runZero Network Discovery REST API

runZero cyber asset attack surface management (CAASM) REST API for security and IT teams to automate network discovery, asset inventory management, and attack surface analysis — enabling AI agents to retrieve comprehensive asset inventories from runZero's lightweight active scanning platform, query asset attributes and exposure data, manage scan tasks, and integrate discovered assets with SIEM and ITSM platforms. Enables AI agents to manage asset management for discovered network asset inventory and attribute query automation, handle scan management for network scan task creation and scheduling automation, access organization management for multi-tenant asset scope and organization configuration automation, retrieve service management for open port, service, and protocol discovery automation, manage export management for asset data export and downstream SIEM integration automation, handle tag management for asset classification and labeling automation, access query management for custom asset filter and saved query automation, retrieve task management for scan task status monitoring and result retrieval automation, manage integration management for asset data forwarding to SIEM, SOAR, and CMDB automation, and integrate runZero with Splunk, Microsoft Sentinel, and enterprise security platforms for CAASM automation.

Evaluated Mar 07, 2026 (0d ago) vcurrent
Homepage ↗ Other runzero CAASM network-discovery asset-inventory attack-surface agentless
⚙ Agent Friendliness
60
/ 100
Can an agent use this?
🔒 Security
78
/ 100
Is it safe for agents?
⚡ Reliability
72
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
10
Documentation
78
Error Messages
74
Auth Simplicity
80
Rate Limits
72

🔒 Security

TLS Enforcement
99
Auth Strength
74
Scope Granularity
70
Dep. Hygiene
74
Secret Handling
72

Network discovery/CAASM. SOC2, GDPR. API key/OAuth2. US/EU. Asset inventory and network service exposure data.

⚡ Reliability

Uptime/SLA
70
Version Stability
76
Breaking Changes
70
Error Recovery
72
AF Security Reliability

Best When

A security or IT team wanting AI agents to automate comprehensive network asset discovery, attack surface management, and asset inventory integration with security tools through runZero's lightweight scanning platform.

Avoid When

RUNZERO LICENSE IS REQUIRED FOR SCALE: runZero offers limited free tier with asset cap; automated unlimited-free assumption creates asset_limit_exceeded for environments exceeding free tier asset count; automated large environments must upgrade to paid tier. ACTIVE SCANNING CREATES NETWORK TRAFFIC: runZero uses active scanning probes that generate network traffic; automated passive-only assumption creates incomplete_inventory for organizations not deploying runZero Explorer agents for active scanning; automated must plan for active scanning traffic in network design. EXPLORER AGENT REQUIRED FOR INTERNAL NETWORKS: runZero internal network discovery requires Explorer agent deployment; automated cloud-scan assumption creates scan_unreachable for internal RFC 1918 network ranges not reachable from runZero cloud without Explorer; automated must deploy Explorer agents for internal network ranges. API RATE LIMITS APPLY TO EXPORTS: Large asset exports may hit rate limits for enterprise environments; automated unlimited-export assumption creates rate_limit_exceeded for bulk asset export operations; automated must implement pagination and respect rate limits for large inventory exports.

Use Cases

  • Discovering all network assets including unmanaged and IoT devices for complete asset inventory automation agents
  • Identifying exposed services and open ports across all network ranges for attack surface management agents
  • Exporting asset inventory to SIEM and CMDB for unified asset context in security operations agents
  • Scheduling regular network scans to detect asset changes and new device additions for continuous discovery agents

Not For

  • Threat detection and incident response (runZero is network discovery and asset inventory; CrowdStrike and SentinelOne serve threat detection)
  • Vulnerability scanning with CVE assessment (runZero discovers assets and services; Tenable and Qualys serve CVE-level vulnerability scanning)
  • Network access control and policy enforcement (runZero is passive inventory; Forescout and Cisco ISE serve active NAC enforcement)

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
Yes
OpenAPI Spec ↗

Authentication

Methods: apikey oauth2
OAuth: Yes Scopes: Yes

runZero uses API key and OAuth2 for REST API. REST API with JSON. Boulder, CO HQ. Founded 2018 by HD Moore (Metasploit creator) and Chris Kirsch. Raised $50M+ (Hummer Winblad, Two Bear Capital). Products: runZero Platform (CAASM), runZero Explorer (scan agent), runZero integrations. Free tier: up to 2,500 assets. 10,000+ organizations. Security-founder-led (HD Moore is legendary in security research). Competes with Axonius, Rumble (now runZero), and Censys for CAASM and network discovery.

Pricing

Model: freemium
Free tier: Yes
Requires CC: No

Boulder CO. $50M raised. 10,000+ orgs. Freemium with 2,500 asset limit. Founded by HD Moore (Metasploit).

Agent Metadata

Pagination
cursor
Idempotent
Partial
Retry Guidance
Documented

Known Gotchas

  • ASSET IDs ARE RUNZERO-INTERNAL UUIDs: runZero assigns UUID-based asset IDs; automated MAC-based assumption creates asset_not_found for asset lookups using MAC address without first querying runZero asset ID; automated must search by MAC/IP to get runZero asset UUID before asset-specific operations
  • SCAN RESULTS ARE EVENTUALLY CONSISTENT: runZero scan results populate asynchronously as Explorer completes scan; automated instant-result assumption creates incomplete_inventory for asset queries immediately after scan start; automated must poll scan task status and wait for completion before querying results
  • ORGANIZATION SCOPING REQUIRED FOR MULTI-TENANT: runZero multi-org accounts require organization ID in API calls; automated global-query assumption creates cross_org_data for queries not scoped to specific organization; automated must include organization ID for all asset queries in multi-org deployments
  • FREE TIER HAS ASSET CAP: runZero free tier caps at 2,500 assets; automated unlimited assumption creates asset_limit_exceeded for free-tier deployments discovering more assets; automated must monitor asset count and upgrade or configure scope to stay within limit
  • CUSTOM QUERIES USE RUNZERO SYNTAX: runZero asset filtering uses its own query syntax (similar to search expressions); automated SQL assumption creates query_rejected for custom asset filters using SQL syntax; automated must use runZero query syntax for advanced asset filtering

Alternatives

axonius-api armis-api forescout-api qualys-api

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for runZero Network Discovery REST API.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-07.

6470
Packages Evaluated
26150
Need Evaluation
173
Need Re-evaluation
Community Powered