The Integrations section of Wallarm Console allows you to integrate with different systems to get scheduled reports and instant notifications through them:
Scheduled reports can be sent on a daily, weekly, or monthly basis. Reports include detailed information about vulnerabilities, attacks, and incidents detected in your system over the selected period.
Notifications are sent when vulnerabilities, hits, scope changes, system related events, etc. are detected in your system. Notifications include brief details of detected activity.
The integration setup is available only for users with the Administrator role.
The systems available for integration are grouped by types as follows:
Email and messengers¶
Personal email — the reports and notifications that are sent to the email indicated upon registration. You can also configure these notifications in Settings → Profile.
Incident and task management systems¶
SIEM and SOAR systems¶
Log management systems¶
- Webhook to integrate with any system that accepts incoming webhooks via HTTPS protocol, e.g.:
- With Fluentd configured to forward logs to IBM QRadar, Splunk Enterprise, ArcSight Logger, Datadog
- With Logstash configured to forward logs to IBM QRadar, Splunk Enterprise, ArcSight Logger, Datadog
Each Wallarm node is distributed with the
collectd service that collects metrics on the processed traffic. Using the
collectd utilities and plugins, you can send metrics to third-party monitoring systems and databases, e.g.:
InfluxDB with further visualization in Grafana or another system
Graphite with further visualization in Grafana or another system
Configuration for sending metrics to third-party monitoring systems and databases is performed on the node side. The listed systems are not displayed in the Wallarm Console UI.
If there is no system you are looking for, let us know. We will check the technical possibility of integration with the requested system and contact you.
Adding an integration¶
To add a new integration:
Click the icon of the unconfigured system on the All tab, or
Click the Add integration button in the required system group and select the system. Further steps are described in the selected system instructions.
The number of integrations with one system is not limited. For example: to send security reports to 3 Slack channels, you can create 3 different integrations with Slack.
Wallarm Cloud IP addresses
To provide Wallarm Cloud access to your system, you may need a list of its public IP addresses:
Advanced notifications setup
For advanced notification setup, you can use triggers.
To filter displayed integrations, you can use the tabs:
All with enabled, disabled, and not yet configured integrations
Enabled with active configured integrations
Disabled with disabled configured integrations
Unavailability of integrated systems and incorrect integration parameters¶
Notifications to the system are sent via requests. If the system is unavailable or integration parameters are configured incorrectly, the error code is returned in the response to the request.
If the system responds to Wallarm request with any code other than
2xx, Wallarm resends the request with the interval until the
2xx code is received:
The first cycle intervals: 1, 3, 5, 10, 10 seconds
The second cycle intervals: 0, 1, 3, 5, 30 seconds
The third cycle intervals: 1, 1, 3, 5, 10, 30 minutes
If the percentage of unsuccessful requests reaches 60% in 12 hours, the integration is automatically disabled. If you receive system notifications, messages about automatically disabled integration will be sent to the configured system.
You can identify incorrectness of integration parameters by testing the integration. The appropriate button is available in the integration setup window. If the test request failed, Wallarm Console would display the appropriate message.