At Twistlock, we strive to make access to data within the Twistlock platform open and accessible. While your data is under your control at all times, you may choose to set up alerts or integrations to better manage your environment. In previous versions of Twistlock, we provided users access to data via our API, detailed syslog events, and email alerts. In our latest release of Twistlock 2.2 we added integration for JIRA and Slack issue-tracking solutions.

These integrations are important because they offer development teams, DevOps engineers, enterprise architects, and security professionals the opportunity to leverage automation already happening within Twistlock. As enterprises look to gain greater visibility around risk and better manage vulnerabilities and threats, pushing issues to JIRA and Slack offers a powerful combination of speed and visibility.

How to configure the integration

The integration with Slack and JIRA is done through the Twistlock Console’s System / Settings. All you need to do is provide a few details about the Slack channel or JIRA server where you want to push alerts to. You can also create alert profiles from the Twistlock Console and still have all the control and granularity to define different providers and targets per rule.

This integration is configurable from the Twistlock Settings / Systems: Alerts tab

Alert providers

Aggregate audits every

Select how often you want your data pushed to JIRA and/or Slack

  • Second
  • Minute
  • Hour
  • Day

Vulnerability alerts are pushed immediately. Only 50 alerts will be aggregated per interval. For example, if 51 events are to be bundled an event will be sent to inform the user to view the 51st event from within the Twistlock Console’s Settings / System / Logs. Adjust the time interval accordingly dependent upon your environment, the type, and amount of events collected.

Select the provider: Email, JIRA and/or Slack

Jira

  • Enabled: On
  • Base URL of your JIRA endpoint: https://jira.example.com:8080
  • Username: JIRA account
  • Password: JIRA account password
  • CA Certificate: Trust the Jira endpoint’s TLS certificate. If you use a non-trusted TLS certificate for JIRA import the certificate into this window. Otherwise Twistlock will fail to connect.

To confirm that your configuration works click the “Verify” button.

Slack

  • Enabled: On
  • Incoming Webhook URL – https://hooks.slack.com/TXXXXX/BXXXXX/XXXXXXXXXX

More information on Slack Incoming Webhooks can be found here.

Alert Profiles

Click Add profile

JIRA Alert Profile

Profile

  • Name
  • Project Key
  • Issue Type
  • Priority
  • Labels
  • Assignee

Alerts Types:

  • Access
  • Application Firewall
  • Container Runtime
  • Defender
  • Host Runtime
  • Incident
  • Network Firewall
  • Vulnerabilities

Slack Alert Profile

Profile

  • Name
  • Channels
  • Users

We recommend using fewer message targets since Slack is not designed for large message bursts. Sending an alert to Slack may take 1-2 seconds. It is best to aggregate as many alerts as possible and send them all at once. Therefore, pick an Aggregate Audit interval higher than seconds when sending events to Slack but remember the 50 events limit per aggregate.

Alerts Types:

  • Access
  • Application Firewall
  • Container Runtime
  • Defender
  • Host Runtime
  • Incident
  • Network Firewall
  • Vulnerabilities

Powerful information integrated with JIRA and Slack

As you can see in the above list, you can choose to send alerts based on vital information about your environment. This information, provided via alerts, would allow you and your teams to more quickly and easily prioritize critical issues or vulnerabilities and take action on them. As your environments change over time, this integration with Twistlock puts more actionable data at your fingertips to better manage risk.

← Back to All Posts Next Post →