> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rad.security/llms.txt
> Use this file to discover all available pages before exploring further.

# Iru

> Configure Iru integration with RAD Security to import endpoint detection and response findings.

# Iru Integration Setup

This guide walks you through creating an API token in Iru and configuring the integration in RAD Security for unified endpoint visibility alongside your container and cloud runtime activity.

Iru provides device management and endpoint detection and response capabilities, letting RAD Security import endpoint inventory and device details for correlation with runtime events.

## Prerequisites

Before you begin, ensure you have:

<Check>
  * Access to the Iru web app for your organization
  * Permissions to create and manage API tokens
  * Access to a RAD Security workspace with integration permissions
</Check>

<Warning>
  **Token Visibility:** The API token value is only displayed once when it is created. Make sure you store it securely before closing the dialog.
</Warning>

***

## Required API Permissions

Assign the following permissions to the API token used by RAD Security:

| Permission                   | Purpose                   |
| ---------------------------- | ------------------------- |
| **Devices → Device list**    | Query endpoints           |
| **Devices → Device details** | Retrieve endpoint details |

***

## Step 1: Create an API Token

<Steps>
  <Step title="Log in to Iru">
    Sign in to the Iru web app with an account that can create and manage API tokens.
  </Step>

  <Step title="Open the user menu">
    Click your username in the bottom left of the interface.
  </Step>

  <Step title="Navigate to API tokens">
    Click **Access**, then click **API tokens**.
  </Step>

  <Step title="Add a new token">
    Click **Add Token**.
  </Step>

  <Step title="Name the token">
    Enter a **Name** and **Description** for the token (e.g., "RAD Security EDR").
  </Step>

  <Step title="Create the token">
    Click **Create**. Iru displays a modal containing the new API token.
  </Step>

  <Step title="Copy the token">
    Click the visibility control to reveal the token, or click **Copy Token** to copy it to your clipboard. Store it in a safe location such as a password manager or secrets vault.

    <Warning>
      **You will not be able to view the token again.** If you lose it, you will need to delete the token and create a new one.
    </Warning>
  </Step>

  <Step title="Continue to permissions">
    Click **Next** to move on to permission configuration.
  </Step>
</Steps>

***

## Step 2: Configure Token Permissions

<Steps>
  <Step title="Open the permissions editor">
    Click **Configure** to set API permissions for the token now. You can alternatively click **Skip** and edit them later.
  </Step>

  <Step title="Enable the required permissions">
    Enable the following permissions:

    * ☑️ **Devices → Device list**
    * ☑️ **Devices → Device details**
  </Step>

  <Step title="Save the permissions">
    Click **Save** to apply the changes.
  </Step>
</Steps>

<Note>
  **Inspect or modify a token later:** Click on a token in the API tokens list, then click **View** to see token details. Use the **Permissions** tab to edit permissions, or the **Activity** tab to see token lifecycle events such as creation, renames, and permission edits.
</Note>

***

## Step 3: Get your Base URL

After you create your **first** API token, Iru displays your tenant-specific **API URL**. This is the Base URL required to configure the integration.

The Base URL takes the form:

```
https://{tenant}.api.kandji.io
```

<Note>
  If you already have existing tokens and don't see the API URL, contact your Iru administrator or check the API token documentation in the Iru web app — the URL is tenant-specific and does not change between tokens.
</Note>

***

## Step 4: Configure in RAD Security

Navigate to your RAD Security workspace and configure the Iru integration with the following parameters:

| Parameter    | Required | Description                           | Example                      |
| ------------ | -------- | ------------------------------------- | ---------------------------- |
| **Secret**   | Yes      | The API token created in Step 1       | `your-iru-api-token-here`    |
| **Base URL** | Yes      | Your tenant-specific API URL from Iru | `https://acme.api.kandji.io` |

***

## Verify Integration

After completing the setup, verify your integration is working:

1. Navigate to **Data Sources > Integrations > EDR** in RAD Security
2. Locate your Iru integration
3. Check the connection status shows as **Connected**
4. Verify endpoint data is being synced

<Check>
  Your Iru integration is now configured! RAD Security can now correlate endpoint data from Iru with container and cloud runtime events.
</Check>

## What Data is Synced

Once configured, RAD Security will sync the following data from Iru:

<AccordionGroup>
  <Accordion title="Endpoint Inventory" icon="computer">
    * List of managed devices
    * Device names and identifiers
    * Enrollment status
    * Last check-in timestamps
  </Accordion>

  <Accordion title="Device Details" icon="circle-info">
    * Operating system and version
    * Hardware details
    * Agent state
    * Device assignments and groupings
  </Accordion>
</AccordionGroup>

## Use Cases

<CardGroup cols={2}>
  <Card title="Endpoint Correlation" icon="shield-check">
    Correlate Iru-managed endpoint data with container and cloud runtime activity to detect cross-environment threats.
  </Card>

  <Card title="Device Context for Alerts" icon="magnifying-glass-chart">
    Enrich RAD Security alerts with device details from Iru to accelerate investigation.
  </Card>

  <Card title="Unified Asset Visibility" icon="network-wired">
    Combine managed endpoints with containerized workloads for a complete asset inventory.
  </Card>

  <Card title="Coordinated Response" icon="bolt">
    Use Iru device context when triaging and responding to incidents spanning endpoints and cloud.
  </Card>
</CardGroup>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Authentication Failed" icon="triangle-exclamation">
    **Possible causes:**

    * API token copied incorrectly (extra spaces, truncated)
    * Token was deleted or rotated in Iru
    * Token permissions were removed

    **Solution:**

    * Re-copy the token value and paste it into the Secret field
    * Verify the token still exists in Iru under **Access → API tokens**
    * Confirm **Devices → Device list** and **Devices → Device details** permissions are still enabled
    * Create a new token if the original was deleted or lost
  </Accordion>

  <Accordion title="Insufficient Permissions" icon="shield-exclamation">
    **Possible causes:**

    * Token missing **Device list** or **Device details** permission
    * Permissions were modified after token creation

    **Solution:**

    * Open the token in Iru and select the **Permissions** tab
    * Ensure both **Devices → Device list** and **Devices → Device details** are enabled
    * Save and retry the integration
  </Accordion>

  <Accordion title="Invalid Base URL" icon="link-slash">
    **Possible causes:**

    * Wrong tenant URL supplied
    * Extra path segments appended to the Base URL
    * Missing `https://` prefix

    **Solution:**

    * Confirm the Base URL matches the tenant-specific API URL shown in Iru after your first token was created
    * Provide only the root URL (e.g., `https://acme.api.kandji.io`) without trailing paths or slashes
    * Ensure the URL starts with `https://`
  </Accordion>

  <Accordion title="No Data Syncing" icon="database-slash">
    **Possible causes:**

    * No devices enrolled in Iru
    * Initial sync still in progress
    * API rate limits reached

    **Solution:**

    * Verify devices appear in the Iru web app
    * Allow up to 15 minutes for the initial sync to complete
    * Review integration logs in RAD Security for errors
    * Check Iru API activity for rate-limit or authorization errors
  </Accordion>
</AccordionGroup>

## Security Best Practices

<CardGroup cols={2}>
  <Card title="Least Privilege Tokens" icon="shield-halved">
    Only grant the two required permissions (**Device list** and **Device details**). Avoid adding unrelated permissions to the token.
  </Card>

  <Card title="Dedicated Tokens" icon="robot">
    Create a dedicated API token for RAD Security rather than sharing tokens across integrations.
  </Card>

  <Card title="Rotate Tokens Regularly" icon="rotate">
    Periodically replace the API token and delete old ones as part of normal security hygiene.
  </Card>

  <Card title="Secure Credential Storage" icon="lock">
    Store the API token in a secrets vault. Never commit it to source control.
  </Card>

  <Card title="Monitor Token Activity" icon="chart-line">
    Use the token **Activity** tab in Iru to review token usage and detect unexpected behavior.
  </Card>

  <Card title="Revoke Unused Tokens" icon="clipboard-list">
    Periodically review API tokens and delete any that are no longer in use.
  </Card>
</CardGroup>

## Additional Resources

<CardGroup cols={2}>
  <Card title="Generate an API Token" icon="key" href="https://support.kandji.io/kb/kandji-api#generate-an-api-token">
    Upstream documentation for generating an API token
  </Card>

  <Card title="API Reference" icon="book" href="https://support.kandji.io/kb/kandji-api">
    Upstream API reference documentation
  </Card>
</CardGroup>

## Next Steps

<CardGroup cols={2}>
  <Card title="EDR Integrations Overview" icon="shield-check" href="/rad-security/integrations/edr/overview">
    Explore other EDR integration options
  </Card>

  <Card title="Runtime Security" icon="shield" href="/rad-security/integrations/runtime-security">
    Learn about RAD's container runtime security
  </Card>

  <Card title="Alerts & Incidents" icon="bell" href="/rad-security/platform/workspace">
    Configure correlated alerts and incident management
  </Card>

  <Card title="Threat Models" icon="crosshairs" href="/rad-security/security-and-compliance/overview">
    Understand how threats are detected across platforms
  </Card>
</CardGroup>