This guide will instruct you how to integrate your CyCognito account with the Autobahn platform to re-prioritize vulnerabilities and map them to actionable Workouts
Table of content
- Why integrate CyCognito with Autobahn
- Required steps to integrate CyCognito with Autobahn
- Integrate CyCognito with Autobahn
- Enable/disable integration
- Data mapping on CyCognito integration
- Status update mechanisms
- API Endpoints in use
- Important notes
1. Why integrate CyCognito with Autobahn
CyCognito automatically discovers all your internet-facing assets - including devices, websites, and applications - and continuously monitors them for vulnerabilities.
By integrating CyCognito’s Attack Surface Management with your Autobahn account, you enable seamless, automated import of asset data (such as domains and web addresses) and any associated vulnerabilities identified by CyCognito.
Once connected, Autobahn processes and enriches this data, giving you a consolidated view of your external risk exposure. It helps you:
- Prioritize vulnerabilities based on risk and context
- Streamline remediation efforts
- Automatically map issues to Cyber Fitness Workouts, turning insights into actionable remediation steps
This integration ensures continuous visibility and faster response to external threats - without manual effort.
Note: this integration only supports the latest version of CyCognito.
2. Required steps to integrate CyCognito with Autobahn
To enable the integration, you need to first prepare the CyCognito API Key. Follow the steps below to generate the API Key.
1 - Access your CyCognito account by logging in with your credentials.
2 - Navigate to Workflow & Integration from the sidebar.
3 - Click on the API Key Management button. You will see a form to generate a new API Key.
4 - Input a key name in the Key name field, and select "Read only" on the Key access section. Then, click the Create button.

5 - Copy the resulting API key to use later when setting up the connector in Autobahn.
Please note that this connection is one-way. Information flows from CyCognito (the Connector) to Autobahn.
3. Integrate CyCognito with Autobahn
Once you generated the CyCognito API Key, navigate to the Integrations page in the Autobahn platform and click Configure on the CyCognito tile.
1 - On the CyCognito integration page, set up the integration:
-
Provide a Label for the CyCognito integration.
-
Enter the API Key you generated earlier.

2 - Click the Save button to connect to your CyCognito instance.
3 - To make sure that the integration is active, go to the Integrations page and look for the CyCognito tile. Once the toggle is active, the data is being imported into Autobahn.
After you integrate CyCognito with Autobahn, it will take approximately one hour for data to be imported.
You can view the imported vulnerabilities on the Issues page by using the Origin filter, and the corresponding assets on the Assets page by using the Source filter.
4. Enable/disable integration
You may want to disable the integration. Disabling the integration will prevent Autobahn from fetching new data from CyCognito. The credentials and previously fetched data will remain in Autobahn. To disable the active integration, click the toggle in the CyCognito card.

You can re-enable the integration by switching the toggle back. When re-enabled, the system will fetch the data starting from the last fetching date.
5. Data mapping on CyCognito integration
Autobahn integrates with CyCognito through API and pulls relevant vulnerabilities and assets into Autobahn.
5.a. Web application field mapping
CyCognito field |
Autobahn field |
Value Example |
---|---|---|
webapp_address |
Asset |
example.com:32768 |
related_asset_ids.ip |
IPs |
1.1.1.1 |
related_asset_ids.domain |
Hostnames |
example.com |
tags |
Tag |
sample-tag |
continent |
Tag |
Europe |
locations |
Tag |
DEU |
organizations |
Tag |
Autobahn |
region |
Tag |
Northern Europe |
5.b. Domain fields mapping
Cycognito field |
Autobahn field |
Value Example |
---|---|---|
domain |
Asset |
example.com |
related_asset_ids.ip |
IPs |
1.1.1.1 |
domain |
Hostnames |
example.com |
tags |
Tag |
sample-tag |
continent |
Tag |
Europe |
locations |
Tag |
DEU |
organizations |
Tag |
Autobahn |
region |
Tag |
Northern Europe |
5.c. IP Address mapping
Cycognito field |
Autobahn field |
Value Example |
---|---|---|
ip |
Asset |
1.1.1.1 |
ip |
IPs |
1.1.1.1 |
related_asset_ids.domain |
Hostnames |
example.com |
tags |
Tag |
sample-tag |
continent |
Tag |
Europe |
locations |
Tag |
DEU |
organizations |
Tag |
Autobahn |
region |
Tag |
Northern Europe |
6. Status update mechanisms
Every day, Autobahn syncs with CyCognito to receive updates on existing vulnerabilities and assets, as well as to retrieve new ones (if any are added).
The table below shows how the status update mechanism works in the CyCognito integration for vulnerabilities and assets in Autobahn.
Update type in Autobahn |
Mechanism (when?) |
The asset is archived |
|
The vulnerability instance status changes to "Remediated" |
|
Note: Asset or vulnerability updates on the vendor side will be reflected in Autobahn on the next day after the daily data sync.
7. API endpoints in use
To get the data from CyCognito, Autobahn utilizes the CyCognito API, and uses Axios (JavaScript library) to access the CyCognito API directly.
8. Important notes
Several remarks on some CyCognito ingested vs. un-ingested fields:
-
CyCognito asset types are ingested based on user input, with available options including Domains, IP Addresses, and Web Applications. Certificates are currently not supported.
-
When calculating vulnerability instances, potential discrepancies between CyCognito and Autobahn should be considered:
-
Autobahn exclusively incorporates vulnerability instances directly linked to an asset. CyCognito, on the other hand, includes vulnerability instances not only for the asset itself but also for linked assets.
-
If a domain is linked to an IP address, each possessing distinct vulnerability instances:
-
In Autobahn, two separate assets will be displayed, each with its vulnerability instance.
-
In CyCognito, both assets will be assigned, but they will share the same two vulnerability instances.
-
-