Skip to main content

Custom Device Connections

Updated this week

If your organization uses a tool or system that Drata doesn’t currently integrate with, you can still automate evidence collection. With Custom Device Connections, you can send structured JSON data pulled from an MDM or IT Inventory system, whether cloud-based, on-premises, or proprietary, directly into Drata.

Custom Device Connections is a subset of functionality from CCT (Custom Connections and Tests) streamlined to mimic Drata’s internal MDM test logic.

  • The data provided in the schema allows you to pre-map evidence for the ‘Device’ category of tests.

Note: If you're not familiar with Custom Connections and Tests, refer to Custom Connections and Tests for details.

Complete workflow overview

Here’s how to connect an external system to Drata and to provide device data:

  1. Create a Custom Device Connection

    • Connect your external system.

  2. Submit Evidence

    • Submit your first dataset to confirm your connection and schema are working correctly.

  3. Automate Data Syncs

    • Set up a recurring data submission process using a tool like Make.com, Tines, or a scheduled script (such as a cron job). This ensures evidence is collected continuously without manual effort.

  4. Review Results and Link to Controls

    • View pass/fail results and manage exceptions.

Prerequisites

  • Availability: Custom Device Connections are available on the Advanced and Enterprise plans.

Limitations

  • The third-party platform configuration as well as the automation of the workflow and its cadence is set by the customer. This is NOT a standard integration.

  • The use of custom device connections requires developers to access the API and manually build into the workflow. The time required varies based on the complexity of each organization's configuration.

  • The cadence and how data is pulled and pushed into Drata is determined and manually initiated by the customers.

Set Up a Custom Device Connection

  1. In the left navigation panel, select Connections.

  2. Select the MDM category of connections, and be sure you are on the Available connections tab.

  3. Click Connect on the Custom Device Connection tile.

  4. Under Setup your custom connection, enter a name for your device connection.

  5. Under Setup your Public API Key, select the following options:

    • API key: Choose to create an API key or utilize an existing API key.

      • Create an API key (Recommended approach): The required scopes are already applied.

      • Use existing API key: Ensure your API key has the required scopes:

        • Read Data

        • Add Data

        • Update Data

        • Delete Data

Device Schema Data

Unlike Custom Connections, the Custom Device Connetion already has a schema that the Drata API expects for submitted Device data. This can be reviewed in more detail on our developer page.

For your convenience, here is an example of sample data with the schema you will need to conform to:

{
        personnelId: 1,
        alias: 'danielm-01',
        antivirusEnabled: true,
        antivirusExplanation: {
          antivirusApps: [
            'Crowdstrike windows sensor'
          ]
        },
        appList: [
          {
            name: 'Microsoft Defender Antivirus',
            version: '1.421.12.0',
            description: 'Microsoft Defender Antivirus'
          }
        ],
        autoUpdateEnabled: true,
        autoUpdateExplanation: 'Disabled',
        browserExtensions: [
          {
            name: 'Microsoft Defender Antivirus',
            version: '1.421.12.0',
            description: 'Microsoft Defender Antivirus'
          }
        ],
        externalId: 'aaaaaaaa-bbbb-0000-cccc-dddddddddddd',
        firewallEnabled: true,
        firewallExplanation: 'On',
        passwordManagerEnabled: true,
        encryptionEnabled: true,
        encryptionExplanation: {
          bootPartitionEncryptionDetails: {
            partitionFileVault2Percent: 100,
            partitionFileVault2State: 'ENCRYPTED',
            partitionName: 'Macintosh HD (Boot Partition)'
          }
        },
        model: 'Mac16,1',
        serialNumber: 'BKH8RXT4T9',
        macAddress: '01-23-45-67-89-AB',
        passwordManagerExplanation: {
          passwordManagerApps: ['1password']
        },
        platformName: 'MACOS',
        platformVersion: 'string',
        screenLockEnabled: true,
        screenLockExplanation: 'ScreenLock delay is immediate',
        screenLockTime: 15,
        windowsServices: [
          {
            description: 'Security feature that monitors and controls network traffic entering and exiting the device',
            name: 'Windows Firewall',
            startType: 'Automatic',
            status: 'Running'
          }
        ]
      }

Drata monitoring tests will pass or fail based on the values of the fields “screenLockEnabled”, “autoUpdateEnabled”, “passwordMangerEnabled”, “encryptionEnabled”, and “antivirusEnabled”. The "Explanation" fields will provide more description information for your auditor to review that justified the pass or fail status of the tests.

Every other field is passed back to help identify the device in the Drata Asset register.

Note: Drata currently requires every device to be linked to a personnel who will be designated as the Owner of each device. To properly link the device to the right user, you will need to query the owner with the API endpoints for ‘Find Personnel’.

Did this answer your question?