About this integration
Cavelo is a security and attack-surface platform for MSPs that continuously scans your clients' environments. Connecting Cavelo to ControlMap brings that monitoring into your compliance program automatically, across two areas: the vulnerabilities found on your clients' assets, and how well those devices are configured against CIS Benchmarks (coming Soon). Both become living, auditor-ready evidence, kept current on a regular sync.
You connect Cavelo once at the partner (MSP) level. ControlMap then pulls data for each of your Cavelo client organizations and routes it to the matching ControlMap tenant — there's no per-client setup.
What ControlMap collects from Cavelo
Organizations — each Cavelo client organization is brought in and matched to a ControlMap client tenant.
Assets — the devices (Cavelo agents) discovered in each organization, added to that tenant's asset inventory.
Vulnerabilities — the vulnerability findings for each asset, linked to the asset they affect.
CIS Benchmark results (coming Soon) — how each device measures against CIS hardening benchmarks, summarized as an overall pass-rate.
Compliance check results — evidence that the data above is being collected on a regular schedule.
Before you start
A Cavelo account with partner (multi-organization) access.
A Cavelo API key with permission to read asset and vulnerability data.
Your Cavelo API URL (for most partners this is
https://api.prod.cavelodata.com).
Connecting Cavelo
In the ControlMap partner portal, go to Integrations and choose Cavelo.
Enter your Cavelo API URL and API key.
Save. ControlMap validates the credentials, confirms the connection, and begins its first sync.
Your API key is stored securely and shown masked after it's saved. If the key is rejected, ControlMap reports that it couldn't connect — see Troubleshooting below.
Viewing your Cavelo data
Once connected, the Cavelo integration page is organized into tabs. At the top you can start a sync at any time with the Run Once button, and an indicator shows whether a sync is currently running.
Compliance Checks
Shows the automated checks ControlMap runs against your Cavelo data on a regular schedule to confirm the connection is healthy and data is flowing. At the top, summary tiles count how many checks have Passed, Failed, or returned an Error. Below, each check has an Enable toggle and a Scan Results link — select it to view the full history of past scans and the evidence collected during each one (this is what an auditor reviews).
The integration includes these checks:
Check | What it confirms |
|---|---|
Assets are monitored and inventoried from Cavelo | ControlMap is regularly pulling your discovered assets from Cavelo into the asset inventory. |
Vulnerabilities are monitored and inventoried from Cavelo | ControlMap is regularly pulling vulnerability findings from Cavelo and linking them to the assets they affect. |
CIS Benchmarks are monitored and passing (coming Soon) | How much of your estate passes its CIS Benchmark checks, shown as a pass-rate (the share of benchmark rules passing). |
Each check passes when its most recent sync completed successfully and fails if a sync did not complete, which is your signal to check the connection.
Companies
Lists every Cavelo client organization the integration can see. Until an organization is matched to one of your existing ControlMap client tenants, it appears here as a prospective tenant. Columns:
Company — the organization name from Cavelo.
Status — the tenant status in ControlMap (for example, a prospective tenant awaiting match).
Last Update — when the organization was last synced.
Identifier — the organization's unique ID in Cavelo.
Assets
Shows the devices Cavelo has discovered across your organizations. A Historical Asset Count chart at the top tracks how the number of assets changes over time. Columns:
Asset Name — the device hostname.
Identifier — the asset's unique ID in Cavelo.
Region — the device's locale.
Last Seen — when the device was last observed.
Additional Information — opens a side panel with the full detail Cavelo holds for that device (hardware, operating system, network interfaces, and more).
Vulnerabilities
Shows the vulnerabilities Cavelo has found across your assets. A Right Now summary gives the current total broken down by severity (Critical, High, Medium, Low) and the number of companies affected, and a Vulnerabilities by date chart shows the trend over time. Columns:
Name (CVE) — the vulnerability identifier.
Severity — Critical, High, Medium, or Low.
Product — the affected product.
Description — a short description of the vulnerability.
Assets — the assets affected.
Company — the organization the affected assets belong to.
CIS Benchmarks (coming Soon)
This tab will show how your clients' devices measure against CIS Benchmarks — the recognized standard for securely configuring (hardening) operating systems and applications. For each organization you'll see benchmark results per device and an overall pass-rate summarizing how much of the estate meets the standard. Results are mapped to the matching CIS controls so they flow automatically to every framework that references them. Step-by-step guidance and screenshots will be added here when the feature is available in the product.
Connection
Shows your connection status and the Cavelo API URL and API key (masked) you connected with. Use Update Connection here to change your API URL or rotate your API key.
Schedule
Controls how often ControlMap automatically syncs data from Cavelo.
Help
Quick guidance and links for the integration.
Keeping data current
ControlMap syncs Cavelo data on the schedule set in the Schedule tab, and you can trigger a sync at any time with Run Once. New organizations, assets, and vulnerabilities are added automatically, and existing records are kept up to date. If an organization is later removed from Cavelo, its ControlMap tenant is retained and simply stops receiving new data.
Troubleshooting
“Unable to connect” when saving or updating — confirm the API key is correct and has permission to read asset and vulnerability data, and that the API URL matches your Cavelo environment.
A compliance check shows Failed — the most recent sync didn't complete. Check the Connection tab and run a sync with Run Once; if it keeps failing, verify the API key hasn't been revoked.
