Integrations Overview¶
The Settings → Integrations tab allows you to integrate with different systems to get scheduled reports and instant notifications through them:
-
Scheduled reports can be sent on a daily, weekly, or monthly basis. Reports include detailed information about vulnerabilities, attacks, and incidents detected in your system over the selected period.
-
Notifications are sent when vulnerabilities, hits, scope changes, or system related events are detected in your system. Notifications include brief details of detected activity.
Administrator access
The integration setup is available only for users with the Administrator role.
Integration types¶
The systems available for integration are grouped in the following blocks: Email and messengers, Incident management and SIEM systems and Other systems.
Email and messengers¶
-
Personal email — the reports and notifications that are sent to the email indicated upon registration. You can also configure these notifications on the Profile tab.
Incident management and SIEM systems¶
Other systems¶
- Webhook to integrate with any system that accepts incoming webhooks via HTTPS protocol. For example:
- With Fluentd configured to forward logs to IBM QRadar, Splunk Enterprise, ArcSight Logger
- With Logstash configured to forward logs to IBM QRadar, Splunk Enterprise, ArcSight Logger
Adding an integration¶
To add a new integration, click the icon of the unconfigured system on the All tab or click the Add integration button and select the required system. Further steps are described in the selected system instructions.
The number of integrations with one system is not limited. For example: to send security reports to 3 Slack channels, you can create 3 different integrations with Slack.
Filtering integrations¶
To filter displayed integrations, you can use the tabs:
-
All with enabled, disabled, and not yet configured integrations
-
Enabled with active configured integrations
-
Disabled with disabled configured integrations
Advanced notifications setup
For advanced notification setup, you can use triggers.
Retrying failed requests¶
Notifications to the system are sent via requests. If the system responds to Wallarm request with any code other than 2xx
, Wallarm resends the request with the interval until the 2xx
code is received:
-
The first cycle intervals: 1, 3, 5, 10, 10 seconds
-
The second cycle intervals: 0, 1, 3, 5, 30 seconds
-
The third cycle intervals: 1, 1, 3, 5, 10, 30 minutes
If the percentage of unsuccessful requests reaches 60% in 12 hours, the integration is automatically disabled. A notification about disabled integration is sent to the configured systems and to the email of the account administrators.