Coming Soon

Drata integration

Q: Is the Drata integration available now?

Not yet — it is in active development. Add your email on this page and we will notify you the moment it ships. In the meantime FortWatch already runs continuous external scans, so the evidence will be ready to sync on day one.

Q: Which Drata frameworks will this support?

Because FortWatch evidence maps to controls rather than to a single framework, it will work anywhere a control covers vulnerability management, continuous monitoring, secure configuration, or encryption in transit — which covers SOC 2, ISO 27001, HIPAA, PCI DSS, and custom frameworks built in Drata.

Q: How does FortWatch get data into Drata?

Through Drata's Open REST API (Public API v2) and its Custom Connections and Tests framework, which is designed to bring external evidence into Drata and run automated custom tests against it. Webhooks handle real-time updates so a new critical finding can flip a linked control's status without waiting for the next scheduled evidence pull.

Compliance & GRC

Drata automates SOC 2, ISO 27001, HIPAA, PCI DSS, and 30+ other frameworks by continuously collecting evidence and testing controls across your tech stack — but auditors don't just want to see that you have a vulnerability management policy, they want proof you actually find and fix external exposures. FortWatch's planned Drata integration closes that loop: every external scan FortWatch runs becomes timestamped, audit-ready evidence mapped to the controls your auditor checks, so "we continuously scan our internet-facing assets" stops being a claim and becomes a fact Drata can demonstrate on demand.

Get notified All integrations

New alert in Drata

Criticaljust now

Exposed Redis on 203.0.113.10:6379

Unauthenticated database reachable from the internet.

View finding & step-by-step fix →

Delivered in < 1 minute

How it works

Drata + FortWatch

When it launches, FortWatch will push scan results and findings into Drata as external evidence using Drata's Open REST API (Public API v2) and its Custom Connections and Tests (CCT) framework, which is purpose-built for bringing data from outside Drata's native catalog into the compliance platform. FortWatch sends two kinds of signal: continuous evidence of scan activity (when each asset was last scanned, by which scanners, and the resulting posture summary) and structured findings with severity, affected asset, and remediation status. You map FortWatch evidence to the relevant Drata controls — vulnerability management, continuous monitoring, secure configuration, encryption-in-transit — and Drata stores each artifact with timestamps and an owner so a custom test can pass or flag drift automatically. Webhooks run the reverse direction too: when FortWatch detects a new critical exposure, it can notify Drata so the linked control reflects the change rather than waiting for the next manual evidence pull.

FortWatch scans

Eleven scanners watch your external attack surface around the clock — ports, certs, DNS, cloud buckets, exposed files and more.

AI triages the finding

Each issue is scored by real-world impact and packaged with the affected asset and a one-line explanation of the risk.

Delivered to Drata

The finding lands in Drata, routed by severity — so the right people see the right alert, fast.

Capabilities

What you'll be able to do

Everything the Drata integration will bring to your security workflow.

Satisfy vulnerability-management and continuous-monitoring controls (SOC 2 CC7.1, ISO 27001 A.12.6 / A.8.8) with live FortWatch scan evidence instead of a once-a-year pentest PDF.

Auto-attach proof of recurring external scans to the right Drata control, timestamped and owned, so audit prep stops being a screenshot scramble.

Push critical findings — an exposed Redis port, a public S3 bucket — into Drata so a custom test flags the control as failing until the exposure is remediated.

Provide encryption-in-transit evidence from FortWatch's SSL/TLS scanner (cert validity, protocol versions, cipher strength) to back up cryptography controls.

Show DNS and email-authentication hygiene (SPF/DKIM/DMARC/DNSSEC) as supporting evidence for configuration-management and email-security controls.

Give MSPs and consultants one place to demonstrate that every client's external attack surface is under continuous monitoring across their Drata workspaces.

In practice

What an alert looks like

Every finding arrives formatted for Drata — severity up front, the affected asset, and a one-line explanation of why it matters, with a link straight to the step-by-step fix.

Severity-tagged and color-coded
The exact asset and port affected
One click to the full finding & remediation

Drata

FortWatch → Drata · Custom Test evidence (FAIL)\nControl: Vulnerability Management — internet-facing services are scanned and remediated\nFinding: Exposed Redis on 203.0.113.10:6379 (unauthenticated, internet-reachable)\nSeverity: Critical   ·   Asset: cache-prod-1   ·   First detected: 2026-06-07 14:22 UTC\nStatus: Open — control marked failing until remediated\nEvidence: scan run #4821 · nmap + service-fingerprint scanners · FortWatch AI triage attached\nRemediation: bind Redis to localhost / firewall 6379 / require AUTH → re-scan to clear

Setup

Set it up in minutes, once it lands

No agents, no infrastructure changes — just connect Drata and choose where alerts go.

When it launches, open Settings → Integrations in FortWatch and select Drata.

Generate a Drata API key (scoped to evidence and Custom Connections and Tests) and paste it into FortWatch to authorize the connection.

Map FortWatch evidence types to your Drata controls — point scan-activity evidence at vulnerability-management and continuous-monitoring controls, SSL/TLS results at encryption controls, and so on.

Choose which severities should fail a linked custom test versus attach as passing evidence, then enable webhook push for real-time critical findings.

Run a scan and confirm the evidence appears against the mapped controls in Drata with the correct timestamp and owner.

Why route FortWatch into Drata?

Compliance frameworks increasingly expect continuous evidence, not a single annual assessment — and the gap most teams have is proving their external attack surface is actually being watched between audits. Wiring FortWatch into Drata turns every scan into durable, mapped, timestamped proof, so the control that says "we monitor internet-facing assets" is backed by real data your auditor can verify any day of the year. It also means a new exposure doesn't just trigger a fix — it surfaces in your compliance posture immediately, instead of quietly drifting until your next review.

FAQ

Frequently asked questions

Is the Drata integration available now?

Not yet — it is in active development. Add your email on this page and we will notify you the moment it ships. In the meantime FortWatch already runs continuous external scans, so the evidence will be ready to sync on day one.

Which Drata frameworks will this support?

Because FortWatch evidence maps to controls rather than to a single framework, it will work anywhere a control covers vulnerability management, continuous monitoring, secure configuration, or encryption in transit — which covers SOC 2, ISO 27001, HIPAA, PCI DSS, and custom frameworks built in Drata.

How does FortWatch get data into Drata?

Through Drata's Open REST API (Public API v2) and its Custom Connections and Tests framework, which is designed to bring external evidence into Drata and run automated custom tests against it. Webhooks handle real-time updates so a new critical finding can flip a linked control's status without waiting for the next scheduled evidence pull.