Table: vanta_vendor - Query Vanta Vendor using SQL
Vanta Vendor is a resource within the Vanta service that provides detailed information about the vendors used by an organization. It includes details about the vendors' profiles, such as their security and compliance status. This information is crucial for organizations to understand and manage the security risks associated with their vendors.
Table Usage Guide
The vanta_vendor
table provides insights into the vendors used by an organization within the Vanta service. As a security analyst, you can explore vendor-specific details through this table, including their security and compliance status. Utilize it to uncover information about your vendors, such as their security scores, the number of employees, and the services they provide.
Important Notes
- To query the table you must set
session_id
argument in the config file (~/.steampipe/config/vanta.spc
).
Examples
Basic info
Explore which vendors have been enlisted by Vanta, along with their respective severity levels and corresponding URLs. This can be useful for assessing the risk profile associated with each vendor and managing them efficiently.
select name, id, severity, urlfrom vanta_vendor;
select name, id, severity, urlfrom vanta_vendor;
List vendors with high severity
Uncover the details of vendors categorized as high severity. This information can be useful for prioritizing vendor management tasks and focusing on potential risk areas.
select name, id, severity, urlfrom vanta_vendorwhere severity = 'high';
select name, id, severity, urlfrom vanta_vendorwhere severity = 'high';
List vendors with security checks overdue
Discover the vendors whose security checks are overdue by a year. This query is useful to maintain security standards and ensure all vendors are regularly reviewed.
select name, id, severity, urlfrom vanta_vendorwhere current_timestamp > ( latest_security_review_completed_at + interval '1 year' );
select name, id, severity, urlfrom vanta_vendorwhere strftime('%s', 'now') > strftime('%s', latest_security_review_completed_at) + 60 * 60 * 24 * 365;
List vendors with no documents provided
Identify vendors who have not submitted any assessment documents. This query can be useful for compliance checks and to ensure all vendors are meeting documentation requirements.
select name, id, severity, urlfrom vanta_vendorwhere assessment_documents is null;
select name, id, severity, urlfrom vanta_vendorwhere assessment_documents is null;
Get the owner information of each vendor
Discover the segments that have specific vendor ownership. This query allows you to identify and understand the relationship between vendors and their owners, which is essential for managing vendor relationships and permissions effectively.
select v.name as vendor_name, v.severity as vendor_severity, u.display_name as owner_name, u.email as owner_email, u.permission_levelfrom vanta_vendor as v join vanta_user as u on v.owner ->> 'id' = u.id;
select v.name as vendor_name, v.severity as vendor_severity, u.display_name as owner_name, u.email as owner_email, u.permission_levelfrom vanta_vendor as v join vanta_user as u on json_extract(v.owner, '$.id') = u.id;
Schema for vanta_vendor
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
assessment_documents | jsonb | Specifies the list of uploaded security assessment documents. | |
id | text | A unique identifier of the vendor. | |
latest_security_review_completed_at | timestamp with time zone | The time when the security assessment was last reviewed. | |
name | text | The display name of the vendor. | |
organization_name | text | The name of the organization. | |
owner | jsonb | The owner of the vendor. | |
risk_profile | jsonb | Specifies the risk profile of the vendor. | |
services_provided | text | Specifies the use-case of the vendor. | |
severity | text | = | The risk level of the vendor. |
shares_credit_card_data | boolean | If true, Vanta shares credit card information with the vendor. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
submitted_vaqs | jsonb | A list of submitted VAQs. | |
url | text | The URL of the vendor tool. | |
vendor_category | text | The vendor category. | |
vendor_risk_locked | boolean | If true, the vendor risk level is locked. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- vanta
You can pass the configuration to the command with the --config
argument:
steampipe_export_vanta --config '<your_config>' vanta_vendor