> ## Documentation Index
> Fetch the complete documentation index at: https://docs.livingsecurity.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Securonix

> Connect Securonix SNYPR to import incident and threat data.

export const ConnectInPlatform = ({tile, children}) => <Step title="Enter the credentials in the Living Security Platform">
    <p>
      Completed by whoever holds Living Security access — the program owner, or the system
      admin if they've been invited (delegated setup).
    </p>
    <ol>
      <li>
        Go to <strong>Settings → Integrations → Catalog</strong>, find the{' '}
        <strong>{tile}</strong> tile, click <strong>Connect</strong>.
      </li>
      <li>
        Fill in the fields below, then click <strong>Connect</strong>.
      </li>
    </ol>
    {children}
  </Step>;

export const SystemAdminBanner = ({system, recommendDelegated}) => <Note>
    <p>
      <strong>This guide is for your {system} administrator.</strong> It covers creating API
      credentials inside {system}, which requires admin access to {system} — not to the
      Living Security Platform.
    </p>
    <p>
      If you're the Living Security <strong>program owner</strong> and don't administer {system},
      send this page to whoever does. They complete Part A and hand the credentials back to you
      (or enter them directly if you've invited them into the platform).
      {recommendDelegated && <>
          {' '}Because setup produces sensitive key material, we recommend the{' '}
          <strong>delegated setup</strong> path so the secret is never sent back to you.
        </>}
    </p>
  </Note>;

<SystemAdminBanner system="Securonix SNYPR" />

## What Living Security needs

| Credential          | Description                                                     |
| ------------------- | --------------------------------------------------------------- |
| **API token**       | A token generated from the SNYPR web console or REST API        |
| **Tenant API host** | The hostname for your SNYPR tenant (e.g., `acme.securonix.net`) |

**Scopes:** Read access to incidents

**Required role:** **Analyst** or higher (Admin privileges to generate tokens)

### Prerequisites

* You must have **Admin** privileges in SNYPR to create users and generate API tokens.
* SNYPR deployment must be version 6.3 or later.

***

## Part A — In Securonix SNYPR

*Your Securonix administrator completes these steps.*

<Steps>
  <Step title="Create a dedicated service account (recommended)">
    Creating a dedicated service account limits the blast radius if the token is compromised and makes rotation easier.

    1. Sign in to your SNYPR web console at `https://<your-tenant>.securonix.net`.
    2. Navigate to **Menu** → **Administration** → **Users**.
    3. Click **Add User**.
    4. Fill in the required fields:
       * **Username** — e.g., `livingsecurity-integration`
       * **Email** — A security team or shared inbox address
       * **Role** — **Analyst** (provides read access to incidents without write permissions)
    5. Click **Save**.

    <Note>
      For least-privilege access, use the **Analyst** role or a custom read-only role rather than Administrator.
    </Note>
  </Step>

  <Step title="Generate an API token">
    SNYPR tokens are generated via the REST API using Basic authentication.

    **Option A: Via REST API (recommended)**

    Call the token generation endpoint:

    ```bash theme={null}
    curl -X GET "https://<your-tenant>.securonix.net/ws/token/generate" \
      -H "Authorization: Basic $(echo -n 'username:password' | base64)"
    ```

    A successful response returns a token string (UUID format):

    ```
    00000000-0000-0000-0000-000000000000
    ```

    **Option B: Via SNYPR web console**

    Some SNYPR versions expose token management in the UI:

    1. Navigate to **Menu** → **Administration** → **Security** → **API Token Management**.
    2. Generate a new token.

    <Note>
      Consult your Securonix administrator if you're unsure which method is available in your deployment.
    </Note>
  </Step>

  <Step title="Copy and save your token">
    **Copy the token immediately** and store it securely.

    <Warning>
      SNYPR tokens are long-lived by default, but your organization may configure a validity window. Set a calendar reminder to rotate the token according to your security policy.
    </Warning>
  </Step>

  <Step title="Identify your tenant API host">
    The tenant API host is your SNYPR console hostname without `https://`.

    | SNYPR console URL            | Tenant API host      |
    | ---------------------------- | -------------------- |
    | `https://acme.securonix.net` | `acme.securonix.net` |
    | `https://acme.snypr.com`     | `acme.snypr.com`     |
    | `https://siem.acme.com`      | `siem.acme.com`      |

    Enter the **host only** — no `https://` prefix and no trailing slash.
  </Step>
</Steps>

***

## Part B — In the Living Security Platform

*The program owner completes this step, or the system admin if using delegated setup.*

<Steps>
  <ConnectInPlatform tile="Securonix">
    | Field               | Value                                                     |
    | ------------------- | --------------------------------------------------------- |
    | **API key**         | The token from Part A, Step 3                             |
    | **Tenant API host** | The host from Part A, Step 4 (e.g., `acme.securonix.net`) |

    <Note>
      Living Security sends the token as `Authorization: token <value>` (lowercase `token`, not `Bearer`). This matches the SNYPR 6.3 REST API authentication scheme.
    </Note>

    <img src="https://mintcdn.com/livingsecurity/oVkrOMkYmNevekTI/integrations/images/securonix/connect-dialog.png?fit=max&auto=format&n=oVkrOMkYmNevekTI&q=85&s=932a0dcdda8c96cf96f1a2c3ccfd416f" alt="Living Security connect dialog for Securonix" style={{maxWidth: "450px"}} width="576" height="372" data-path="integrations/images/securonix/connect-dialog.png" />
  </ConnectInPlatform>
</Steps>

You are now connected to Securonix.

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="401 Unauthorized">
    The token is invalid, expired, or revoked. Generate a new token using the service account credentials.
  </Accordion>

  <Accordion title="403 Forbidden">
    The service account lacks permissions to access incident data. Verify the account has at least **Analyst** role.
  </Accordion>

  <Accordion title="Malformed URL errors">
    The tenant API host may include `https://` or a trailing slash. Enter only the hostname (e.g., `acme.securonix.net`).
  </Accordion>

  <Accordion title="Token generation fails">
    Verify:

    1. The service account credentials are correct
    2. The account has API access enabled
    3. Your SNYPR version is 6.3 or later
  </Accordion>

  <Accordion title="SNYPR version compatibility">
    This integration requires SNYPR 6.3 or later for REST API support. Contact your Securonix administrator to verify your deployment version.
  </Accordion>
</AccordionGroup>
