on the apps I use?
    Modifying recipes in Workato is a simple process that allows you to tailor them to meet your specific needs. You can modify triggers by selecting the specific data that triggers the recipe, changing the event that triggers the recipe, or adding filters to refine the trigger. Additionally, you can modify actions by adding, removing, or editing them, as well as adjusting their parameters to customize the recipe's behavior. You can also add branching logic to create conditional logic that determines which actions to take based on specific conditions. Datapill variables can be used to store and output data within a recipe, and custom variables can be created to hold specific data. Finally, you can modify recipe settings to adjust how a recipe runs, such as changing the schedule, turning notifications on or off, or setting up error handling.

    To learn more about recipe modification, please refer to Workato’s documentation site or contact our support team at support@detectify.com.

  • Why am I not receiving alerts for past events?
    If you're not receiving alerts for past events, it may be because the recipe is not set up to fetch events that have already occurred. 

    By default, all recipes will only collect new trigger events that occur after you click "Start recipe." However, during recipe creation, you can adjust the input on the Since/From trigger to fetch past trigger events from a specific date and time. 

    Once you've made the adjustment, click "Start recipe" to save the changes and start receiving alerts for past and new events. 

    Please note that you cannot adjust the input on the Since/From trigger once the recipe has started. The only way to change the date of an already started recipe is to copy the recipe and change the date in the newly copied recipe according to your needs.

  • How does Workato access my connections?
    Workato typically uses the app's authorization/authentication API to establish the connection, using one of the following methods: OAuth 2.0, OAuth 1.0 (and variations), Basic authentication (username and password), or API key or secret. 

    As part of this step, you provide Workato with the permission to access data from the app. The permissions granted to Workato usually correspond with those of the user authorizing the app.

    To learn more about how to connect to Workato, please refer to the connector documentation for the app you want to use.

  • What data can Workato access in my connections?
    Workato can only access the data that the user authorizing the connection allows Workato to access. 

    For example, if you create a recipe in Workato that fetches medium and high-level severity vulnerabilities from Detectify and sends them as notifications to Slack, Workato will have access to only those specific vulnerabilities that are authorized for the recipe. It won't have access to any other data beyond what is explicitly permitted by the user's permissions.

  • Where can I learn more about Workato’s approach to security?
    To learn more about Workato's approach to security, you can visit their public Security Overview Page for an overview of their security practices.