Find Controls with Drata API on New Message In Channels (Instant) from Slack API

Pipedream makes it easy to connect APIs for Drata, Slack and 2,000+ other apps remarkably fast.

Trigger workflow on

New Message In Channels (Instant) from the Slack API

Next, do this

Find Controls with the Drata API

No credit card required

▶

Watch us build a workflow

4 min

Watch now ➜

Trusted by 800,000+ developers from startups to Fortune 500 companies

Developers ♥ Pipedream

Getting Started#

This integration creates a workflow with a Slack trigger and Drata action. When you configure and deploy the workflow, it will run on Pipedream's servers 24x7 for free.

Select this integration
Configure the New Message In Channels (Instant) trigger
1. Connect your Slack account
2. Optional- Select one or more Channels
3. Configure slackApphook
4. Optional- Configure Resolve Names
5. Optional- Configure Ignore Bots
6. Optional- Configure Ignore replies in threads
Configure the Find Controls action
1. Connect your Drata account
2. Optional- Configure Query
3. Optional- Select one or more Framework Tags
4. Optional- Configure Framework Slug
5. Optional- Select one or more Trust Service Criterion
6. Optional- Select one or more ISMS Category
7. Optional- Select one or more ISMS Category
8. Optional- Configure Is Annex A 2022
9. Optional- Select one or more Rules
10. Optional- Select one or more Sub Rules
11. Optional- Select one or more PCI Requirements
12. Optional- Select one or more Chapters
13. Optional- Select one or more Statutes
14. Optional- Select one or more Regulations
15. Optional- Select one or more Functions
16. Optional- Select one or more Sections
17. Optional- Select one or more Control Families
18. Optional- Select one or more Control Classes
19. Optional- Select one or more ISO 27701
20. Optional- Select one or more COBIT
21. Optional- Select one or more SOX ITGC
22. Optional- Select one or more Control Baselines
23. Optional- Select one or more CMMC Classes
24. Optional- Select one or more Domains
25. Optional- Select one or more Assessment Factors
26. Optional- Configure User Ids
27. Optional- Configure Is Owned
28. Optional- Configure Is Ready
29. Optional- Configure Is Annex A
30. Optional- Configure Is Archived
31. Optional- Configure Is Monitored
32. Optional- Configure Has Evidence
33. Optional- Configure Has Passing Test
34. Optional- Configure Exclude IDs
35. Optional- Configure Exclude Requirement ID
36. Optional- Configure Requirement ID
37. Optional- Configure Exclude Test ID
38. Optional- Configure Test ID
39. Optional- Select a Has Ticket
40. Optional- Configure Connection ID
Deploy the workflow
Send a test event to validate your setup
Turn on the trigger

Details#

This integration uses pre-built, source-available components from Pipedream's GitHub repo. These components are developed by Pipedream and the community, and verified and maintained by Pipedream.

To contribute an update to an existing component or create a new component, create a PR on GitHub. If you're new to Pipedream component development, you can start with quickstarts for trigger span and action development, and then review the component API reference.

Trigger#

New Message In Channels (Instant) on Slack

Description:Emit new event when a new message is posted to one or more channels

Version:1.0.14

Key:slack-new-message-in-channels

View on GitHub

Slack Overview#

The Pipedream Slack app enables you to build event-driven workflows that interact with the Slack API. When you authorize the Pipedream app's access to your workspace, you can use Pipedream workflows to perform common Slack actions, or write your own code against the Slack API.

The Pipedream Slack app is not a typical app. You don't interact with it directly as a bot, and it doesn't add custom functionality to your workspace out of the box. It makes it easier to automate anything you'd typically use the Slack API for, using Pipedream workflows.

Automate posting updates to your team channels
Create a bot to answer common questions
Integrate with your existing tools and services
And much more!

Trigger Code#

import common from "../common/base.mjs";
import sampleEmit from "./test-event.mjs";
import constants from "../common/constants.mjs";

export default {
  ...common,
  key: "slack-new-message-in-channels",
  name: "New Message In Channels (Instant)",
  version: "1.0.14",
  description: "Emit new event when a new message is posted to one or more channels",
  type: "source",
  dedupe: "unique",
  props: {
    ...common.props,
    conversations: {
      propDefinition: [
        common.props.slack,
        "conversation",
      ],
      type: "string[]",
      label: "Channels",
      description: "Select one or more channels to monitor for new messages.",
      optional: true,
    },
    // eslint-disable-next-line pipedream/props-description,pipedream/props-label
    slackApphook: {
      type: "$.interface.apphook",
      appProp: "slack",
      async eventNames() {
        return this.conversations || [
          "message",
        ];
      },
    },
    resolveNames: {
      propDefinition: [
        common.props.slack,
        "resolveNames",
      ],
    },
    ignoreBot: {
      propDefinition: [
        common.props.slack,
        "ignoreBot",
      ],
    },
    ignoreThreads: {
      type: "boolean",
      label: "Ignore replies in threads",
      description: "Ignore replies to messages in threads",
      optional: true,
    },
  },
  methods: {
    ...common.methods,
    getSummary() {
      return "New message in channel";
    },
    async processEvent(event) {
      if (event.type !== "message") {
        console.log(`Ignoring event with unexpected type "${event.type}"`);
        return;
      }
      if (event.subtype && !constants.ALLOWED_MESSAGE_IN_CHANNEL_SUBTYPES.includes(event.subtype)) {
        // This source is designed to just emit an event for each new message received.
        // Due to inconsistencies with the shape of message_changed and message_deleted
        // events, we are ignoring them for now. If you want to handle these types of
        // events, feel free to change this code!!
        console.log("Ignoring message with subtype.");
        return;
      }
      if ((this.ignoreBot) && (event.subtype == "bot_message" || event.bot_id)) {
        return;
      }
      console.log(event.s);
      // There is no thread message type only the thread_ts field
      // indicates if the message is part of a thread in the event.
      if (this.ignoreThreads && event.thread_ts) {
        console.log("Ignoring reply in thread");
        return;
      }
      if (this.resolveNames) {
        if (event.user) {
          event.user_id = event.user;
          event.user = await this.getUserName(event.user);
        } else if (event.bot_id) {
          event.bot = await this.getBotName(event.bot_id);
        }
        event.channel_id = event.channel;
        event.channel = await this.getConversationName(event.channel);
        if (event.team) {
          event.team_id = event.team;
          event.team = await this.getTeamName(event.team);
        }
      }
      return event;
    },
  },
  sampleEmit,
};

Trigger Configuration#

This component may be configured based on the props defined in the component code. Pipedream automatically prompts for input values in the UI and CLI.

Label	Prop	Type	Description
Slack	`slack`	`app`	This component uses the Slack app.
N/A	`db`	`$.service.db`	This component uses `$.service.db` to maintain state between executions.
Channels	`conversations`	`string[]`	Select a value from the drop down menu.
	`slackApphook`	`$.interface.apphook`
Resolve Names	`resolveNames`	`boolean`	Instead of returning `channel`, `team`, and `user` as IDs, return their human-readable names.
Ignore Bots	`ignoreBot`	`boolean`	Ignore messages from bots
Ignore replies in threads	`ignoreThreads`	`boolean`	Ignore replies to messages in threads

Trigger Authentication#

Slack uses OAuth authentication. When you connect your Slack account, Pipedream will open a popup window where you can sign into Slack and grant Pipedream permission to connect to your account. Pipedream securely stores and automatically refreshes the OAuth tokens so you can easily authenticate any Slack API.

Pipedream requests the following authorization scopes when you connect your account:

bookmarks:writecalls:readcalls:writechannels:historychannels:readchannels:writednd:readdnd:writeemoji:readfiles:readgroups:historygroups:readgroups:writeim:historyim:readim:writelinks:readlinks:writempim:historympim:readmpim:writepins:readpins:writereactions:readreactions:writereminders:readreminders:writeremote_files:readremote_files:sharestars:readstars:writeteam:readusergroups:readusergroups:writeusers:readusers:read.emailusers:writechat:write:botchat:write:usercommandsfiles:write:userusers.profile:writeusers.profile:readsearch:read

About Slack#

Slack is a channel-based messaging platform. With Slack, people can work together more effectively, connect all their software tools and services, and find the information they need to do their best work — all within a secure, enterprise-grade environment.

Action#

Find Controls on Drata

Description:Find Controls. [See the documentation](https://developers.drata.com/docs/openapi/reference/operation/GRCPublicController_getControls/).

Version:0.0.3

Key:drata-find-controls

View on GitHub

Drata Overview#

Drata is a compliance automation platform. Drata’s platform is built by compliance and security experts so you don’t have to be one. With 75+ native integrations, you can easily connect your tech stack and automate evidence collection and testing.

Pipedream customers get 25% off Drata, with implementation fees waived. Visit https://drata.com/partner/pipedream for more information.

Action Code#

import drata from "../../drata.app.mjs";
import _ from "lodash";

const docsLink = "https://developers.drata.com/docs/openapi/reference/operation/GRCPublicController_getControls/";

export default {
  key: "drata-find-controls",
  name: "Find Controls",
  description: `Find Controls. [See the documentation](${docsLink}).`,
  version: "0.0.3",
  type: "action",
  props: {
    drata,
    q: {
      type: "string",
      label: "Query",
      description: "Query to search for",
      optional: true,
    },
    frameworkTags: {
      type: "string[]",
      label: "Framework Tags",
      description: "Filter data by controls associated with these framework tags",
      optional: true,
      options: [
        "NONE",
        "SOC_2",
        "ISO27001",
        "CCPA",
        "GDPR",
        "HIPAA",
        "PCI",
        "SCF",
        "NIST80053",
        "NISTCSF",
        "CMMC",
        "NIST800171",
        "MSSSPA",
        "FFIEC",
        "ISO27701",
        "COBIT",
        "SOX_ITGC",
        "ISO270012022",
        "CCM",
        "CUSTOM",
      ],
    },
    frameworkSlug: {
      type: "string",
      label: "Framework Slug",
      description: "Filter data by controls associated with these custom framework Slug",
      optional: true,
    },
    trustServiceCriteria: {
      type: "string[]",
      label: "Trust Service Criterion",
      description: "Filter controls on their Trust Service Criteria",
      optional: true,
      options: [
        "AVAILABILITY",
        "CONFIDENTIALITY",
        "SECURITY",
        "PRIVACY",
        "PROCESS_INTEGRITY",
        "GENERAL_RULES",
        "ADMINISTRATIVE_SAFEGUARDS",
        "PHYSICAL_SAFEGUARDS",
        "TECHNICAL_SAFEGUARDS",
        "REQUIREMENTS_ORGANIZATION",
        "REQUIREMENTS_POLICIES_PROCEDURES",
        "BASIC",
        "DERIVED",
        "NIST80053_PRIVACY",
      ],
    },
    ismsCategory: {
      type: "string[]",
      label: "ISMS Category",
      description: "Filter controls on their ISMS Category",
      optional: true,
      options: [
        "CONTEXT_OF_THE_ORGANIZATION",
        "LEADERSHIP",
        "PLANNING",
        "SUPPORT",
        "OPERATION",
        "PERFORMANCE_EVALUATION",
        "IMPROVEMENT",
      ],
    },
    isms2022Category: {
      type: "string[]",
      label: "ISMS Category",
      description: "Filter controls on their ISMS Category",
      optional: true,
      options: [
        "ISO_27001_2022_4_CONTEXT_OF_THE_ORGANIZATION",
        "ISO_27001_2022_5_LEADERSHIP",
        "ISO_27001_2022_6_PLANNING",
        "ISO_27001_2022_7_SUPPORT",
        "ISO_27001_2022_8_OPERATION",
        "ISO_27001_2022_9_PERFORMANCE_EVALUATION",
        "ISO_27001_2022_10_IMPROVEMENT",
      ],
    },
    isAnnexA2022: {
      type: "boolean",
      label: "Is Annex A 2022",
      description: "Filter controls on if they are an Annex A requirement",
      optional: true,
    },
    rules: {
      type: "string[]",
      label: "Rules",
      description: "Filter controls on their Hipaa rules",
      optional: true,
      options: [
        "SECURITY",
        "BREACH_NOTIFICATION",
        "PRIVACY",
      ],
    },
    subRules: {
      type: "string[]",
      label: "Sub Rules",
      description: "Filter controls on their Hipaa sub rules",
      optional: true,
      options: [
        "GENERAL_RULES",
        "ADMINISTRATIVE_SAFEGUARDS",
        "PHYSICAL_SAFEGUARDS",
        "TECHNICAL_SAFEGUARDS",
        "REQUIREMENTS_ORGANIZATION",
        "REQUIREMENTS_POLICIES_PROCEDURES",
      ],
    },
    pciRequirements: {
      type: "string[]",
      label: "PCI Requirements",
      description: "Filter controls on their PCI requirements",
      optional: true,
      options: [
        "FIREWALL",
        "PASSWORDS",
        "DATA_AT_REST_PROTECTION",
        "DATA_IN_TRANSIT_ENCRYPTION",
        "MALWARE_PROTECTION",
        "SECURE_SYSTEM_MANAGEMENT",
        "ACCESS_RESTRICTION",
        "SYSTEM_ACCESS_CONTROL",
        "PHYSICAL_ACCESS_CONTROL",
        "NETWORK_ACCESS_MONITORING",
        "VULNERABILITY_TESTING",
        "INFORMATION_SECURITY_POLICY",
      ],
    },
    chapters: {
      type: "string[]",
      label: "Chapters",
      description: "Filter controls on their GDPR chapters",
      optional: true,
      options: [
        "PRINCIPLES",
        "RIGHTS_OF_THE_DATA_SUBJECT",
        "CONTROLLER_AND_PROCESSOR",
        "TRANSFERS_OF_PERSONNEL_DATA_TO_THIRD_COUNTRIES_AND_INTERNATIONAL_ORGANIZATIONS",
      ],
    },
    statutes: {
      type: "string[]",
      label: "Statutes",
      description: "Filter controls on their CCPA statutes",
      optional: true,
      options: [
        "INDIVIDUAL_RIGHTS",
        "SERVICE_PROVIDER",
        "CCPA_SECURITY",
      ],
    },
    regulations: {
      type: "string[]",
      label: "Regulations",
      description: "Filter controls on their CCPA regulations",
      optional: true,
      options: [
        "NOTICES_TO_CONSUMERS",
        "BUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTS",
        "VERIFICATION_OF_REQUESTS",
        "SPECIAL_RULES_REGARDING_CONSUMERS_UNDER_16_YEARS_OF_AGE",
        "NON_DISCRIMINATION",
      ],
    },
    functions: {
      type: "string[]",
      label: "Functions",
      description: "Filter controls on their NIST CSF Functions",
      optional: true,
      options: [
        "IDENTIFY",
        "PROTECT",
        "DETECT",
        "RESPOND",
        "RECOVER",
      ],
    },
    sections: {
      type: "string[]",
      label: "Sections",
      description: "Filter controls on their MSSSPA Section",
      optional: true,
      options: [
        "MANAGEMENT",
        "NOTICE",
        "CHOICE_AND_CONSENT",
        "COLLECTION",
        "RETENTION",
        "DATA_SUBJECTS",
        "DISCLOSURE_TO_THIRD_PARTIES",
        "QUALITY",
        "MONITORING_AND_ENFORCEMENT",
        "MS_SSPA_SECURITY",
      ],
    },
    controlFamilies: {
      type: "string[]",
      label: "Control Families",
      description: "Filter controls on their NIST SP 800-171 Control Family",
      optional: true,
      options: [
        "AUDIT_AND_ACCOUNTABILITY",
        "CONFIGURATION_MANAGEMENT",
        "IDENTIFICATION_AND_AUTHENTICATION",
        "INCIDENT_RESPONSE",
        "MEDIA_PROTECTION",
        "PERSONNEL_SECURITY",
        "PHYSICAL_PROTECTION",
        "SECURITY_ASSESSMENT",
        "SYSTEM_AND_COMMUNICATIONS_PROTECTION",
        "SYSTEM_AND_INFORMATION_INTEGRITY",
        "NIST_CSF_RISK_ASSESSMENT",
        "NIST_CSF_MAINTENANCE",
        "NIST_800_171_ACCESS_CONTROL",
        "NIST_800_171_AWARENESS_AND_TRAINING",
      ],
    },
    controlClasses: {
      type: "string[]",
      label: "Control Classes",
      description: "Filter controls on their NIST SP 800-171 Control Class",
      optional: true,
      options: [
        "TECHNICAL",
        "OPERATIONAL",
        "NIST_800_171_MANAGEMENT",
      ],
    },
    iso27701: {
      type: "string[]",
      label: "ISO 27701",
      description: "Filter controls on their ISO27701 requirements",
      optional: true,
      options: [
        "PIMS_SPECIFIC_REQUIREMENTS",
        "PIMS_SPECIFIC_GUIDANCE",
        "PII_CONTROLS_GUIDANCE",
        "PII_PROCESSORS_GUIDANCE",
      ],
    },
    cobit: {
      type: "string[]",
      label: "COBIT",
      description: "Filter controls on their COBIT requirements",
      optional: true,
      options: [
        "EVALUATE_DIRECT_AND_MONITOR",
        "ALIGN_PLAN_AND_ORGANIZE",
        "BUILD_ACQUIRE_AND_IMPLEMENT",
        "DELIVER_SERVICE_AND_SUPPORT",
        "MONITOR_EVALUATE_AND_ASSESS",
      ],
    },
    soxitgc: {
      type: "string[]",
      label: "SOX ITGC",
      description: "Filter controls on their SOX requirements",
      optional: true,
      options: [
        "PROGRAM_DEVELOPMENT",
        "CHANGE_MANAGEMENT",
        "SYSTEM_OPERATIONS",
        "ACCESS_MANAGEMENT",
      ],
    },
    controlBaselines: {
      type: "string[]",
      label: "Control Baselines",
      description: "Filter controls on their NIST SP 800-53 Control Baseline",
      optional: true,
      options: [
        "NIST_800_53_TECHNICAL",
        "NIST_800_53_OPERATIONAL",
        "NIST_800_53_MANAGEMENT",
      ],
    },
    cmmcClasses: {
      type: "string[]",
      label: "CMMC Classes",
      description: "Filter controls on their NIST SP 800-53 Control Baseline",
      optional: true,
      options: [
        "CMMC_TECHNICAL",
        "CMMC_OPERATIONAL",
        "CMMC_MANAGEMENT",
      ],
    },
    domains: {
      type: "string[]",
      label: "Domains",
      description: "Filter controls on their FFIEC Domains",
      optional: true,
      options: [
        "FFIEC_CYBER_RISK_MANAGEMENT_AND_OVERSIGHT",
        "FFIEC_THREAT_INTELLIGENCE_AND_COLLABORATION",
        "FFIEC_CYBERSECURITY_CONTROLS",
        "FFIEC_EXTERNAL_DEPENDENCY_MANAGEMENT",
        "FFIEC_CYBER_INCIDENT_MANAGEMENT_AND_RESILIENCE",
      ],
    },
    assessmentFactors: {
      type: "string[]",
      label: "Assessment Factors",
      description: "Filter controls on their FFIEC Assessment Factors",
      optional: true,
      options: [
        "FFIEC_GOVERNANCE",
        "FFIEC_RISK_MANAGEMENT",
        "FFIEC_RESOURCES",
        "FFIEC_TRAINING_AND_CULTURE",
        "FFIEC_THREAT_INTELLIGENCE",
        "FFIEC_MONITORING_AND_ANALYZING",
        "FFIEC_INFORMATION_SHARING",
        "FFIEC_PREVENTATIVE_CONTROLS",
        "FFIEC_DETECTIVE_CONTROLS",
        "FFIEC_CORRECTIVE_CONTROLS",
        "FFIEC_CONNECTIONS",
        "FFIEC_RELATIONSHIP_MANAGEMENT",
        "FFIEC_INCIDENT_RESILIENCE_PLANNING_AND_STRATEGY",
        "FFIEC_DETECTION_RESPONSE_AND_MITIGATION",
        "FFIEC_ESCALATION_AND_REPORTING",
      ],
    },
    userIds: {
      type: "integer[]",
      label: "User Ids",
      description: "User Ids of Control Owners",
      optional: true,
    },
    isOwned: {
      type: "boolean",
      label: "Is Owned",
      description: "Filter controls on if they have a control owner",
      optional: true,
    },
    isReady: {
      type: "boolean",
      label: "Is Ready",
      description: "Filter controls on if they are ready",
      optional: true,
    },
    isAnnexA: {
      type: "boolean",
      label: "Is Annex A",
      description: "Filter controls on if they are an Annex A requirement",
      optional: true,
    },
    isArchived: {
      type: "boolean",
      label: "Is Archived",
      description: "Filter to controls that are or are not archived",
      optional: true,
    },
    isMonitored: {
      type: "boolean",
      label: "Is Monitored",
      description: "Filter to controls that are or are not monitored",
      optional: true,
    },
    hasEvidence: {
      type: "boolean",
      label: "Has Evidence",
      description: "Filter to controls with or without evidence",
      optional: true,
    },
    hasPassingTest: {
      type: "boolean",
      label: "Has Passing Test",
      description: "Filter to controls with at least one passing test",
      optional: true,
    },
    excludeIds: {
      type: "integer[]",
      label: "Exclude IDs",
      description: "Exclude controls by array of id",
      optional: true,
    },
    excludeRequirementId: {
      type: "integer",
      label: "Exclude Requirement ID",
      description: "Exclude controls if they are mapped to this requirement id",
      optional: true,
    },
    requirementId: {
      type: "integer",
      label: "Requirement ID",
      description: "Only include controls if they are mapped to this requirement id",
      optional: true,
    },
    excludeTestId: {
      type: "integer",
      label: "Exclude Test ID",
      description: "Exclude controls if they are mapped to this test id",
      optional: true,
    },
    testId: {
      type: "integer",
      label: "Test ID",
      description: "Only include controls if they are mapped to this test id",
      optional: true,
    },
    hasTicket: {
      type: "string",
      label: "Has Ticket",
      description: "Only include controls if they associted to a task management ticket",
      optional: true,
      options: [
        "IN_PROGRESS",
        "ARCHIVED",
      ],
    },
    connectionId: {
      type: "integer",
      label: "Connection ID",
      description: "This will be filled in automatic when using a taskManagementStatus.",
      optional: true,
    },
  },
  async run({ $ }) {
    const params = _.pickBy(_.pick(this, [
      "q",
      "frameworkTags",
      "frameworkSlug",
      "trustServiceCriteria",
      "ismsCategory",
      "isms2022Category",
      "isAnnexA2022",
      "rules",
      "subRules",
      "pciRequirements",
      "chapters",
      "statutes",
      "regulations",
      "functions",
      "sections",
      "controlFamilies",
      "controlClasses",
      "iso27701",
      "cobit",
      "soxitgc",
      "controlBaselines",
      "cmmcClasses",
      "domains",
      "assessmentFactors",
      "userIds",
      "isOwned",
      "isReady",
      "isAnnexA",
      "isArchived",
      "isMonitored",
      "hasEvidence",
      "hasPassingTest",
      "excludeIds",
      "excludeRequirementId",
      "requirementId",
      "excludeTestId",
      "testId",
      "hasTicket",
      "connectionId",
    ]));

    this.drata.initializeJsonProps(this, [
      "frameworkTags",
      "trustServiceCriteria",
      "ismsCategory",
      "isms2022Category",
      "rules",
      "subRules",
      "pciRequirements",
      "chapters",
      "statutes",
      "regulations",
      "functions",
      "sections",
      "controlFamilies",
      "controlClasses",
      "iso27701",
      "cobit",
      "soxitgc",
      "controlBaselines",
      "cmmcClasses",
      "domains",
      "assessmentFactors",
      "userIds",
      "excludeIds",
    ]);

    const response = await this.drata.listControls({
      $,
      paginate: true,
      params,
    });

    const suffix = response.data.length === 1
      ? ""
      : "s";
    $.export("$summary", `Succesfully found ${response.data.length} control${suffix}`);

    return response;
  },
};

Action Configuration#

This component may be configured based on the props defined in the component code. Pipedream automatically prompts for input values in the UI.

Label	Prop	Type	Description
Drata	`drata`	`app`	This component uses the Drata app.
Query	`q`	`string`	Query to search for
Framework Tags	`frameworkTags`	`string[]`	Select a value from the drop down menu:`NONESOC_2ISO27001CCPAGDPRHIPAAPCISCFNIST80053NISTCSFCMMCNIST800171MSSSPAFFIECISO27701COBITSOX_ITGCISO270012022CCMCUSTOM`
Framework Slug	`frameworkSlug`	`string`	Filter data by controls associated with these custom framework Slug
Trust Service Criterion	`trustServiceCriteria`	`string[]`	Select a value from the drop down menu:`AVAILABILITYCONFIDENTIALITYSECURITYPRIVACYPROCESS_INTEGRITYGENERAL_RULESADMINISTRATIVE_SAFEGUARDSPHYSICAL_SAFEGUARDSTECHNICAL_SAFEGUARDSREQUIREMENTS_ORGANIZATIONREQUIREMENTS_POLICIES_PROCEDURESBASICDERIVEDNIST80053_PRIVACY`
ISMS Category	`ismsCategory`	`string[]`	Select a value from the drop down menu:`CONTEXT_OF_THE_ORGANIZATIONLEADERSHIPPLANNINGSUPPORTOPERATIONPERFORMANCE_EVALUATIONIMPROVEMENT`
ISMS Category	`isms2022Category`	`string[]`	Select a value from the drop down menu:`ISO_27001_2022_4_CONTEXT_OF_THE_ORGANIZATIONISO_27001_2022_5_LEADERSHIPISO_27001_2022_6_PLANNINGISO_27001_2022_7_SUPPORTISO_27001_2022_8_OPERATIONISO_27001_2022_9_PERFORMANCE_EVALUATIONISO_27001_2022_10_IMPROVEMENT`
Is Annex A 2022	`isAnnexA2022`	`boolean`	Filter controls on if they are an Annex A requirement
Rules	`rules`	`string[]`	Select a value from the drop down menu:`SECURITYBREACH_NOTIFICATIONPRIVACY`
Sub Rules	`subRules`	`string[]`	Select a value from the drop down menu:`GENERAL_RULESADMINISTRATIVE_SAFEGUARDSPHYSICAL_SAFEGUARDSTECHNICAL_SAFEGUARDSREQUIREMENTS_ORGANIZATIONREQUIREMENTS_POLICIES_PROCEDURES`
PCI Requirements	`pciRequirements`	`string[]`	Select a value from the drop down menu:`FIREWALLPASSWORDSDATA_AT_REST_PROTECTIONDATA_IN_TRANSIT_ENCRYPTIONMALWARE_PROTECTIONSECURE_SYSTEM_MANAGEMENTACCESS_RESTRICTIONSYSTEM_ACCESS_CONTROLPHYSICAL_ACCESS_CONTROLNETWORK_ACCESS_MONITORINGVULNERABILITY_TESTINGINFORMATION_SECURITY_POLICY`
Chapters	`chapters`	`string[]`	Select a value from the drop down menu:`PRINCIPLESRIGHTS_OF_THE_DATA_SUBJECTCONTROLLER_AND_PROCESSORTRANSFERS_OF_PERSONNEL_DATA_TO_THIRD_COUNTRIES_AND_INTERNATIONAL_ORGANIZATIONS`
Statutes	`statutes`	`string[]`	Select a value from the drop down menu:`INDIVIDUAL_RIGHTSSERVICE_PROVIDERCCPA_SECURITY`
Regulations	`regulations`	`string[]`	Select a value from the drop down menu:`NOTICES_TO_CONSUMERSBUSINESS_PRACTICES_FOR_HANDLING_CONSUMER_REQUESTSVERIFICATION_OF_REQUESTSSPECIAL_RULES_REGARDING_CONSUMERS_UNDER_16_YEARS_OF_AGENON_DISCRIMINATION`
Functions	`functions`	`string[]`	Select a value from the drop down menu:`IDENTIFYPROTECTDETECTRESPONDRECOVER`
Sections	`sections`	`string[]`	Select a value from the drop down menu:`MANAGEMENTNOTICECHOICE_AND_CONSENTCOLLECTIONRETENTIONDATA_SUBJECTSDISCLOSURE_TO_THIRD_PARTIESQUALITYMONITORING_AND_ENFORCEMENTMS_SSPA_SECURITY`
Control Families	`controlFamilies`	`string[]`	Select a value from the drop down menu:`AUDIT_AND_ACCOUNTABILITYCONFIGURATION_MANAGEMENTIDENTIFICATION_AND_AUTHENTICATIONINCIDENT_RESPONSEMEDIA_PROTECTIONPERSONNEL_SECURITYPHYSICAL_PROTECTIONSECURITY_ASSESSMENTSYSTEM_AND_COMMUNICATIONS_PROTECTIONSYSTEM_AND_INFORMATION_INTEGRITYNIST_CSF_RISK_ASSESSMENTNIST_CSF_MAINTENANCENIST_800_171_ACCESS_CONTROLNIST_800_171_AWARENESS_AND_TRAINING`
Control Classes	`controlClasses`	`string[]`	Select a value from the drop down menu:`TECHNICALOPERATIONALNIST_800_171_MANAGEMENT`
ISO 27701	`iso27701`	`string[]`	Select a value from the drop down menu:`PIMS_SPECIFIC_REQUIREMENTSPIMS_SPECIFIC_GUIDANCEPII_CONTROLS_GUIDANCEPII_PROCESSORS_GUIDANCE`
COBIT	`cobit`	`string[]`	Select a value from the drop down menu:`EVALUATE_DIRECT_AND_MONITORALIGN_PLAN_AND_ORGANIZEBUILD_ACQUIRE_AND_IMPLEMENTDELIVER_SERVICE_AND_SUPPORTMONITOR_EVALUATE_AND_ASSESS`
SOX ITGC	`soxitgc`	`string[]`	Select a value from the drop down menu:`PROGRAM_DEVELOPMENTCHANGE_MANAGEMENTSYSTEM_OPERATIONSACCESS_MANAGEMENT`
Control Baselines	`controlBaselines`	`string[]`	Select a value from the drop down menu:`NIST_800_53_TECHNICALNIST_800_53_OPERATIONALNIST_800_53_MANAGEMENT`
CMMC Classes	`cmmcClasses`	`string[]`	Select a value from the drop down menu:`CMMC_TECHNICALCMMC_OPERATIONALCMMC_MANAGEMENT`
Domains	`domains`	`string[]`	Select a value from the drop down menu:`FFIEC_CYBER_RISK_MANAGEMENT_AND_OVERSIGHTFFIEC_THREAT_INTELLIGENCE_AND_COLLABORATIONFFIEC_CYBERSECURITY_CONTROLSFFIEC_EXTERNAL_DEPENDENCY_MANAGEMENTFFIEC_CYBER_INCIDENT_MANAGEMENT_AND_RESILIENCE`
Assessment Factors	`assessmentFactors`	`string[]`	Select a value from the drop down menu:`FFIEC_GOVERNANCEFFIEC_RISK_MANAGEMENTFFIEC_RESOURCESFFIEC_TRAINING_AND_CULTUREFFIEC_THREAT_INTELLIGENCEFFIEC_MONITORING_AND_ANALYZINGFFIEC_INFORMATION_SHARINGFFIEC_PREVENTATIVE_CONTROLSFFIEC_DETECTIVE_CONTROLSFFIEC_CORRECTIVE_CONTROLSFFIEC_CONNECTIONSFFIEC_RELATIONSHIP_MANAGEMENTFFIEC_INCIDENT_RESILIENCE_PLANNING_AND_STRATEGYFFIEC_DETECTION_RESPONSE_AND_MITIGATIONFFIEC_ESCALATION_AND_REPORTING`
User Ids	`userIds`	`integer[]`	User Ids of Control Owners
Is Owned	`isOwned`	`boolean`	Filter controls on if they have a control owner
Is Ready	`isReady`	`boolean`	Filter controls on if they are ready
Is Annex A	`isAnnexA`	`boolean`	Filter controls on if they are an Annex A requirement
Is Archived	`isArchived`	`boolean`	Filter to controls that are or are not archived
Is Monitored	`isMonitored`	`boolean`	Filter to controls that are or are not monitored
Has Evidence	`hasEvidence`	`boolean`	Filter to controls with or without evidence
Has Passing Test	`hasPassingTest`	`boolean`	Filter to controls with at least one passing test
Exclude IDs	`excludeIds`	`integer[]`	Exclude controls by array of id
Exclude Requirement ID	`excludeRequirementId`	`integer`	Exclude controls if they are mapped to this requirement id
Requirement ID	`requirementId`	`integer`	Only include controls if they are mapped to this requirement id
Exclude Test ID	`excludeTestId`	`integer`	Exclude controls if they are mapped to this test id
Test ID	`testId`	`integer`	Only include controls if they are mapped to this test id
Has Ticket	`hasTicket`	`string`	Select a value from the drop down menu:`IN_PROGRESSARCHIVED`
Connection ID	`connectionId`	`integer`	This will be filled in automatic when using a taskManagementStatus.

Action Authentication#

Drata uses API keys for authentication. When you connect your Drata account, Pipedream securely stores the keys so you can easily authenticate to Drata APIs in both code and no-code steps.

Make sure you're logged into the Drata UI, then see these docs to create a Drata API key. Enter it below.

About Drata#

Drata automates your compliance journey from start to audit-ready and beyond and provides support from the security and compliance experts who built it.

More Ways to Connect Drata + Slack#

Other Popular Integrations#

Create Asset with Drata API on New Direct Message (Instant) from Slack API

Slack + Drata

Find Controls with Drata API on New Message In Channels (Instant) from Slack API

Pipedream makes it easy to connect APIs for Drata, Slack and 2,000+ other apps remarkably fast.

Trusted by 800,000+ developers from startups to Fortune 500 companies

Developers ♥ Pipedream

1-24of2,000+apps by most popular

1
-
24
of
2,000+
apps by most popular