1. Introduction
This article explains how to integrate STORM with Hyver so you can automatically ingest and manage vulnerability data from STORM files. This helps your organization keep Hyver continuously up to date using files you upload to an AWS S3 bucket.
You’ll learn how to set up the integration, configure access credentials, and understand how Hyver processes STORM data into actionable findings.
2. Prerequisites
Administrator access to Hyver
Permission to upload STORM files to the AWS S3 bucket
A script or internal tool to upload files
Required IP Addresses
For the integration to work smoothly, you may need to allow traffic from Hyver’s servers in your firewall or network configuration. This ensures that Hyver can securely connect to your environment and perform scans without being blocked.
Depending on your region and the type of scan, add the following IP addresses:
General IPs:
Europe →
18.198.79.197America →
52.1.10.176,35.171.70.87
IPs for Azure and AWS Scans:
Europe →
18.158.77.90America →
34.206.252.13
In most cases, you only need to add the IPs relevant to your region and use case.
Multi-Company Dashboard and Integrations
This section explains how Hyver’s Multi-Company Dashboard works in general, and how integrations behave when used in a Multi-Company setup.
What is the Multi-Company Dashboard?
Hyver’s Multi-Company Dashboard is designed for large enterprises with multiple subsidiaries. It gives you:
A centralized view of cybersecurity risk across the entire organization
Key metrics like exposure, cost of breach, and maturity scores
The ability to switch between subsidiaries and view their individual data
Parent admins and power users can view aggregated and subsidiary-level risk, while detailed findings remain visible only to members of the specific subsidiary
Data that updates in real time
To enable Multi-Company, contact your CYE Technical Account Manager.
How Integrations Work in Multi-Company
Here’s the important part:
Integrations are created only at the subsidiary level
Findings from an integration appear only in that subsidiary’s dashboards and reports
Parent companies cannot create integrations — they can only view the aggregated results
Best Practices for Combining Integrations with Multi-Company
To get the most out of Multi-Company with integrations, we recommend:
Each subsidiary should create its own integration, using credentials that only grant access to data relevant to that subsidiary
In some cases, it’s useful to also have a dedicated “General” company, which holds findings that apply to the entire enterprise and cannot be tied to a single subsidiary
The parent company then combines these insights and metrics from all subsidiaries and the General company — but remember, integrations cannot be connected directly to the parent company.
3. Configuring in Hyver
1. Add the STORM integration in Hyver
In Hyver, click Settings > Integrations.
Find the STORM tile and click Add:
Enter a name in the Integration name field:
Click Generate credentials to create your AWS access credentials.
⚠️ These credentials are only created once you click Save.
Click Save to activate the integration.
You’ll use these credentials in your script or application to upload the STORM file daily to the designated AWS S3 bucket.
4. Configuring on the STORM Side
Set up the STORM file upload
On the STORM side, configure a method to upload files to the AWS S3 bucket using the credentials you generated in Hyver.
Below is an example script you can adapt. This script is not officially provided or maintained by CYE — it’s just a basic starting point for your own implementation:
from botocore.exceptions import ClientError, NoCredentialsError
# TODO fill those
file_name = "delete_me"
file_content = "qweqwe"
AWS_ACCESS_KEY="..."
AWS_SECRET_KEY="..."
BUCKET_NAME = "cye-hyver-integrations-ingestion-euc1"
AWS_REGION_NAME="eu-central-1"
import boto3
s3_client = boto3.client(
"s3",
aws_access_key_id=AWS_ACCESS_KEY,
aws_secret_access_key=AWS_SECRET_KEY,
region_name=AWS_REGION_NAME
)
prefix = "raw_data/source=bishop/api=storm/company_id=MY_COMPANY_ID/assessment_id=MY_ASSESSMENT_ID/"
file_key = f"{prefix}{file_name}"
try:
# Try to upload a file
s3_client.put_object(Bucket=BUCKET_NAME, Key=file_key, Body=file_content)
print(f"✅ Successfully wrote to '{BUCKET_NAME}' (file: {file_key})")
except ClientError as e:
print(f"❌ Write access denied: {e}")
except NoCredentialsError:
print("❌ No valid AWS credentials found!")
Upload a new or updated STORM file to the bucket daily to keep Hyver synchronized.
5. Types of Fetched Entities
How Hyver processes STORM data
Once the integration is active and STORM files are being uploaded:
Hyver routinely pulls STORM files from the AWS S3 bucket.
It uses CYE AI to extract and interpret the file’s vulnerability data.
Each vulnerability is turned into:
A finding in Hyver
One remediation asset
The finding name in Hyver is based on the original vulnerability name from STORM, with the STORM NID appended to distinguish it:
If multiple STORM findings map to the same Hyver finding type, each instance is distinguished by its NID:
STORM finding statuses are mapped to their corresponding statuses in Hyver:
All related STORM details are included in the remediation asset.
Findings are automatically added to the STORM engagement in Hyver:
Anyone with the appropriate permissions in Hyver can view and manage these findings:
Important notes
STORM file uploads must follow the correct AWS S3 path format (including company ID and assessment ID) for Hyver to process them correctly.
The example script provided is not supported or maintained by CYE.
Only users with administrator access in Hyver can create integrations and generate credentials.
Note: Permissions must be configured properly in STORM to enable file uploads.
Wrap-up
Once the integration is set up, Hyver will automatically handle the heavy lifting — pulling, parsing, and transforming your STORM vulnerability data into usable insights.
Feel free to start small or automate uploads at your own pace — either way, you’re building a stronger, smarter workflow.