Drata Integration

💡

Drata is a security and compliance automation platform that continuously monitors your company's security controls, helping you achieve and maintain compliance with standards like SOC 2, ISO 27001 and HIPAA.

Plerion simplifies evidence collection for your compliance frameworks by automatically sending daily evidence to Drata.

You can connect your Drata account to Plerion, choose the relevant cloud accounts and compliance frameworks, and Plerion will start sending evidence for your compliance framework requirements every day.

⚠️

Note: This is a one-way outbound integration. Findings created or updated in Plerion will appear in Drata, but changes made in Drata will not sync back to Plerion.

What does Plerion send to Drata?

Control

Plerion creates a new control for each compliance framework you choose. This control is mapped to the relevant requirements of the framework.

Plerion control for ISO 27001:2022 framework, as seen on Drata

Evidence

Plerion generates an Excel Spreadsheet (.xlsx) report containing Plerion findings relevant to the framework requirements across your chosen cloud accounts. For example, for the ISO 27001:2022 requirement "A.5.15 Access control", Plerion includes "S3 bucket Block Public Access" findings in the spreadsheet.

All evidence is reported against the PLERION control.

Plerion evidence, as seen on Drata

When is the evidence sent to Drata?

Plerion sends the evidence report to Drata once a day, on a scheduled basis. The evidence includes results from the most recent scans Plerion has performed across your selected cloud accounts.

Steps for integrating Drata with Plerion

Plerion uses a Drata API key to send evidence to Drata. To integrate Drata with Plerion, you will need to create a Drata API key (Link (opens in a new tab)), set up a Drata integration on Plerion, and then create a workflow on Plerion to select the relevant cloud accounts and compliance frameworks.

Create a Drata API key

  1. Go to the Settings page on Drata. To access settings, select your account on the bottom left side navigation and then the Settings option.
  2. Select API Keys on the Settings page.
  3. Select the Create API Key button.
  4. Enter the API key details:
    • Name: Plerion
    • Expiration date: Set an expiration date for your API key
    • Allowed IP Addresses: Leave empty
    • The scope: Plerion needs the following permissions:
      • Read and write access to Controls
      • Read and write access to the Evidence Library
      • Read access to Frameworks
      • Read access to Workspaces
      • Read access to Users

Once you create the API key, copy that and keep it safe. You will need it in the next step.

Create a Drata integration on Plerion

  1. On the Plerion dashboard, go to Settings > Integrations.
  2. On the Integrations page, find Drata and click the + button. (Link (opens in a new tab))

Add Drata integration

  1. Enter a name for your Drata instance, paste your Drata API key generated in the previous step, and click Add to connect your Drata instance to Plerion.

Create a workflow on Plerion

Once you have added your Drata instance, you will need to set up the corresponding workflow.

  1. Go to Settings > Workflows and click on the Add a new workflow button. (Link (opens in a new tab))
  2. Enter your workflow name and ensure that the Enabled toggle is turned on.
  3. Under Conditions, click Add conditions > Add findings conditions.
💡

Tip: For Drata workflows, you only need to fill in the Integration dropdown menu. Other fields like Provider, Detection, Asset group, Resource type or Severity level are not supported and can be left blank.

  1. Under Actions, click Add action and select your connected Drata instance. Choose your workspace and the relevant framework.
  2. Click Save to finish setting up your workflow.

A Plerion workflow for ISO 27001:2022 framework

ℹ️

This integration is currently in beta, and we'd love your feedback! Let us know how it's working for you and what additional frameworks you'd like to see integrated with Drata.

Amazon SQSOverview