We are thrilled to announce the launch of the Cobalt API. As of today, customers can easily integrate data on their assets, pentests, and findings into the rest of their technology stack.
This addition is a critical step in our mission to modernize pentesting. We enable teams to manage their data more easily and build a holistic view of their vulnerability and application landscape. Going even further, we enable customers to more easily manage other parts of their security programs by integrating their pentest data into their existing security and development tools. Learn more about this feature’s impact on Cobalt's Pentest as a Service (PtaaS) model in our latest press release.
“By integrating key pentest findings directly into security and development tools, customers can automate the process of collecting evidence of their pentest to their auditors, while also ensuring that all findings are remediated. Cobalt's PtaaS model is helping the industry move in the direction of more frequent pentests, which provides greater assurance than traditional annual, manual pentests.”- Patrick Murray, Chief Product Officer at Tugboat Logic
Customers can use the Cobalt API to achieve three things: integrate, automate, and analyze.
Integrate
- Consume and interact with their pentest data in the tool of their choice.
- Streamline the communication between security and development.
- Get unlimited access to their pentests and associated data.
Automate
- Feed their internal security dashboard with custom pentest data.
- Automatically push pentest findings to their internal system(s).
- Accelerate their remediation cycle by automating the pentesting process.
Analyze
- Use data to calculate internal performance metrics and track historical progress.
- Get comprehensive information about their assets, associated findings, and events.
- Define filters to include criteria, and make the query more specific.
To get started, customers can access their API Token from their profile dropdown.
We also recommend checking out our API documentation on authorization, data categories, and troubleshooting.
FAQ
What kind of activities does the Cobalt API support?
With the current version of our API, customers can:
- Get a list of all organizations their user profile belongs to.
- Create/revoke a single personal API Token from their profile dropdown.
- Use their personal API Token in querying for assets, findings, and pentests that belong to a selected organization.
- Get a list of assets that belong to the selected organization.
- Get a list of all pentest findings that belong to the selected organization, filter them by pentest ID or asset ID.
- Get a list of all pentests that belong to the selected organization.
- Get a list of events happening across the organization.
- Get a list of tokens that belong to them, or request a new one.
Do I have to pay extra to use the Cobalt API?
The features we’ve described in this post are available for free for Cobalt customers.
Will you be adding more capabilities to your API?
Short answer: yes.
This initial release is a read-only API, meaning customers can pull data out of our platform, but not push any data into it. Our engineers have already begun developing functions that address this, along with event triggers and webhooks that enable the platform to listen to changes in other authorized tools. Make sure to check out our Integrations page for more info!