Iru Integration Setup
This guide walks you through creating an API token in Iru and configuring the integration in RAD Security for unified endpoint visibility alongside your container and cloud runtime activity. Iru provides device management and endpoint detection and response capabilities, letting RAD Security import endpoint inventory and device details for correlation with runtime events.Prerequisites
Before you begin, ensure you have:- Access to the Iru web app for your organization
- Permissions to create and manage API tokens
- Access to a RAD Security workspace with integration permissions
Required API Permissions
Assign the following permissions to the API token used by RAD Security:| Permission | Purpose |
|---|---|
| Devices → Device list | Query endpoints |
| Devices → Device details | Retrieve endpoint details |
Step 1: Create an API Token
Copy the token
Click the visibility control to reveal the token, or click Copy Token to copy it to your clipboard. Store it in a safe location such as a password manager or secrets vault.
Step 2: Configure Token Permissions
Open the permissions editor
Click Configure to set API permissions for the token now. You can alternatively click Skip and edit them later.
Enable the required permissions
Enable the following permissions:
- ☑️ Devices → Device list
- ☑️ Devices → Device details
Inspect or modify a token later: Click on a token in the API tokens list, then click View to see token details. Use the Permissions tab to edit permissions, or the Activity tab to see token lifecycle events such as creation, renames, and permission edits.
Step 3: Get your Base URL
After you create your first API token, Iru displays your tenant-specific API URL. This is the Base URL required to configure the integration. The Base URL takes the form:If you already have existing tokens and don’t see the API URL, contact your Iru administrator or check the API token documentation in the Iru web app — the URL is tenant-specific and does not change between tokens.
Step 4: Configure in RAD Security
Navigate to your RAD Security workspace and configure the Iru integration with the following parameters:| Parameter | Required | Description | Example |
|---|---|---|---|
| Secret | Yes | The API token created in Step 1 | your-iru-api-token-here |
| Base URL | Yes | Your tenant-specific API URL from Iru | https://acme.api.kandji.io |
Verify Integration
After completing the setup, verify your integration is working:- Navigate to Data Sources > Integrations > EDR in RAD Security
- Locate your Iru integration
- Check the connection status shows as Connected
- Verify endpoint data is being synced
Your Iru integration is now configured! RAD Security can now correlate endpoint data from Iru with container and cloud runtime events.
What Data is Synced
Once configured, RAD Security will sync the following data from Iru:Endpoint Inventory
Endpoint Inventory
- List of managed devices
- Device names and identifiers
- Enrollment status
- Last check-in timestamps
Device Details
Device Details
- Operating system and version
- Hardware details
- Agent state
- Device assignments and groupings
Use Cases
Endpoint Correlation
Correlate Iru-managed endpoint data with container and cloud runtime activity to detect cross-environment threats.
Device Context for Alerts
Enrich RAD Security alerts with device details from Iru to accelerate investigation.
Unified Asset Visibility
Combine managed endpoints with containerized workloads for a complete asset inventory.
Coordinated Response
Use Iru device context when triaging and responding to incidents spanning endpoints and cloud.
Troubleshooting
Authentication Failed
Authentication Failed
Possible causes:
- API token copied incorrectly (extra spaces, truncated)
- Token was deleted or rotated in Iru
- Token permissions were removed
- Re-copy the token value and paste it into the Secret field
- Verify the token still exists in Iru under Access → API tokens
- Confirm Devices → Device list and Devices → Device details permissions are still enabled
- Create a new token if the original was deleted or lost
Insufficient Permissions
Insufficient Permissions
Possible causes:
- Token missing Device list or Device details permission
- Permissions were modified after token creation
- Open the token in Iru and select the Permissions tab
- Ensure both Devices → Device list and Devices → Device details are enabled
- Save and retry the integration
Invalid Base URL
Invalid Base URL
Possible causes:
- Wrong tenant URL supplied
- Extra path segments appended to the Base URL
- Missing
https://prefix
- Confirm the Base URL matches the tenant-specific API URL shown in Iru after your first token was created
- Provide only the root URL (e.g.,
https://acme.api.kandji.io) without trailing paths or slashes - Ensure the URL starts with
https://
No Data Syncing
No Data Syncing
Possible causes:
- No devices enrolled in Iru
- Initial sync still in progress
- API rate limits reached
- Verify devices appear in the Iru web app
- Allow up to 15 minutes for the initial sync to complete
- Review integration logs in RAD Security for errors
- Check Iru API activity for rate-limit or authorization errors
Security Best Practices
Least Privilege Tokens
Only grant the two required permissions (Device list and Device details). Avoid adding unrelated permissions to the token.
Dedicated Tokens
Create a dedicated API token for RAD Security rather than sharing tokens across integrations.
Rotate Tokens Regularly
Periodically replace the API token and delete old ones as part of normal security hygiene.
Secure Credential Storage
Store the API token in a secrets vault. Never commit it to source control.
Monitor Token Activity
Use the token Activity tab in Iru to review token usage and detect unexpected behavior.
Revoke Unused Tokens
Periodically review API tokens and delete any that are no longer in use.
Additional Resources
Generate an API Token
Upstream documentation for generating an API token
API Reference
Upstream API reference documentation
Next Steps
EDR Integrations Overview
Explore other EDR integration options
Runtime Security
Learn about RAD’s container runtime security
Alerts & Incidents
Configure correlated alerts and incident management
Threat Models
Understand how threats are detected across platforms