From our long-standing contributions to Recog to the release of tools like SSHamble and excrypto, supporting and contributing to the open source community has always been a part of runZero's DNA.
Open source software provides you with the flexibility to customize and extend software to meet unique operational needs, while the collaborative nature of the community fosters the sharing of ideas for mutual benefit. For example, we've recently been collaborating with ProjectDiscovery on an integration with the Nuclei vulnerability scanner while also contributing back to their project.
Today, I'm excited to talk about NetBox, a leading open source platform for network and infrastructure management. runZero first released an integration with NetBox in late 2024 and we have continued to update and extend this integration as we've received feedback from our customers. In some ways, runZero and NetBox are out to achieve similar goals. While our approaches differ, they can also be complimentary.
What is NetBox? #
NetBox is an open-source platform backed by NetBox Labs, designed for network and infrastructure teams that combines IP address management (IPAM) and datacenter infrastructure management (DCIM). It can act as a single source of truth for the intended state of a network. NetBox is highly customizable and offers an interconnected data model that supports traditional computing hardware as well as racks, cables, IP addresses, VLANs, circuits, VPNs, power, and much more. It also offers an API, which is where runZero comes in.
runZero's integration with NetBox allows you to import devices and virtual machines to enrich your asset inventory. This has a number of benefits:
- When combined with active scanning or passive sampling, it allows you to compare the intended state of your network with the reality of your network. This can help you identify misconfigurations, rogue devices and much more.
- NetBox can provide valuable insight into asset fingerprinting. runZero will use attributes like mfg.name, mfg.model and platform.name to inform fingerprinting. This can be invaluable in scenarios where we're not able to fully discover this information through active scanning.
- Assets can be enriched with details that are not traditionally exposed to the network. For example, runZero will import asset tags, serial numbers, geolocation data, device role information, rack location, etc. In addition to these data points, runZero will also import custom organization-specific attributes that are defined in NetBox.
How are our customers using NetBox? #
Before I entered the world of customer success, I spent a number of years working in the oil and gas industry. We managed a large distributed OT environment that supported a network of interstate natural gas pipelines. We didn't have tools like runZero or NetBox available, but we did have a lot of spreadsheets. Our field automation team maintained detailed spreadsheets documenting every asset that they deployed at an OT site. The field telecommunications team maintained a separate set of spreadsheets tracking their hardware and circuits. Not to be outdone, the security team had its own collection of spreadsheets tracking things like compliance with hardening standards. We shared our spreadsheets with pride, celebrated our attention to detail and … often wondered who had the latest version of each spreadsheet.
Fast forward to modern day where technology has allowed us to retire these spreadsheets. NetBox provides a far more powerful experience for engineers who are tasked with documenting the intended state of their OT networks. Combining this data with the power of runZero gives you a comprehensive view into desired state vs. actual state.
Our customers are leveraging this integration in valuable ways. One manufacturing company we're working with uses NetBox to enrich runZero's asset inventory and help them better understand details like site location, device role, criticality and availability requirements. This visibility allows them to more effectively prioritize and coordinate remediation of exposures that are identified in their OT environment. They've also integrated several other security technologies, including their EDR platform, which allows them to easily identify critical OT assets that are missing EDR so that they can schedule remediation.
How do I get started? #
Configuring the NetBox integration is pretty straightforward. You will need the URL of your NetBox deployment and a NetBox API key. Then you simply need to navigate to your runZero Console, select Data sources > Integrate and then click on the NetBox integration to get started.
You will also need to make a couple of decisions as part of the configuration process. Specifically, whether you want to pull in assets that do not have an IP address and whether you want to discover unknown assets or simply enrich assets that runZero has discovered. You will also find a few options for filtering assets, including by site name and/or CIDR block. You can visit our documentation website for detailed step by step instructions.
We love customer feedback as much as we love open source, so let us know if there is anything we can do to make our NetBox integration more powerful for your use cases. And stay tuned because we have some cool new features coming to take our NetBox integration to the next level.
If you’d like to get started immediately with testing the NetBox integration, you can leverage a 21-day, fully featured trial which turns into a free community edition after that.
