As images are built Twistlock has the ability to analyze the image and publish the analysis results in the console. Plus, even if you don’t have access to the console or need to distribute this information to a wide range of resources, Twistlock has the ability to setup email alerts on a schedule that you can control.
This can be useful if, for instance, the Security team wants to be notified every Monday of any new images and the state of images pushed over the weekend. No problem-you can tailor the Alert Settings to your needs, whatever that scenario may be. Here’s how:
Simply browse to Configure -> System -> Alerts and then click the “Settings” button.
From there specify your desired Alert Settings, and then click Save. Note the Aggregate alerts every Section. Alerts received during the given period are aggregated into a single email. For each alert profile, an email is sent immediately when the first alert is received. All subsequent emails are sent once per period.
From this point, you now want to start adding in Alert Profiles for different groups you need to Alert. So simply click “Add Profile” to begin.
Once in the “Create a New Profile” window, add in a new recipient and click the + sign, and then click “Save” when you are all done. If you want to get alerted on Defender Health, toggle the “Alert on Defender health events” button to “On”.
Once you have your Alert Profiles defined, you can start adding policies to them. So in this example, I just added the “Michael” Alert Profile to the Default policy that is set to Alert on Low Severity OS package vulnerabilities and a couple other things.
An now I am getting alerts in my email. When you look at the email it is broken down via the Image in this case Image: docker.io/library/jenkins:latest. Finally, we segment out newly discovered CVE’s since the last scan, and previously discovered CVE’s. Voila! There you have it.
Follow us on Twitter
Keep up to date with the latest news from TwistlockLabs and TwistlockTeam.
What Service Meshes Mean for Enterprise Security
Service meshes: Heard of them? By now, you may have. Service meshes ar...
The Business Value of Cloud Native Cybersecurity
“Software is eating the world,” Marc Andreessen wrote in 2011. Fiv...
How To Operationalize DevSecOps Practices
DevSecOps is not as much about the tools as it is about the people and...
Enhanced Visibility: Container Vulnerability Management from Build to Runtime
Earlier this year, I was at a large industry event and ended up speaki...
How Serverless Changes the Security Paradigm
Serverless architectures are quickly becoming a major technology withi...