CyCognito

CyCognito

Overview

The CyCognito integration connects the Praetorian Guard Platform (PGP) with the CyCognito external attack surface management platform, importing discovered external assets and security issues directly into your PGP attack surface inventory. CyCognito autonomously maps your organization's internet-exposed assets using attacker-perspective reconnaissance — PGP imports these discoveries so they can be correlated with your broader security posture and continuously tested.

This integration is ideal for organizations that use CyCognito to discover and monitor their external attack surface. Rather than managing CyCognito findings in isolation, PGP consolidates the discovered assets and issues alongside data from your other security tools, giving you a unified view of your exposure. Assets discovered by CyCognito — including domains, IPs, web applications, certificates, and cloud resources — feed directly into PGP's continuous threat exposure management pipeline.

What the Integration Does

When connected, PGP performs a read-only import from the CyCognito API:

  • External Assets: Domains, IP addresses, web applications, certificates, and cloud resources discovered by CyCognito are imported as PGP assets. Each asset includes metadata such as hosting provider, technology stack, geographic location, and business unit attribution.

  • Security Issues as Risks: Security issues identified by CyCognito — such as exposed services, misconfigurations, vulnerable software, and certificate problems — are imported as risks associated with the corresponding PGP assets.

  • Asset Metadata and Context: CyCognito's asset context, including discoverability score, attractiveness rating, and organization attribution, is captured as metadata to enrich PGP's risk prioritization.

  • Domains and Subdomains as Seeds: Discovered domains and subdomains are imported as PGP seeds, feeding the broader discovery pipeline.

Data flows one direction only — from CyCognito into PGP. The integration never writes back to CyCognito or modifies any data in the CyCognito platform.

Prerequisites

Before setting up the integration, ensure you have:

  • An active CyCognito subscription and a user account with permission to generate API keys

  • Your CyCognito API base URL (depends on which region your tenant is hosted in)

  • A CyCognito API key with read access to realm, assets, and issues

Finding Your CyCognito API Base URL

Your CyCognito API base URL depends on which region your tenant is hosted in. Most tenants use:

  • General: https://api.platform.cycognito.com

  • US region: https://api.us-platform.cycognito.com

If you're unsure which applies to your account, check your CyCognito console under Settings > API, review your account onboarding documentation, or contact your CyCognito administrator.

Generating an API Key

  • Log in to the CyCognito console

  • Navigate to Settings > API Keys (or follow the official guide at https://docs.cycognito.com/docs/api-key)

  • Click Generate (or Add API Key)

  • Give the key a descriptive name (e.g., "Praetorian Guard Integration")

  • Copy the generated API key -- it is only shown once at creation time

Setup

  • In PGP, go to Integrations and click Add Integration

  • Select CyCognito (under Cyber Asset Attack Surface Management)

  • Enter the required credentials and choose your import preferences

  • Click Connect -- PGP will validate your credentials by attempting to fetch asset data before saving

Field Reference

Field

Description

Required

CyCognito API Base URL

The base URL for your region (e.g., https://api.platform.cycognito.com or https://api.us-platform.cycognito.com)

Yes

API Key

The CyCognito API key

Yes

Import Vulnerabilities

Import issues detected by CyCognito, including severity and issue type classifications (on by default)

No

Import Assets

Import discovered assets (IPs, domains, certificates, web apps, IP ranges) (off by default)

No

If validation fails, verify that your API key is active and has the correct read permissions.

Permissions

The CyCognito API key inherits the permissions of the account that created it. For this integration, the key needs read access to:

  • Realm -- used for credential validation

  • Assets -- used for importing assets

  • Issues -- used for importing vulnerabilities

A read-only role is sufficient; no write or admin permissions are required.

What Data Is Synced

External Assets

CyCognito-discovered assets are imported with:

  • Asset name: Derived from the asset identifier (domain, IP, application URL)

  • Asset type: Mapped from CyCognito's asset classification (domain, IP address, web application, certificate, cloud resource)

  • Metadata: Hosting provider, technology stack, geographic location, business unit, discoverability score, attractiveness rating, and last observed timestamp

Security Issues

Issues identified by CyCognito are imported as risks:

CyCognito Data

PGP Mapping

Issue title

Risk name

Severity (critical, high, medium, low)

Risk severity

Issue type (exposed service, misconfiguration, vulnerability)

Risk category

Affected asset

Linked PGP asset

Remediation guidance

Risk description

First detected / last detected

Risk timestamps

Discovered Domains and Seeds

Domains and subdomains found through CyCognito reconnaissance are imported as seeds:

  • Domain name: The discovered domain or subdomain

  • Source: Tagged as discovered via CyCognito

  • Attribution: Business unit or subsidiary association from CyCognito

API Endpoints Used

Endpoint

Method

Purpose

/api/v1/assets

GET

Fetch discovered external assets

/api/v1/assets/{id}

GET

Fetch detailed asset metadata

/api/v1/issues

GET

Fetch security issues across all assets

/api/v1/issues/{id}

GET

Fetch detailed issue information

/api/v1/assets/{id}/issues

GET

Fetch issues associated with a specific asset

Base URL: Your CyCognito API base URL (e.g., https://api.platform.cycognito.com or https://api.us-platform.cycognito.com)

All requests are authenticated using the API token passed as a Bearer token in the Authorization header over HTTPS.

Troubleshooting

Issue

Cause

Fix

Validation fails on connect

API token is incorrect or expired

Regenerate the token in CyCognito under Settings > API Management

No assets appearing

API token lacks read permissions for asset data

Verify the token scope includes asset and issue read access

Missing security issues

Issues filter excludes certain severity levels

Check CyCognito API filter settings and ensure all severity levels are included

Stale data

CyCognito has not completed a recent discovery cycle

CyCognito runs discovery on its own schedule — data reflects the most recent cycle

Connection timeout

Network or firewall blocking outbound requests

Verify that PGP can reach your CyCognito API base URL over HTTPS (port 443)

Duplicate assets

Same asset discovered by multiple sources

PGP deduplicates assets by identifier — duplicates are merged automatically

Security and Data Handling

  • Read-only access: The integration only reads data from CyCognito. It never creates, modifies, or deletes assets, issues, or configurations in the CyCognito platform.

  • Credential handling: Your API token is stored as an encrypted credential within PGP and is never exposed in logs or the UI after initial entry.

  • Authentication: The API token is transmitted as a Bearer token in the Authorization header over HTTPS for every API call.

  • Data filtering: Imported assets and risks pass through PGP standard filtering rules, allowing you to control which CyCognito discoveries are included in your attack surface.