Universal REST API

Universal REST API

Available

Universal Connector

If a tool exposes a REST API and has data about your assets - vulnerability findings, CMDB records, patch state, control coverage - the Universal REST API adapter can pull it into Koopic's prioritization engine. Configure the URL, authentication method, pagination strategy, and JSONPath field mapping. No custom code required. Used today to connect Qualys, Tenable, Rapid7, Jamf, ServiceNow, SolarWinds, and custom CMDBs while native connectors are in development.

Signal in your risk score

Data from Universal REST API flows into Koopic's unified asset inventory and shapes how vulnerabilities are scored. Koopic combines asset context - exposure, control presence, criticality - with CVSS severity, EPSS exploit probability, and CISA KEV membership to produce a single, explainable risk score per vulnerability per asset. A CVSS 9.8 on a segmented host with a compensating control scores lower than a CVSS 7.4 on an internet-exposed, unmanaged endpoint with no control in place.

What Universal REST API contributes to risk scoring

6 auth methods: None, Basic, Bearer Token, API Key, OAuth2 Client Credentials, OAuth2 Password Grant
5 pagination strategies: None, Offset, Page Number, Cursor, Link Header (RFC 5988)
JSONPath data extraction for nested API responses
Custom HTTP headers and query parameters
SSRF protection - validates all URLs against private/metadata IPs
Response normalization to Koopic standard asset schema

How to connect

1

Identify the API endpoint

Find the REST API endpoint that returns device/asset data from your tool. Note the URL, auth method, and response format.

2

Configure in the Agent

Add a Universal REST API collector. Enter the URL, select the auth method, and provide credentials.

3

Set pagination and mapping

Choose the pagination strategy and configure JSONPath expressions to map response fields to Koopic schema fields.

4

Test and schedule

Run a test collection to verify the mapping. Then set a schedule for automatic data collection.

How teams use this data

Connect Any Tool

Integrate with ServiceNow, Qualys, Rapid7, Tenable, Jamf, or any custom REST API without waiting for a dedicated connector.

Legacy System Bridge

Pull data from legacy CMDBs and inventory systems that expose REST endpoints.

Custom Data Sources

Connect internal APIs, homegrown tools, and custom databases that export asset data via HTTP.

Related integrations

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint

EDR sensor health and endpoint control presence - a key compensating-control signal for risk scoring.
Microsoft Intune

Microsoft Intune

MDM enrollment and compliance status - distinguishes managed endpoints from unmanaged exposure.
Azure Virtual Machines

Azure Virtual Machines

Cloud VM exposure context - internet-facing cloud assets carry higher inherent risk weight.

See it on your data

Work with us directly to run Koopic's prioritization engine on your actual vulnerability and asset data.

Become a design partner How the scoring works