As images are built Twistlock has the ability to analyze the image and publish the analysis results in the console. Plus, even if you don’t have access to the console or need to distribute this information to a wide range of resources, Twistlock has the ability to setup email alerts on a schedule that you can control.
This can be useful if, for instance, the Security team wants to be notified every Monday of any new images and the state of images pushed over the weekend. No problem-you can tailor the Alert Settings to your needs, whatever that scenario may be. Here’s how:
Simply browse to Configure -> System -> Alerts and then click the “Settings” button.
From there specify your desired Alert Settings, and then click Save. Note the Aggregate alerts every Section. Alerts received during the given period are aggregated into a single email. For each alert profile, an email is sent immediately when the first alert is received. All subsequent emails are sent once per period.
From this point, you now want to start adding in Alert Profiles for different groups you need to Alert. So simply click “Add Profile” to begin.
Once in the “Create a New Profile” window, add in a new recipient and click the + sign, and then click “Save” when you are all done. If you want to get alerted on Defender Health, toggle the “Alert on Defender health events” button to “On”.
Once you have your Alert Profiles defined, you can start adding policies to them. So in this example, I just added the “Michael” Alert Profile to the Default policy that is set to Alert on Low Severity OS package vulnerabilities and a couple other things.
An now I am getting alerts in my email. When you look at the email it is broken down via the Image in this case Image: docker.io/library/jenkins:latest. Finally, we segment out newly discovered CVE’s since the last scan, and previously discovered CVE’s. Voila! There you have it.
Follow us on Twitter
Follow us on Twitter for real time updates on the cloud native ecosystem, Twistlock product, and cloud native security threats.
How to Lock Down the Kernel to Secure the Container HostRead the Blog
One Chapter Ends, Another BeginsRead the Blog
The Greatest Security Risks Lurking in Your CI/CD PipelineRead the Blog
Cloud Platform Radar: Powerful Cloud Asset IdentificationRead the Blog
Securing Serverless Functions: Visibility with Serverless RadarRead the Blog