Stellar Cyber API Integration Guide

Last updated: December 17, 2025

The Stellar Cyber integration allows Cyrisma vulnerability data to be ingested into the Stellar Cyber platform for centralized detection, investigation, and correlation. This integration is implemented using the Cyrisma connector within Stellar Cyber and leverages Cyrisma’s reporting APIs to securely collect vulnerability data across managed customer environments.

This article explains what the integration does, what data is shared, and how the integration behaves, without duplicating Stellar Cyber’s connector configuration documentation.

Overview

The Stellar Cyber integration enables one-way data collection from Cyrisma into Stellar Cyber.

Key characteristics:

  • Data flows from Cyrisma to Stellar Cyber

  • The integration is read-only

  • No response or remediation actions are triggered from Stellar Cyber

  • Data is ingested into the Stellar Cyber data lake for analysis and correlation

This integration is designed for MSSPs and SOC teams that want Cyrisma vulnerability findings available alongside other security telemetry.

Integration Capabilities

Capability

Supported

Collect vulnerability data

Yes

Collect host/asset context

Yes

Respond or remediate

No

Native alert mapping

Not applicable

Bi-directional sync

No

The connector runs on a Stellar Cyber Data Processor (DP) and executes on a configurable interval.

Data Collected from Cyrisma

The integration retrieves vulnerability and host context data from Cyrisma.

Collected Data Types

  • Vulnerabilities

    • Associated with hosts

    • Derived from Cyrisma vulnerability scans

  • Host / Asset Context

    • Automatically extracted as part of vulnerability ingestion

This data is indexed within Stellar Cyber and can be queried using standard threat hunting and investigation workflows.

Authentication Model

The Stellar Cyber connector authenticates to Cyrisma using API credentials issued by Cyrisma Support.

Authentication characteristics:

  • Uses an API Name and API Key

  • Credentials are scoped for MSSP use

  • Authentication is read-only

  • No customer credentials are shared with Stellar Cyber

The API credentials allow Stellar Cyber to retrieve vulnerability reporting data only.

Multi-Tenant (MSSP) Data Model

Cyrisma is a multi-tenant SaaS platform. Each managed customer environment is treated as a tenant.

For proper data alignment:

  • Each Cyrisma organization should map to a corresponding Stellar Cyber tenant

  • The Stellar Cyber tenant ID is stored in Cyrisma at the organization level

  • Vulnerability data is tagged with the appropriate tenant context during ingestion

This ensures data is correctly attributed and searchable per customer environment.

High-Level Integration Flow

At a conceptual level, the integration follows this sequence:

  1. Cyrisma issues API credentials to the MSSP

  2. The Stellar Cyber connector authenticates using those credentials

  3. Tenant identifiers are used to associate Cyrisma organizations with Stellar Cyber tenants

  4. Vulnerability data is retrieved from Cyrisma reporting endpoints

  5. Data is ingested into Stellar Cyber indexes for investigation and correlation

No inbound connectivity to Cyrisma is required.

Data Querying and Validation

Once ingestion is active, Cyrisma data can be identified within Stellar Cyber by:

  • Content indexed under vulnerability and asset indexes

  • Metadata identifying Cyrisma as the data source

  • Message classification fields associated with Cyrisma vulnerability records

This enables SOC analysts to correlate Cyrisma findings with other telemetry such as endpoint, network, and identity data.

Limitations and Considerations

  • The integration is collect-only; response actions are not supported

  • Only vulnerability and related host data are ingested

  • Scan scheduling and configuration remain managed entirely in Cyrisma

  • Data freshness depends on the configured connector interval

  • The integration does not create or modify Cyrisma findings

Security and Best Practices

  • Restrict API credentials to Stellar Cyber use only

  • Store API keys securely

  • Validate tenant ID mappings before enabling ingestion

  • Periodically verify ingestion and data freshness

  • Monitor connector execution status within Stellar Cyber

Configuration and Full Connector Documentation

This Knowledge Base article intentionally avoids duplicating Stellar Cyber UI steps and connector configuration details.

For step-by-step configuration, connector fields, intervals, and validation procedures, refer to the official Stellar Cyber Cyrisma Connector documentation: