Tenant (console) workflow - Manage the full collector lifecycle in the tenant console. Create, edit, delete, generate credentials, and validate SARIF files. Upload findings via API only. - Administrator Guide - Cortex Cloud Posture Management - Cortex CLOUD

Cortex Cloud Posture Management Documentation
Product
Cortex Cloud Application Security > Cortex CLOUD
License
Cloud Posture Management
Creation date
2025-01-22
Last date published
2026-06-04
Category
Administrator Guide
Abstract

Manage the full collector lifecycle in the tenant console. Create, edit, delete, generate credentials, and validate SARIF files. Upload findings via API only.

The Collector can be managed through the tenant for the full collector lifecycle, creation, credential generation, SARIF validation, editing, and deletion. Finding upload is performed exclusively through the API workflow.

Navigate to Data Sources

  1. Navigate to SettingsData Sources & Integrations.

  2. Filter by Name = 3rd Party AppSec Collector.

    The Collector instances page displays all existing 3rd Party AppSec Collector instances.

Create a collector

The collector creation wizard consists of three sequential steps: configure Collector, API Key, and validate File Format.

Step 1: Configure collector

Define the collector identity and configuration.

  1. Select + Add New or select Add Another Instance if a collector is displayed.

  2. Enter a Collector Name (required). Set the collector name to match the tool.driver.name field from the SARIF file for consistent identification across the platform.

    Note: The collector name is the primary identifier for the collector instance. Use a descriptive name that identifies the third-party tool.

  3. Select Generate API key.

Step 2: API Key

Copy the generated API credentials for use in the upload workflow.

  1. Review the success message confirming the collector was created.

  2. Copy the Token ID (first credential value), used as the x-crtx-auth-id header.

  3. Copy the API Token (second credential value), used as the Authorization header.

  4. Select Copy API URL to copy the collector-specific upload endpoint.

  5. Optionally select View Examples to display cURL and Python upload examples.

  6. Select Next.

Important

The Token ID and API Token are displayed only once. Copy and store the credentials securely before proceeding. If the credentials are lost, edit the collector to regenerate the credentials.

Step 3: Validate file format (optional)

Validate a SARIF file to verify the format before production use.

  1. Upload a SARIF file using the file input.

  2. Review the validation result. Values: Valid, Partially Valid and Invalid. Refer to Technical requirements and SARIF specifications for more details about each option.Technical requirements and SARIF specifications

  3. Select Done to complete the collector creation.

Edit a collector

  1. Navigate to SettingsData Sources & Integrations3rd Party AppSec Collector.

  2. Select the collector instance to edit.

  3. Modify the Collector Name.

  4. Select Save to apply the changes.

Note

Editing a collector does not regenerate the API credentials. The existing credentials remain valid after editing the collector name.

Delete a collector

  1. Navigate to SettingsData Sources & Integrations3rd Party AppSec Collector.

  2. Select the collector instance.

  3. Select the delete action for the collector instance.

  4. Confirm the deletion.

Caution

Deleting a collector permanently removes the collector instance and invalidates the associated API credentials. Existing findings that were previously ingested through the deleted collector remain in the platform and are not affected by the deletion.

Validate a SARIF file (post-creation)

Validate a SARIF file against an existing collector instance without uploading findings.

  1. Navigate to SettingsData Sources3rd Party AppSec Collector.

  2. Select the Test action for the collector instance.

  3. Upload a SARIF file using the file input.

  4. Review the validation result (VALID, PARTIALLY_VALID, or INVALID). The validation panel displays the status and any issues detected.