Data sources↑

To leverage your existing security and tools, AQtive Guard (AQG) supports data analysis from third-party integrations and standardized file formats. This capability complements AQG native sensors, which perform in-depth cryptographic analysis of filesystems, applications, and networks.

The Data sources interface is organized into four areas to manage the lifecycle of your cryptographic data:

• Integrations
• Upload
• Download
• Activities

Each area is outlined in the sections below.

Integrations↑

Browse and configure connections to external services and native scanners. You can:

• Filter by category: Toggle between Cryptography (standard assets) and AI (AI-specific discovery and analysis).
• Search: Use the global search bar to quickly locate specific integrations.
• Browse the integration library: Includes services like GitHub, GitLab, AWS, Palo Alto Networks, ServiceNow, and SentinelOne.

Our full list of integrations includes:

• AQG File Inspector: Upload a file containing keys, certificates, or other cryptographic assets for in-depth analysis in AQtive Guard.
• AQG Filesystem Scanner - Scans filesystems and container images to create a trace file containing cryptographic data.
• AQG Code Tracer - Logs cryptographic calls made by a Java Virtual Machine (JVM) and its associated Java application, generating a trace file with cryptographic data.
• AQG Network Traffic Scanner - Analyzes cryptographic activity within network traffic and powers AQtive Guard analysis for all sensors and data sources.
• Amazon Web Services (AWS): Ingest data from AWS for a comprehensive view of cryptographic assets and their usage within your AWS environment.
• CBOM: Upload and analyze your Cryptography Bill of Materials.
• CrowdStrike: Import scans from CrowdStrike Falcon and generate a cryptographic analysis of available data.
• GitHub: Scan your GitHub repositories and ingest AI asset data to discover and secure hidden AI assets and usage across your organization.
• GitLab: Automate security analysis and get real-time feedback on every merge request by integrating with your GitLab CI/CD pipelines.
• Palo Alto Networks: Ingest and analyze TLS handshake data from Next-Generation Firewall log files.
• Qualys: Import Qualys certificate and server scan data and analyze potential cryptographic vulnerabilities.
• SentinelOne: Ingest SentinelOne data for installed applications and IT inventory details.
• ServiceNow: Ingest certificate data from ServiceNow for centralized certificate management and enhanced security posture.

For detailed information on each data source, refer to the corresponding section in the user guide.

Upload↑

You can upload files through the UI for cryptographic risk assessment.

• Supported formats: Directly upload CBOM, .cst, .gz, .pcap, or .pcapng files.
• General assets: Upload any files containing keys, certificates, or other cryptographic assets for analysis.

To upload a file, either:

• Click in the target area and select the file from your local system.
• Drag and drop the file into the target upload area.

Upload a trace using the API↑

To ensure enhanced security, AQtive Guard uses a short-lived access token for API uploads instead of a single, permanent token. This workflow involves a three-step process:

1. Retrieve your Client ID and Client Secret.
2. Obtain a temporary access token using your Client ID and Secret.
3. Use your temporary access token to upload your trace file.

You’ll also need cURL or another configurable HTTP client.

Retrieve your Client ID and Secret↑

To retrieve your Client ID and Secret, you’ll need to create a service identity to authenticate with the API. This process creates a persisted service identity.

To generate this service identity, refer to Settings to create an API token, which will provide you with your Client ID and Secret.

Obtain a temporary access token↑

Once you have your Client ID and Client Secret, use the cURL command below to obtain the temporary access token:

curl -X POST https://<cluster fqdn>/authv2/realms/aqtiveguard/protocol/openid-connect/token \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=client_credentials" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET"

• https://<cluster fqdn> - the hostname of your AQtive Guard cluster.
• <YOUR_CLIENT_ID> - the Client ID you generated earlier.
• <YOUR_CLIENT_SECRET> - the Client Secret you generated earlier.

Use the token to upload a trace file↑

Once you have a valid token, construct a shell command using the following as an example:

export YOUR_ACCESS_TOKEN=<access_token_from_json_response>
curl \
    -XPOST \
    -H "Authorization: Bearer $YOUR_ACCESS_TOKEN" \
    -H 'Content-Type: application/jsonl' \
    -H "Content-Encoding: gzip" \
    --data-binary "@<path/to/example.cst.gz>" \
    "https://<aqg host>/agent/trace/v0?slotid=slot$(hostname)&sessionid=$(uuidgen)&assetid=$(hostname)"

Replace the following placeholders:

• <uploader_token> - your retrieved uploader API token.
• <path/to/example.cst.gz> - the path to your trace file.
• <aqg_host> - the hostname of your AQtive Guard instance.

The following values are all generated automatically based on the hostname and other system information:

• slotid - Combines slot prefix with hostname: slot$(hostname). Acts as a container identifier for grouping related sessions. Example: slotserver-myserver-01
• sessionid - A UUID (Universally Unique Identifier). Must be unique per session to avoid data collisions. Example: 550e8400-e29b-41d4-a716-446655440000
• assetid - Typically, the hostname of the machine. Uniquely identifies the device/system generating events. Example: myserver-01.

Download↑

Access and deploy an AQG proprietary sensor:

• AQG Code Tracer: Analyze real cryptographic key usage and operations in Java applications.
• AQG Filesystem Scanner: Available for both Linux and Windows to discover unmanaged keys and certificates at rest.
• AQG Network Traffic Scanner: Analyze live or recorded TLS traffic.
• AQG Protect Client: Deploy the AQG Protect client for deep analysis of cryptographic key usage, algorithms, and operations in your Java applications. Refer to AQtive Guard Protect for more information.

To download a sensor, select the Download icon in the tile of your desired sensor.

Activities↑

Monitor the progress and health of your data pipeline and filesystem scans. The top of the screen displays how many scans are currently running in the Active now tile, along with the Total activities and errors that occurred within the last 24 hours.

The Activities table provides granular visibility into the status of your data sources:

• Name: The identifier for the activity, such as a filename.
• Data import: Indicates the status of the initial data ingestion.
• Data analysis: Shows the status of the deep-dive cryptographic analysis.
• Data source: The origin of the data.
• Last updated: The specific timestamp of the most recent status change.
• Details: View in-depth logs or findings for that specific entry.

Available filters↑

Refine your view using the dropdown menus at the top of the table:

• Last updated: Filter by the timeframe of the activity.
• Data import: Filter by ingestion status.
• Data analysis: Filter by the current state of the cryptographic analysis.

Data source labels↑

AQtive Guard uses abbreviated labels for data sources in the Inventory view. The table below shows each data source and its corresponding label.