RunZero

RunZero

Overview

The RunZero integration connects the Praetorian Guard Platform (PGP) with RunZero (formerly Rumble), importing discovered network assets, open services, and device fingerprints into your unified attack surface view. RunZero is a cyber asset attack surface management (CAASM) platform that uses agentless scanning and passive discovery to build a comprehensive inventory of every device on your network, including IT, OT, IoT, and cloud assets.

By connecting RunZero to PGP, you gain visibility into the full breadth of assets that RunZero discovers across your network segments. PGP correlates this internal asset inventory with your external attack surface data, enabling you to identify unmanaged devices, shadow IT, and assets that may be reachable from the internet but were previously unknown to your security team.

This integration operates in a read-only capacity. PGP queries the RunZero Export API to retrieve asset and service data but never modifies scan configurations, tasks, or asset states in your RunZero environment.

What the Integration Does

When enabled, PGP connects to the RunZero API and performs the following:

  • Asset discovery -- Retrieves all discovered assets from your RunZero inventory, including IP addresses, hostnames, MAC addresses, and device types.

  • Service enumeration -- Imports open services and listening ports detected on each asset, including protocol and service name information.

  • Device fingerprinting -- Imports RunZero's device fingerprint data, including OS identification, hardware type, manufacturer, and device classification (IT, OT, IoT).

  • Vulnerability import -- Imports CVEs, CVSS v2/v3 scores, severity ratings, risk scores, affected services/ports, and remediation guidance from RunZero's exposure detection.

  • Asset metadata -- Captures additional context such as first-seen/last-seen timestamps, network site membership, and asset criticality tags.

All data flows one direction: from RunZero into PGP. PGP never modifies scan configurations, tasks, or asset states in your RunZero environment.

Prerequisites

Before setting up the integration, ensure you have:

  • An active RunZero account at console.runzero.com

  • An Organization API Key (OT prefix) or Account API Key (CT prefix) with read permissions. Export Tokens (ET prefix) do not have sufficient access and will fail validation.

  • At least one completed scan with discovered assets in your RunZero inventory

Creating an API Key

  • Log in to your RunZero Console at https://console.runzero.com

  • Navigate to Account > Organization API Keys

  • Click Create API Key

  • Name the key (e.g., Chariot Integration) and set the Role to Read Only

  • Copy the generated API key immediately -- it is only shown once

Key Types

  • Organization Key (OT prefix): Scoped to a single organization. Use this if you want to connect one specific org.

  • Account Key (CT prefix): Spans all organizations in your account. Use this if you want PGP to access assets across all your RunZero organizations.

Finding Your Organization ID (Optional)

If you are using an Organization Key and want to scope the connection to a specific org:

  • In the RunZero Console, navigate to Account > Organizations

  • Copy the Organization ID (a UUID like a1b2c3d4-e5f6-7890-abcd-ef1234567890)

If you are using an Account Key to access all organizations, you can leave the Organization ID field empty.

Setup

  • In PGP, go to Integrations and click Add Integration

  • Select RunZero (under Cyber Asset Attack Surface Management)

  • Enter the required credentials

  • Click Submit -- PGP will validate your API key before saving

Validation checks three things:

  • Authentication -- the API key is valid and has the correct tier (Organization or Account level)

  • Asset export access -- the key can read from the asset export endpoint

  • Vulnerability export access -- the key can read from the vulnerability export endpoint

If any permission is missing, the validation error names the specific endpoint(s) the key cannot access (e.g., cannot read: assets, vulnerabilities).

To connect multiple RunZero organizations, repeat these steps with a different Organization ID and key for each.

Field Reference

Field

Description

Required

Organization ID

The RunZero Organization ID to scope to. Leave empty if using an Account Key.

No

API Key

Your RunZero Organization or Account API key

Yes

What Data Is Synced

Assets

Each discovered device in RunZero is imported into PGP as an asset.

RunZero Field

PGP Field

Description

addresses

Asset IP

IP addresses associated with the device

hostnames

Asset name

Hostnames or DNS names resolved for the device

hw

Asset metadata

Hardware manufacturer and model

os

Asset metadata

Operating system identification

type

Asset metadata

Device classification (e.g., Server, Switch, Printer, IoT)

first_seen / last_seen

Asset metadata

Discovery and last-observed timestamps

Attributes (Services)

Open services detected on each asset are imported as PGP attributes.

RunZero Field

PGP Field

Description

service.port

Attribute value

The listening port number

service.protocol

Attribute type

The transport protocol (e.g., tcp, udp)

service.name

Attribute metadata

The identified service name (e.g., http, ssh, rdp)

Device Fingerprints

RunZero's fingerprinting data is imported to enrich asset context.

RunZero Field

PGP Field

Description

os_vendor

Asset metadata

Operating system vendor

os_version

Asset metadata

Operating system version

hw_vendor

Asset metadata

Hardware manufacturer

hw_product

Asset metadata

Hardware product model

device_type

Asset metadata

Classification: IT, OT, IoT, or unknown

API Endpoints Used

PGP uses the RunZero REST API v1.0. All requests use token-based authentication and are read-only (GET).

Purpose

Endpoint

Method

Notes

Export assets

GET /api/v1.0/export/org/assets.json

GET

Retrieves all assets in the organization with full metadata

Export services

GET /api/v1.0/export/org/services.json

GET

Retrieves all discovered services across all assets

List sites

GET /api/v1.0/org/sites

GET

Retrieves site/network segment information

Validate credentials

GET /api/v1.0/org/key

GET

Validates the API key and returns organization metadata

All API requests include the Authorization: Bearer {api_key} header for authentication.

Permissions

RunZero uses a tiered key system rather than granular scopes:

Key Type

Prefix

Access Level

Export Token

ET

Read-only export endpoints only (insufficient -- cannot access org-level validation)

Organization Key

OT

Full read access to a single organization

Account Key

CT

Full read access across all organizations

The minimum required key type is an Organization Key (OT) with the Read Only role. Export Tokens (ET) do not have sufficient access for the org-level authentication check and will fail validation.

Troubleshooting

Issue

Cause

Fix

"Authentication Failed" (401)

Invalid or revoked API key

Generate a new API key in the RunZero console and update PGP

"Insufficient Permissions" (403)

API key lacks export read access

Ensure the API key has at least Read Only role at the organization level

"cannot read: assets" or "cannot read: vulnerabilities"

Key type does not have export permissions for that data type

Use an Organization Key (OT) or Account Key (CT) instead of an Export Token (ET)

"Connection Failed"

PGP cannot reach console.runzero.com

Check that RunZero cloud services are operational

No assets appearing

No completed scans in RunZero

Run at least one scan in RunZero so that assets are available for export

Missing hostnames

Devices discovered by IP only without DNS resolution

RunZero may not have resolved hostnames for all devices; assets will still import by IP address

Stale asset data

RunZero scans have not run recently

Verify that RunZero scan tasks are active and running on a regular schedule

Large sync times

Organization has a very large asset inventory

PGP handles large inventories with pagination; if sync times are excessive, contact your Praetorian team

Security and Data Handling

  • Read-only access -- PGP only performs GET requests against the RunZero API. It never creates, modifies, or deletes any data in your RunZero environment, including scan tasks, sites, or asset annotations.

  • Credential storage -- Your RunZero API key is encrypted at rest and never exposed in logs or API responses.

  • Token-based authentication -- The API key is sent via the Authorization: Bearer header over HTTPS for all requests.

  • Data residency -- Imported asset and service data is stored within your PGP tenant and subject to your organization's data retention policies.