ZeroNorth's Supported Execution Modes

We’ll provide a general overview of ZeroNorth’s different supported execution modes. These modes vary across different security tools available within the ZeroNorth platform. Please see our security tool specific documentation for detailed information on supported execution modes for that tool.

Data Ingestion

ZN receives results from a previously completed scan.

Manual Upload

• A scan happened previously without ZN being part of the orchestration.
• Customer does NOT need to share credentials with ZeroNorth.
• Requires a file (native format of security tool)
  • File can be uploaded via the UI
  • File can be uploaded via a script

Automated Data Loads

• A scan happened previously without ZN being part of the orchestration.
• Customer needs to share credentials with ZeroNorth.
• Additionally, ZeroNorth needs an identifier provided from the security tool vendor to select which set of point in time results ZeroNorth is bringing in.

Discovery

ZN enumerates configured items by connecting to the security scanning tool instance.

• ZN enumerates the configured items (e.g., image, application, etc.) in the instance by connecting to the customer’s security tool instance.
• Scan(s) happened previously without ZN being part of the orchestration.
• Customer needs to share credentials with ZeroNorth.

Orchestration

ZN automates and triggers the security scanning tool to produce a scan.

• Customer needs to share credentials with ZeroNorth.

• Where applicable ZN will create a configured item in the security tool instance. ZN will extract the results from the security tool.

  • Please note that orchestration is not applicable to every security tool (e.g. AWS Security Hub) and depends on how a given tool works.

These modes (Data Ingestion, Discovery, Orchestration) vary across different security tools available within the ZeroNorth platform. Please see our security tool specific documentation for detailed information on supported execution modes for that tool.