Skip to main content

Overview

This Push Security documentation provides comprehensive guidance for integrating Push Security with the AirMDR platform to enhance identity threat detection, enable real-time browser-based telemetry ingestion, and automate incident response workflows.

Pre-requisites

Users must have Admin access to create new API Token.

Generate SOCRadar API Token and Company ID

1

Access SOCRadar

  1. Log in to the Push Security admin console.
  2. Enter your admin credentials (username and password), and click Continue.
2

Create an API Token

  1. After logging in, click on the Dashboard, locate the left sidebar. Push Security4 Pn
  2. Navigate to ⚙️SettingsAPI Keys section.
  3. Click on + API Key. Push Security5 Pn
  4. Enter a descriptive name in the provided field (e.g.,AirMDR Integration Key).
  5. Set appropriate permissions.
    • Read only – limited to GET requests
    • Full access – grants all CRUD (GET, POST, PUT, DELETE) Push Security6 Pn
  6. Click Generate API key button. Push Security7 Pn
    This is the only time the API Token will be displayed.
    Copy and securely save the token in your organization’s credentials management system.
    All the generated API Keys are displayed as List under ⚙️SettingsAPI Keys section.

    Admin can Manage/Delete the generated API Keys.
    Securely share the API Token and Company ID to AirMDR
    or
    Self configure Push Security in the AirMDR Integrations Dashboard.

Skills Provided by this Integration

Skill IDPurpose
To view the details of Input Parameters and Output for the respective skills

Configure SOCRadar in AirMDR Integrations Dashboard

  1. Navigate to AirMDR, provide the credentials and click Login
  2. Navigate to the AirMDR Integrations Dashboard in the left navigation pane and select Integrations
  3. Use the search option, enter the keyword “Soc Radar”, select the Connections tab, and click + Create button. Push Security3 Pn
  4. Enter an unique name to the Instance (e.g., your org name-Push Security) to easily identify the user connection by AirMDR.
  5. Enter the generated API Key in the Authentication Details field params, and click Create. Push Security1 Pn

Evaluate SOCRadar API Token

Basic cURL Syntax - Open cURL and run the following command to test your API Token: 

curl -X GET \
  https://<YOUR_PUSH_DOMAIN>/api/v1/accounts \
  -H "Accept: application/json" \
  -H "x-api-key: <YOUR_API_KEY>"
Replace:
  • <endpoint> with the specific API endpoint you want to test.
  • <your_push_domain> with your company’s Push environment.
  • <your_api_key> with your actual API Key.

✅ Expected Responses

  • 200 OK: The key is valid and has correct permissions.
  • 401 Unauthorized: Key is incorrect or expired.
  • 403 Forbidden: Permissions insufficient for the requested action.
  • 429 Too Many Requests: You’ve exceeded rate limits (10 requests/sec, with brief burst allowance)

📌 Best Practices

  • Use a dedicated API key for AirMDR with scoped access
  • Monitor API usage to avoid rate limits
  • Implement retry/backoff logic in AirMDR’s ingestion layer
  • Enable logging for all ingested events