← Pipedream + Drata integrations

Find Controls with Drata API on New Scheduled Tasks from Pipedream API

Pipedream makes it easy to connect APIs for Drata, Pipedream and 2,400+ other apps remarkably fast.

Trigger workflow on
New Scheduled Tasks from the Pipedream API
Next, do this
Find Controls with the Drata API
No credit card required
Intro to Pipedream
Watch us build a workflow
Watch us build a workflow
8 min
Watch now ➜

Trusted by 1,000,000+ developers from startups to Fortune 500 companies

Adyen logo
Appcues logo
Bandwidth logo
Checkr logo
ChartMogul logo
Dataminr logo
Gopuff logo
Gorgias logo
LinkedIn logo
Logitech logo
Replicated logo
Rudderstack logo
SAS logo
Scale AI logo
Webflow logo
Warner Bros. logo
Adyen logo
Appcues logo
Bandwidth logo
Checkr logo
ChartMogul logo
Dataminr logo
Gopuff logo
Gorgias logo
LinkedIn logo
Logitech logo
Replicated logo
Rudderstack logo
SAS logo
Scale AI logo
Webflow logo
Warner Bros. logo

Developers Pipedream

Getting Started

This integration creates a workflow with a Pipedream trigger and Drata action. When you configure and deploy the workflow, it will run on Pipedream's servers 24x7 for free.

  1. Select this integration
  2. Configure the New Scheduled Tasks trigger
    1. Connect your Pipedream account
    2. Optional- Configure Secret
  3. Configure the Find Controls action
    1. Connect your Drata account
    2. Optional- Configure Query
    3. Optional- Select one or more Framework Tags
    4. Optional- Configure Framework Slug
    5. Optional- Select one or more Trust Service Criterion
    6. Optional- Select one or more ISMS Category
    7. Optional- Select one or more ISMS Category
    8. Optional- Configure Is Annex A 2022
    9. Optional- Select one or more Rules
    10. Optional- Select one or more Sub Rules
    11. Optional- Select one or more PCI Requirements
    12. Optional- Select one or more Chapters
    13. Optional- Select one or more Statutes
    14. Optional- Select one or more Regulations
    15. Optional- Select one or more Functions
    16. Optional- Select one or more Sections
    17. Optional- Select one or more Control Families
    18. Optional- Select one or more Control Classes
    19. Optional- Select one or more ISO 27701
    20. Optional- Select one or more COBIT
    21. Optional- Select one or more SOX ITGC
    22. Optional- Select one or more Control Baselines
    23. Optional- Select one or more CMMC Classes
    24. Optional- Select one or more Domains
    25. Optional- Select one or more Assessment Factors
    26. Optional- Configure User Ids
    27. Optional- Configure Is Owned
    28. Optional- Configure Is Ready
    29. Optional- Configure Is Annex A
    30. Optional- Configure Is Archived
    31. Optional- Configure Is Monitored
    32. Optional- Configure Has Evidence
    33. Optional- Configure Has Passing Test
    34. Optional- Configure Exclude IDs
    35. Optional- Configure Exclude Requirement ID
    36. Optional- Configure Requirement ID
    37. Optional- Configure Exclude Test ID
    38. Optional- Configure Test ID
    39. Optional- Select a Has Ticket
    40. Optional- Configure Connection ID
  4. Deploy the workflow
  5. Send a test event to validate your setup
  6. Turn on the trigger

Details

This integration uses pre-built, source-available components from Pipedream's GitHub repo. These components are developed by Pipedream and the community, and verified and maintained by Pipedream.

To contribute an update to an existing component or create a new component, create a PR on GitHub. If you're new to Pipedream component development, you can start with quickstarts for trigger span and action development, and then review the component API reference.

Trigger

Description:Exposes an HTTP API for scheduling messages to be emitted at a future time
Version:0.3.1
Key:pipedream-new-scheduled-tasks

Pipedream Overview

Pipedream is an API that allows you to build applications that can connect to
various data sources and processes them in real-time. You can use Pipedream to
create applications that can perform ETL (Extract, Transform, and Load) tasks,
as well as to create data-driven workflows.

Some examples of applications you can build using the Pipedream API include:

  • An application that can extract data from a database, transform it, and then
    load it into another database.
  • An application that can monitor a data source for changes, and then trigger a
    workflow in response to those changes.
  • An application that can poll an API for new data, and then process that data
    in real-time.

Trigger Code

import pipedream from "../../pipedream.app.mjs";
import sampleEmit from "./test-event.mjs";
import { uuid } from "uuidv4";

export default {
  key: "pipedream-new-scheduled-tasks",
  name: "New Scheduled Tasks",
  type: "source",
  description:
    "Exposes an HTTP API for scheduling messages to be emitted at a future time",
  version: "0.3.1",
  dedupe: "unique", // Dedupe on a UUID generated for every scheduled task
  props: {
    pipedream,
    secret: {
      type: "string",
      secret: true,
      label: "Secret",
      optional: true,
      description:
        "**Optional but recommended**: if you enter a secret here, you must pass this value in the `x-pd-secret` HTTP header when making requests",
    },
    http: {
      label: "Endpoint",
      description: "The endpoint where you'll send task scheduler requests",
      type: "$.interface.http",
      customResponse: true,
    },
    db: "$.service.db",
  },
  methods: {
    // To schedule future emits, we emit to the selfChannel of the component
    selfChannel() {
      return "self";
    },
    // Queue for future emits that haven't yet been delivered
    queuedEventsChannel() {
      return "$in";
    },
    httpRespond({
      status, body,
    }) {
      this.http.respond({
        headers: {
          "content-type": "application/json",
        },
        status,
        body,
      });
    },
    async selfSubscribe() {
      // Subscribe the component to itself. We do this here because even in
      // the activate hook, the component isn't available to take subscriptions.
      // Scheduled tasks are sent to the self channel, which emits the message at
      // the specified delivery_ts to this component.
      const isSubscribedToSelf = this.db.get("isSubscribedToSelf");
      if (!isSubscribedToSelf) {
        const componentId = process.env.PD_COMPONENT;
        const selfChannel = this.selfChannel();
        console.log(`Subscribing to ${selfChannel} channel for event source`);
        console.log(
          await this.pipedream.subscribe(componentId, componentId, selfChannel),
        );
        this.db.set("isSubscribedToSelf", true);
      }
    },
    validateEventBody(event, operation) {
      const errors = [];

      // Secrets are optional, so we first check if the user configured
      // a secret, then check its value against the prop (validation below)
      if (this.secret && event.headers["x-pd-secret"] !== this.secret) {
        errors.push(
          "Secret on incoming request doesn't match the configured secret",
        );
      }

      if (operation === "schedule") {
        const {
          timestamp,
          message,
        } = event.body;
        // timestamp should be an ISO 8601 string. Parse and check for validity below.
        const epoch = Date.parse(timestamp);

        if (!timestamp) {
          errors.push(
            "No timestamp included in payload. Please provide an ISO8601 timestamp in the 'timestamp' field",
          );
        }
        if (timestamp && !epoch) {
          errors.push("Timestamp isn't a valid ISO 8601 string");
        }
        if (!message) {
          errors.push("No message passed in payload");
        }
      }

      return errors;
    },
    scheduleTask(event) {
      const errors = this.validateEventBody(event, "schedule");
      let status, body;

      if (errors.length) {
        console.log(errors);
        status = 400;
        body = {
          errors,
        };
      } else {
        const id = this.emitScheduleEvent(event.body, event.body.timestamp);
        status = 200;
        body = {
          msg: "Successfully scheduled task",
          id,
        };
      }

      this.httpRespond({
        status,
        body,
      });
    },
    emitScheduleEvent(event, timestamp) {
      const selfChannel = this.selfChannel();
      const epoch = Date.parse(timestamp);
      const $id = uuid();

      console.log(`Scheduled event to emit on: ${new Date(epoch)}`);

      this.$emit(
        {
          ...event,
          $channel: selfChannel,
          $id,
        },
        {
          name: selfChannel,
          id: $id,
          delivery_ts: epoch,
        },
      );

      return $id;
    },
    async cancelTask(event) {
      const errors = this.validateEventBody(event, "cancel");
      let status, msg;

      if (errors.length) {
        console.log(errors);
        status = 400;
        msg = "Secret on incoming request doesn't match the configured secret";
      } else {
        try {
          const id = event.body.id;
          const isCanceled = await this.deleteEvent(event);
          if (isCanceled) {
            status = 200;
            msg = `Cancelled scheduled task for event ${id}`;
          } else {
            status = 404;
            msg = `No event with ${id} found`;
          }
        } catch (error) {
          console.log(error);
          status = 500;
          msg = "Failed to schedule task. Please see the logs";
        }
      }

      this.httpRespond({
        status,
        body: {
          msg,
        },
      });
    },
    async deleteEvent(event) {
      const componentId = process.env.PD_COMPONENT;
      const inChannel = this.queuedEventsChannel();

      // The user must pass a scheduled event UUID they'd like to cancel
      // We lookup the event by ID and delete it
      const { id } = event.body;

      // List events in the $in channel - the queue of scheduled events, to be emitted in the future
      const events = await this.pipedream.listEvents(
        componentId,
        inChannel,
      );
      console.log("Events: ", events);

      // Find the event in the list by id
      const eventToCancel = events.data.find((e) => {
        const { metadata } = e;
        return metadata.id === id;
      });

      console.log("Event to cancel: ", eventToCancel);

      if (!eventToCancel) {
        console.log(`No event with ${id} found`);
        return false;
      }

      // Delete the event
      await this.pipedream.deleteEvent(
        componentId,
        eventToCancel.id,
        inChannel,
      );
      return true;
    },
    emitEvent(event, summary) {
      // Delete the channel name and id from the incoming event, which were used only as metadata
      const id = event.$id;
      delete event.$channel;
      delete event.$id;

      this.$emit(event, {
        summary: summary ?? JSON.stringify(event),
        id,
        ts: +new Date(),
      });
    },
  },
  async run(event) {
    await this.selfSubscribe();

    const { path } = event;
    if (path === "/schedule") {
      this.scheduleTask(event);
    } else if (path === "/cancel") {
      await this.cancelTask(event);
    } else if (event.$channel === this.selfChannel()) {
      this.emitEvent(event);
    }
  },
  sampleEmit,
};

Trigger Configuration

This component may be configured based on the props defined in the component code. Pipedream automatically prompts for input values in the UI and CLI.
LabelPropTypeDescription
PipedreampipedreamappThis component uses the Pipedream app.
Secretsecretstring

Optional but recommended: if you enter a secret here, you must pass this value in the x-pd-secret HTTP header when making requests

N/Ahttp$.interface.httpThis component uses $.interface.http to generate a unique URL when the component is first instantiated. Each request to the URL will trigger the run() method of the component.
N/Adb$.service.dbThis component uses $.service.db to maintain state between executions.

Trigger Authentication

Pipedream uses API keys for authentication. When you connect your Pipedream account, Pipedream securely stores the keys so you can easily authenticate to Pipedream APIs in both code and no-code steps.

About Pipedream

Integration platform for developers

Action

Description:Find Controls. [See the documentation](https://developers.drata.com/docs/openapi/reference/operation/GRCPublicController_getControls/).
Version:0.0.3
Key:drata-find-controls

Drata Overview

Drata is a compliance automation platform. Drata’s platform is built by compliance and security experts so you don’t have to be one. With 75+ native integrations, you can easily connect your tech stack and automate evidence collection and testing.

Pipedream customers get 25% off Drata, with implementation fees waived. Visit https://drata.com/partner/pipedream for more information.

Action Code

import drata from "../../drata.app.mjs";
import _ from "lodash";

const docsLink = "https://developers.drata.com/docs/openapi/reference/operation/GRCPublicController_getControls/";

export default {
  key: "drata-find-controls",
  name: "Find Controls",
  description: `Find Controls. [See the documentation](${docsLink}).`,
  version: "0.0.3",
  type: "action",
  props: {
    drata,
    q: {
      type: "string",
      label: "Query",
      description: "Query to search for",
      optional: true,
    },
    frameworkTags: {
      type: "string[]",
      label: "Framework Tags",
      description: "Filter data by controls associated with these framework tags",
      optional: true,
      options: [
        "NONE",
        "SOC_2",
        "ISO27001",
        "CCPA",
        "GDPR",
        "HIPAA",
        "PCI",
        "SCF",
        "NIST80053",
        "NISTCSF",
        "CMMC",
        "NIST800171",
        "MSSSPA",
        "FFIEC",
        "ISO27701",
        "COBIT",
        "SOX_ITGC",
        "ISO270012022",
        "CCM",
        "CUSTOM",
      ],
    },
    frameworkSlug: {
      type: "string",
      label: "Framework Slug",
      description: "Filter data by controls associated with these custom framework Slug",
      optional: true,
    },
    trustServiceCriteria: {
      type: "string[]",
      label: "Trust Service Criterion",
      description: "Filter controls on their Trust Service Criteria",
      optional: true,
      options: [
        "AVAILABILITY",
        "CONFIDENTIALITY",
        "SECURITY",
        "PRIVACY",
        "PROCESS_INTEGRITY",
        "GENERAL_RULES",
        "ADMINISTRATIVE_SAFEGUARDS",
        "PHYSICAL_SAFEGUARDS",
        "TECHNICAL_SAFEGUARDS",
        "REQUIREMENTS_ORGANIZATION",
        "REQUIREMENTS_POLICIES_PROCEDURES",
        "BASIC",
        "DERIVED",
        "NIST80053_PRIVACY",
      ],
    },
    ismsCategory: {
      type: "string[]",
      label: "ISMS Category",
      description: "Filter controls on their ISMS Category",
      optional: true,
      options: [
        "CONTEXT_OF_THE_ORGANIZATION",
        "LEADERSHIP",
        "PLANNING",
        "SUPPORT",
        "OPERATION",
        "PERFORMANCE_EVALUATION",
        "IMPROVEMENT",
      ],
    },
    isms2022Category: {
      type: "string[]",
      label: "ISMS Category",
      description: "Filter controls on their ISMS Category",
      optional: true,
      options: [
        "ISO_27001_2022_4_CONTEXT_OF_THE_ORGANIZATION",
        "ISO_27001_2022_5_LEADERSHIP",
        "ISO_27001_2022_6_PLANNING",
        "ISO_27001_2022_7_SUPPORT",
        "ISO_27001_2022_8_OPERATION",
        "ISO_27001_2022_9_PERFORMANCE_EVALUATION",
        "ISO_27001_2022_10_IMPROVEMENT",
      ],
    },
    isAnnexA2022: {
      type: "boolean",
      label: "Is Annex A 2022",
      description: "Filter controls on if they are an Annex A requirement",
      optional: true,
    },
    rules: {
      type: "string[]",
      label: "Rules",
      description: "Filter controls on their Hipaa rules",
      optional: true,
      options: [
        "SECURITY",
        "BREACH_NOTIFICATION",
        "PRIVACY",
      ],
    },
    subRules: {
      type: "string[]",
      label: "Sub Rules",
      description: "Filter controls on their Hipaa sub rules",
      optional: true,
      options: [
        "GENERAL_RULES",
        "ADMINISTRATIVE_SAFEGUARDS",
        "PHYSICAL_SAFEGUARDS",
        "TECHNICAL_SAFEGUARDS",
        "REQUIREMENTS_ORGANIZATION",
        "REQUIREMENTS_POLICIES_PROCEDURES",
      ],
    },
    pciRequirements: {
      type: "string[]",
      label: "PCI Requirements",
      description: "Filter controls on their PCI requirements",
      optional: true,
      options: [
        "FIREWALL",
        "PASSWORDS",
        "DATA_AT_REST_PROTECTION",
        "DATA_IN_TRANSIT_ENCRYPTION",
        "MALWARE_PROTECTION",
        "SECURE_SYSTEM_MANAGEMENT",
        "ACCESS_RESTRICTION",
        "SYSTEM_ACCESS_CONTROL",
        "PHYSICAL_ACCESS_CONTROL",
        "NETWORK_ACCESS_MONITORING",
        "VULNERABILITY_TESTING",
        "INFORMATION_SECURITY_POLICY",
      ],
    },
    chapters: {
      type: "string[]",
      label: "Chapters",
      description: "Filter controls on their GDPR chapters",
      optional: true,
      options: [
        "PRINCIPLES",
        "RIGHTS_OF_THE_DATA_SUBJECT",
        "CONTROLLER_AND_PROCESSOR",
        "TRANSFERS_OF_PERSONNEL_DATA_TO_THIRD_COUNTRIES_AND_INTERNATIONAL_ORGANIZATIONS",
      ],
    },
    statutes: {
      type: "string[]",
      label: "Statutes",
      description: "Filter controls on their CCPA statutes",
      optional: true,
      options: [
        "INDIVIDUAL_RIGHTS",
        "SERVICE_PROVIDER",
        "CCPA_SECURITY",
      ],
    },
    regulations: {
      type: "string[]",
      label: "Regulations",
      description: "Filter controls on their CCPA regulations",
      optional: true,
      options: [
        "NOTICES_TO_CONSUMERS",
        "BUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTS",
        "VERIFICATION_OF_REQUESTS",
        "SPECIAL_RULES_REGARDING_CONSUMERS_UNDER_16_YEARS_OF_AGE",
        "NON_DISCRIMINATION",
      ],
    },
    functions: {
      type: "string[]",
      label: "Functions",
      description: "Filter controls on their NIST CSF Functions",
      optional: true,
      options: [
        "IDENTIFY",
        "PROTECT",
        "DETECT",
        "RESPOND",
        "RECOVER",
      ],
    },
    sections: {
      type: "string[]",
      label: "Sections",
      description: "Filter controls on their MSSSPA Section",
      optional: true,
      options: [
        "MANAGEMENT",
        "NOTICE",
        "CHOICE_AND_CONSENT",
        "COLLECTION",
        "RETENTION",
        "DATA_SUBJECTS",
        "DISCLOSURE_TO_THIRD_PARTIES",
        "QUALITY",
        "MONITORING_AND_ENFORCEMENT",
        "MS_SSPA_SECURITY",
      ],
    },
    controlFamilies: {
      type: "string[]",
      label: "Control Families",
      description: "Filter controls on their NIST SP 800-171 Control Family",
      optional: true,
      options: [
        "AUDIT_AND_ACCOUNTABILITY",
        "CONFIGURATION_MANAGEMENT",
        "IDENTIFICATION_AND_AUTHENTICATION",
        "INCIDENT_RESPONSE",
        "MEDIA_PROTECTION",
        "PERSONNEL_SECURITY",
        "PHYSICAL_PROTECTION",
        "SECURITY_ASSESSMENT",
        "SYSTEM_AND_COMMUNICATIONS_PROTECTION",
        "SYSTEM_AND_INFORMATION_INTEGRITY",
        "NIST_CSF_RISK_ASSESSMENT",
        "NIST_CSF_MAINTENANCE",
        "NIST_800_171_ACCESS_CONTROL",
        "NIST_800_171_AWARENESS_AND_TRAINING",
      ],
    },
    controlClasses: {
      type: "string[]",
      label: "Control Classes",
      description: "Filter controls on their NIST SP 800-171 Control Class",
      optional: true,
      options: [
        "TECHNICAL",
        "OPERATIONAL",
        "NIST_800_171_MANAGEMENT",
      ],
    },
    iso27701: {
      type: "string[]",
      label: "ISO 27701",
      description: "Filter controls on their ISO27701 requirements",
      optional: true,
      options: [
        "PIMS_SPECIFIC_REQUIREMENTS",
        "PIMS_SPECIFIC_GUIDANCE",
        "PII_CONTROLS_GUIDANCE",
        "PII_PROCESSORS_GUIDANCE",
      ],
    },
    cobit: {
      type: "string[]",
      label: "COBIT",
      description: "Filter controls on their COBIT requirements",
      optional: true,
      options: [
        "EVALUATE_DIRECT_AND_MONITOR",
        "ALIGN_PLAN_AND_ORGANIZE",
        "BUILD_ACQUIRE_AND_IMPLEMENT",
        "DELIVER_SERVICE_AND_SUPPORT",
        "MONITOR_EVALUATE_AND_ASSESS",
      ],
    },
    soxitgc: {
      type: "string[]",
      label: "SOX ITGC",
      description: "Filter controls on their SOX requirements",
      optional: true,
      options: [
        "PROGRAM_DEVELOPMENT",
        "CHANGE_MANAGEMENT",
        "SYSTEM_OPERATIONS",
        "ACCESS_MANAGEMENT",
      ],
    },
    controlBaselines: {
      type: "string[]",
      label: "Control Baselines",
      description: "Filter controls on their NIST SP 800-53 Control Baseline",
      optional: true,
      options: [
        "NIST_800_53_TECHNICAL",
        "NIST_800_53_OPERATIONAL",
        "NIST_800_53_MANAGEMENT",
      ],
    },
    cmmcClasses: {
      type: "string[]",
      label: "CMMC Classes",
      description: "Filter controls on their NIST SP 800-53 Control Baseline",
      optional: true,
      options: [
        "CMMC_TECHNICAL",
        "CMMC_OPERATIONAL",
        "CMMC_MANAGEMENT",
      ],
    },
    domains: {
      type: "string[]",
      label: "Domains",
      description: "Filter controls on their FFIEC Domains",
      optional: true,
      options: [
        "FFIEC_CYBER_RISK_MANAGEMENT_AND_OVERSIGHT",
        "FFIEC_THREAT_INTELLIGENCE_AND_COLLABORATION",
        "FFIEC_CYBERSECURITY_CONTROLS",
        "FFIEC_EXTERNAL_DEPENDENCY_MANAGEMENT",
        "FFIEC_CYBER_INCIDENT_MANAGEMENT_AND_RESILIENCE",
      ],
    },
    assessmentFactors: {
      type: "string[]",
      label: "Assessment Factors",
      description: "Filter controls on their FFIEC Assessment Factors",
      optional: true,
      options: [
        "FFIEC_GOVERNANCE",
        "FFIEC_RISK_MANAGEMENT",
        "FFIEC_RESOURCES",
        "FFIEC_TRAINING_AND_CULTURE",
        "FFIEC_THREAT_INTELLIGENCE",
        "FFIEC_MONITORING_AND_ANALYZING",
        "FFIEC_INFORMATION_SHARING",
        "FFIEC_PREVENTATIVE_CONTROLS",
        "FFIEC_DETECTIVE_CONTROLS",
        "FFIEC_CORRECTIVE_CONTROLS",
        "FFIEC_CONNECTIONS",
        "FFIEC_RELATIONSHIP_MANAGEMENT",
        "FFIEC_INCIDENT_RESILIENCE_PLANNING_AND_STRATEGY",
        "FFIEC_DETECTION_RESPONSE_AND_MITIGATION",
        "FFIEC_ESCALATION_AND_REPORTING",
      ],
    },
    userIds: {
      type: "integer[]",
      label: "User Ids",
      description: "User Ids of Control Owners",
      optional: true,
    },
    isOwned: {
      type: "boolean",
      label: "Is Owned",
      description: "Filter controls on if they have a control owner",
      optional: true,
    },
    isReady: {
      type: "boolean",
      label: "Is Ready",
      description: "Filter controls on if they are ready",
      optional: true,
    },
    isAnnexA: {
      type: "boolean",
      label: "Is Annex A",
      description: "Filter controls on if they are an Annex A requirement",
      optional: true,
    },
    isArchived: {
      type: "boolean",
      label: "Is Archived",
      description: "Filter to controls that are or are not archived",
      optional: true,
    },
    isMonitored: {
      type: "boolean",
      label: "Is Monitored",
      description: "Filter to controls that are or are not monitored",
      optional: true,
    },
    hasEvidence: {
      type: "boolean",
      label: "Has Evidence",
      description: "Filter to controls with or without evidence",
      optional: true,
    },
    hasPassingTest: {
      type: "boolean",
      label: "Has Passing Test",
      description: "Filter to controls with at least one passing test",
      optional: true,
    },
    excludeIds: {
      type: "integer[]",
      label: "Exclude IDs",
      description: "Exclude controls by array of id",
      optional: true,
    },
    excludeRequirementId: {
      type: "integer",
      label: "Exclude Requirement ID",
      description: "Exclude controls if they are mapped to this requirement id",
      optional: true,
    },
    requirementId: {
      type: "integer",
      label: "Requirement ID",
      description: "Only include controls if they are mapped to this requirement id",
      optional: true,
    },
    excludeTestId: {
      type: "integer",
      label: "Exclude Test ID",
      description: "Exclude controls if they are mapped to this test id",
      optional: true,
    },
    testId: {
      type: "integer",
      label: "Test ID",
      description: "Only include controls if they are mapped to this test id",
      optional: true,
    },
    hasTicket: {
      type: "string",
      label: "Has Ticket",
      description: "Only include controls if they associted to a task management ticket",
      optional: true,
      options: [
        "IN_PROGRESS",
        "ARCHIVED",
      ],
    },
    connectionId: {
      type: "integer",
      label: "Connection ID",
      description: "This will be filled in automatic when using a taskManagementStatus.",
      optional: true,
    },
  },
  async run({ $ }) {
    const params = _.pickBy(_.pick(this, [
      "q",
      "frameworkTags",
      "frameworkSlug",
      "trustServiceCriteria",
      "ismsCategory",
      "isms2022Category",
      "isAnnexA2022",
      "rules",
      "subRules",
      "pciRequirements",
      "chapters",
      "statutes",
      "regulations",
      "functions",
      "sections",
      "controlFamilies",
      "controlClasses",
      "iso27701",
      "cobit",
      "soxitgc",
      "controlBaselines",
      "cmmcClasses",
      "domains",
      "assessmentFactors",
      "userIds",
      "isOwned",
      "isReady",
      "isAnnexA",
      "isArchived",
      "isMonitored",
      "hasEvidence",
      "hasPassingTest",
      "excludeIds",
      "excludeRequirementId",
      "requirementId",
      "excludeTestId",
      "testId",
      "hasTicket",
      "connectionId",
    ]));

    this.drata.initializeJsonProps(this, [
      "frameworkTags",
      "trustServiceCriteria",
      "ismsCategory",
      "isms2022Category",
      "rules",
      "subRules",
      "pciRequirements",
      "chapters",
      "statutes",
      "regulations",
      "functions",
      "sections",
      "controlFamilies",
      "controlClasses",
      "iso27701",
      "cobit",
      "soxitgc",
      "controlBaselines",
      "cmmcClasses",
      "domains",
      "assessmentFactors",
      "userIds",
      "excludeIds",
    ]);

    const response = await this.drata.listControls({
      $,
      paginate: true,
      params,
    });

    const suffix = response.data.length === 1
      ? ""
      : "s";
    $.export("$summary", `Succesfully found ${response.data.length} control${suffix}`);

    return response;
  },
};

Action Configuration

This component may be configured based on the props defined in the component code. Pipedream automatically prompts for input values in the UI.

LabelPropTypeDescription
DratadrataappThis component uses the Drata app.
Queryqstring

Query to search for

Framework TagsframeworkTagsstring[]Select a value from the drop down menu:NONESOC_2ISO27001CCPAGDPRHIPAAPCISCFNIST80053NISTCSFCMMCNIST800171MSSSPAFFIECISO27701COBITSOX_ITGCISO270012022CCMCUSTOM
Framework SlugframeworkSlugstring

Filter data by controls associated with these custom framework Slug

Trust Service CriteriontrustServiceCriteriastring[]Select a value from the drop down menu:AVAILABILITYCONFIDENTIALITYSECURITYPRIVACYPROCESS_INTEGRITYGENERAL_RULESADMINISTRATIVE_SAFEGUARDSPHYSICAL_SAFEGUARDSTECHNICAL_SAFEGUARDSREQUIREMENTS_ORGANIZATIONREQUIREMENTS_POLICIES_PROCEDURESBASICDERIVEDNIST80053_PRIVACY
ISMS CategoryismsCategorystring[]Select a value from the drop down menu:CONTEXT_OF_THE_ORGANIZATIONLEADERSHIPPLANNINGSUPPORTOPERATIONPERFORMANCE_EVALUATIONIMPROVEMENT
ISMS Categoryisms2022Categorystring[]Select a value from the drop down menu:ISO_27001_2022_4_CONTEXT_OF_THE_ORGANIZATIONISO_27001_2022_5_LEADERSHIPISO_27001_2022_6_PLANNINGISO_27001_2022_7_SUPPORTISO_27001_2022_8_OPERATIONISO_27001_2022_9_PERFORMANCE_EVALUATIONISO_27001_2022_10_IMPROVEMENT
Is Annex A 2022isAnnexA2022boolean

Filter controls on if they are an Annex A requirement

Rulesrulesstring[]Select a value from the drop down menu:SECURITYBREACH_NOTIFICATIONPRIVACY
Sub RulessubRulesstring[]Select a value from the drop down menu:GENERAL_RULESADMINISTRATIVE_SAFEGUARDSPHYSICAL_SAFEGUARDSTECHNICAL_SAFEGUARDSREQUIREMENTS_ORGANIZATIONREQUIREMENTS_POLICIES_PROCEDURES
PCI RequirementspciRequirementsstring[]Select a value from the drop down menu:FIREWALLPASSWORDSDATA_AT_REST_PROTECTIONDATA_IN_TRANSIT_ENCRYPTIONMALWARE_PROTECTIONSECURE_SYSTEM_MANAGEMENTACCESS_RESTRICTIONSYSTEM_ACCESS_CONTROLPHYSICAL_ACCESS_CONTROLNETWORK_ACCESS_MONITORINGVULNERABILITY_TESTINGINFORMATION_SECURITY_POLICY
Chapterschaptersstring[]Select a value from the drop down menu:PRINCIPLESRIGHTS_OF_THE_DATA_SUBJECTCONTROLLER_AND_PROCESSORTRANSFERS_OF_PERSONNEL_DATA_TO_THIRD_COUNTRIES_AND_INTERNATIONAL_ORGANIZATIONS
Statutesstatutesstring[]Select a value from the drop down menu:INDIVIDUAL_RIGHTSSERVICE_PROVIDERCCPA_SECURITY
Regulationsregulationsstring[]Select a value from the drop down menu:NOTICES_TO_CONSUMERSBUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTSVERIFICATION_OF_REQUESTSSPECIAL_RULES_REGARDING_CONSUMERS_UNDER_16_YEARS_OF_AGENON_DISCRIMINATION
Functionsfunctionsstring[]Select a value from the drop down menu:IDENTIFYPROTECTDETECTRESPONDRECOVER
Sectionssectionsstring[]Select a value from the drop down menu:MANAGEMENTNOTICECHOICE_AND_CONSENTCOLLECTIONRETENTIONDATA_SUBJECTSDISCLOSURE_TO_THIRD_PARTIESQUALITYMONITORING_AND_ENFORCEMENTMS_SSPA_SECURITY
Control FamiliescontrolFamiliesstring[]Select a value from the drop down menu:AUDIT_AND_ACCOUNTABILITYCONFIGURATION_MANAGEMENTIDENTIFICATION_AND_AUTHENTICATIONINCIDENT_RESPONSEMEDIA_PROTECTIONPERSONNEL_SECURITYPHYSICAL_PROTECTIONSECURITY_ASSESSMENTSYSTEM_AND_COMMUNICATIONS_PROTECTIONSYSTEM_AND_INFORMATION_INTEGRITYNIST_CSF_RISK_ASSESSMENTNIST_CSF_MAINTENANCENIST_800_171_ACCESS_CONTROLNIST_800_171_AWARENESS_AND_TRAINING
Control ClassescontrolClassesstring[]Select a value from the drop down menu:TECHNICALOPERATIONALNIST_800_171_MANAGEMENT
ISO 27701iso27701string[]Select a value from the drop down menu:PIMS_SPECIFIC_REQUIREMENTSPIMS_SPECIFIC_GUIDANCEPII_CONTROLS_GUIDANCEPII_PROCESSORS_GUIDANCE
COBITcobitstring[]Select a value from the drop down menu:EVALUATE_DIRECT_AND_MONITORALIGN_PLAN_AND_ORGANIZEBUILD_ACQUIRE_AND_IMPLEMENTDELIVER_SERVICE_AND_SUPPORTMONITOR_EVALUATE_AND_ASSESS
SOX ITGCsoxitgcstring[]Select a value from the drop down menu:PROGRAM_DEVELOPMENTCHANGE_MANAGEMENTSYSTEM_OPERATIONSACCESS_MANAGEMENT
Control BaselinescontrolBaselinesstring[]Select a value from the drop down menu:NIST_800_53_TECHNICALNIST_800_53_OPERATIONALNIST_800_53_MANAGEMENT
CMMC ClassescmmcClassesstring[]Select a value from the drop down menu:CMMC_TECHNICALCMMC_OPERATIONALCMMC_MANAGEMENT
Domainsdomainsstring[]Select a value from the drop down menu:FFIEC_CYBER_RISK_MANAGEMENT_AND_OVERSIGHTFFIEC_THREAT_INTELLIGENCE_AND_COLLABORATIONFFIEC_CYBERSECURITY_CONTROLSFFIEC_EXTERNAL_DEPENDENCY_MANAGEMENTFFIEC_CYBER_INCIDENT_MANAGEMENT_AND_RESILIENCE
Assessment FactorsassessmentFactorsstring[]Select a value from the drop down menu:FFIEC_GOVERNANCEFFIEC_RISK_MANAGEMENTFFIEC_RESOURCESFFIEC_TRAINING_AND_CULTUREFFIEC_THREAT_INTELLIGENCEFFIEC_MONITORING_AND_ANALYZINGFFIEC_INFORMATION_SHARINGFFIEC_PREVENTATIVE_CONTROLSFFIEC_DETECTIVE_CONTROLSFFIEC_CORRECTIVE_CONTROLSFFIEC_CONNECTIONSFFIEC_RELATIONSHIP_MANAGEMENTFFIEC_INCIDENT_RESILIENCE_PLANNING_AND_STRATEGYFFIEC_DETECTION_RESPONSE_AND_MITIGATIONFFIEC_ESCALATION_AND_REPORTING
User IdsuserIdsinteger[]

User Ids of Control Owners

Is OwnedisOwnedboolean

Filter controls on if they have a control owner

Is ReadyisReadyboolean

Filter controls on if they are ready

Is Annex AisAnnexAboolean

Filter controls on if they are an Annex A requirement

Is ArchivedisArchivedboolean

Filter to controls that are or are not archived

Is MonitoredisMonitoredboolean

Filter to controls that are or are not monitored

Has EvidencehasEvidenceboolean

Filter to controls with or without evidence

Has Passing TesthasPassingTestboolean

Filter to controls with at least one passing test

Exclude IDsexcludeIdsinteger[]

Exclude controls by array of id

Exclude Requirement IDexcludeRequirementIdinteger

Exclude controls if they are mapped to this requirement id

Requirement IDrequirementIdinteger

Only include controls if they are mapped to this requirement id

Exclude Test IDexcludeTestIdinteger

Exclude controls if they are mapped to this test id

Test IDtestIdinteger

Only include controls if they are mapped to this test id

Has TickethasTicketstringSelect a value from the drop down menu:IN_PROGRESSARCHIVED
Connection IDconnectionIdinteger

This will be filled in automatic when using a taskManagementStatus.

Action Authentication

Drata uses API keys for authentication. When you connect your Drata account, Pipedream securely stores the keys so you can easily authenticate to Drata APIs in both code and no-code steps.

Make sure you're logged into the Drata UI, then see these docs to create a Drata API key. Enter it below.

About Drata

Drata automates your compliance journey from start to audit-ready and beyond and provides support from the security and compliance experts who built it.

More Ways to Connect Drata + Pipedream

Create Asset with Drata API on New Scheduled Tasks from Pipedream API
Pipedream + Drata
 
Try it
Create Control with Drata API on New Scheduled Tasks from Pipedream API
Pipedream + Drata
 
Try it
Create Vendor with Drata API on New Scheduled Tasks from Pipedream API
Pipedream + Drata
 
Try it
Find Vendors with Drata API on New Scheduled Tasks from Pipedream API
Pipedream + Drata
 
Try it
Find Personnel with Drata API on New Scheduled Tasks from Pipedream API
Pipedream + Drata
 
Try it
New Scheduled Tasks from the Pipedream API

Exposes an HTTP API for scheduling messages to be emitted at a future time

 
Try it
New Upcoming Event Alert from the Pipedream API

Emit new event based on a time interval before an upcoming event in the calendar. This source uses Pipedream's Task Scheduler. See the documentation for more information and instructions for connecting your Pipedream account.

 
Try it
Card Due Date Reminder from the Pipedream API

Emit new event at a specified time before a card is due.

 
Try it
New Upcoming Calendar Event from the Pipedream API

Emit new event when a Calendar event is upcoming, this source is using reminderMinutesBeforeStart property of the event to determine the time it should emit.

 
Try it
Employee Terminated from the Drata API

Emit a new event when an employee is terminated. See the documentation.

 
Try it
Create a Subscription with the Pipedream API

Create a Subscription. See Doc

 
Try it
Delete a Subscription with the Pipedream API

Delete a Subscription. See Doc

 
Try it
Generate Component Code with the Pipedream API

Generate component code using AI.

 
Try it
Get Component with the Pipedream API

Get info for a published component. See docs

 
Try it
Create Asset with the Drata API

Create an asset. See the documentation.

 
Try it

Explore Other Apps

1
-
24
of
2,400+
apps by most popular

HTTP / Webhook
HTTP / Webhook
Get a unique URL where you can send HTTP or webhook requests
Node
Node
Anything you can do with Node.js, you can do in a Pipedream workflow. This includes using most of npm's 400,000+ packages.
Python
Python
Anything you can do in Python can be done in a Pipedream Workflow. This includes using any of the 350,000+ PyPi packages available in your Python powered workflows.
OpenAI (ChatGPT)
OpenAI (ChatGPT)
OpenAI is an AI research and deployment company with the mission to ensure that artificial general intelligence benefits all of humanity. They are the makers of popular models like ChatGPT, DALL-E, and Whisper.
Premium
Salesforce
Salesforce
Web services API for interacting with Salesforce
Premium
HubSpot
HubSpot
HubSpot's CRM platform contains the marketing, sales, service, operations, and website-building software you need to grow your business.
Premium
Zoho CRM
Zoho CRM
Zoho CRM is an online Sales CRM software that manages your sales, marketing, and support in one CRM platform.
Premium
Stripe
Stripe
Stripe powers online and in-person payment processing and financial solutions for businesses of all sizes.
Shopify
Shopify
Shopify is a complete commerce platform that lets anyone start, manage, and grow a business. You can use Shopify to build an online store, manage sales, market to customers, and accept payments in digital and physical locations.
Premium
WooCommerce
WooCommerce
WooCommerce is the open-source ecommerce platform for WordPress.
Premium
Snowflake
Snowflake
A data warehouse built for the cloud
Premium
MongoDB
MongoDB
MongoDB is an open source NoSQL database management program.
Supabase
Supabase
Supabase is an open source Firebase alternative.
MySQL
MySQL
MySQL is an open-source relational database management system.
PostgreSQL
PostgreSQL
PostgreSQL is a free and open-source relational database management system emphasizing extensibility and SQL compliance.
Premium
AWS
AWS
Amazon Web Services (AWS) offers reliable, scalable, and inexpensive cloud computing services.
Premium
Twilio SendGrid
Twilio SendGrid
Send marketing and transactional email through the Twilio SendGrid platform with the Email API, proprietary mail transfer agent, and infrastructure for scalable delivery.
Amazon SES
Amazon SES
Amazon SES is a cloud-based email service provider that can integrate into any application for high volume email automation
Premium
Klaviyo
Klaviyo
Email Marketing and SMS Marketing Platform
Premium
Zendesk
Zendesk
Zendesk is award-winning customer service software trusted by 200K+ customers. Make customers happy via text, mobile, phone, email, live chat, social media.
Notion
Notion
Notion is a new tool that blends your everyday work apps into one. It's the all-in-one workspace for you and your team.
Slack
Slack
Slack is a channel-based messaging platform. With Slack, people can work together more effectively, connect all their software tools and services, and find the information they need to do their best work — all within a secure, enterprise-grade environment.
Microsoft Teams
Microsoft Teams
Microsoft Teams has communities, events, chats, channels, meetings, storage, tasks, and calendars in one place.
Schedule
Schedule
Trigger workflows on an interval or cron schedule.