Push Notification Integrations

Introduction

F5 Distributed Cloud App Infrastructure Protection (AIP) integrates with several third-party notification platforms to help users operationalize alert data in their existing workflows. Distributed Cloud AIP currently supports the following push notification platforms:

  • PagerDuty
  • Slack
  • Slack for ThreatML
  • VictorOps
  • Webhook API
  • Integration Status Webhook
PagerDuty

Overview

Distributed Cloud AIP uses PagerDuty Connect to configure seamless PagerDuty integrations. As a result, the user selects the severity level of Distributed Cloud AIP alerts to push to PagerDuty. Any Distributed Cloud AIP alerts that match the selected severity level automatically push to PagerDuty and result in PagerDuty incidents and notifications.

Tip

As soon as Distributed Cloud AIP receives an alert that matches the push notification criteria, it pushes an alert notification to PagerDuty.

Prerequisites

  • Access to the Distributed Cloud AIP console and ownership of the Distributed Cloud AIP organization
  • A Basic, Standard, or Enterprise PagerDuty account with API access

Configure Integration

  1. Log into Distributed Cloud AIP.
  2. In the left navigation pane, click Settings.
  3. Click Integrations, then go to the PagerDuty section.
  4. In the PagerDuty section, click the Alert with PagerDuty button.

    pagerduty.png

    The PagerDuty Connect Distributed Cloud AIP and PagerDuty window opens.


    SignIntoPagerDuty.png

  5. In the Email field, type your PagerDuty email address.
  6. In the Password field, type the password associated with the PagerDuty email address.
  7. Click the Sign In button. The window closes. Your return to the Distributed Cloud AIP Integrations page.


    AlertsAndTrigger.png

  8. In the PagerDuty section, from the Alert severity levels drop-down menu, select the severity level of alerts to push to PagerDuty. The PagerDuty integration is now live.
  9. Optionally, to test the integration, click the Trigger Test Alert button. When the user receives the PagerDuty notification, they can view details about the incident and/or click the View in Distributed Cloud AIP link to go directly to the Distributed Cloud AIP alert.

If you need support with your PagerDuty integration, then email us at .

Slack
 

Overview

Distributed Cloud AIP uses the Slack webhooks API to configure seamless Slack integrations. As a result, any Distributed Cloud AIP alerts that match the selected severity level automatically push as notifications to a selected Slack channel.

Tip

As soon as Distributed Cloud AIP receives an alert that matches the push notification criteria, it pushes an alert notification to Slack.

Important

The Slack webhooks API relies on rate limits when evaluating and responding to requests. Rate limits are defined by the features included in your Slack platform. If Distributed Cloud AIP receives a rate limiting response from Slack, then it will retry the request a limited number of times to prevent additional rate limiting. For additional information about rate limits, please review Slack Rate Limits.

Prerequisites

  • Access to the Distributed Cloud AIP console
  • A Slack administrator account with access to the Slack webhooks API
  • A Slack channel dedicated to Distributed Cloud AIP alert notifications

Tip

Use side-by-side browser windows – one for Slack and one for Distributed Cloud AIP – to complete these instructions.

Configure Integration

Configure Custom Slack Webhook URL

  1. Log into Slack.
  2. In Slack, go to the Slack webhooks API.


    SlackAddConfig.png

  3. Click the Add Configuration button. The Incoming WebHooks page displays.


    SlackIncomWebhookPg.png

  4. From the Post to Channel drop-down menu, select the dedicated alert notifications channel.
  5. Click the Add Incoming WebHooks integration button. The Setup Instructions page displays.


    SlackWebhookURL.png

  6. In the Webhook URL field, copy the URL.

Configure Distributed Cloud AIP Slack Integration

  1. Log into Distributed Cloud AIP.
  2. In the left navigation pane, click Settings.
  3. Click Integrations.


    integrationstab.png

  4. Scroll to the Slack section.


    Slack.png

  5. In the Name field, type a name for the integration.
  6. In the Description field, type a description of the integration.
  7. In the Webhook URL field, paste the URL copied in step 6 of the “Configure Custom Slack Webhook URL” procedure.
  8. From the Alert Severity drop-down menu, select the severity of the alert(s) to push to Slack.
  9. Click the Save button. The Slack integration is now live. The dedicated Slack alert notification channel contains an automated integration confirmation message.


    SlackAutoNotify.png

Tip

Distributed Cloud AIP recommends intentionally causing an alert to test the Slack integration.

Slack for ThreatML

Overview

Distributed Cloud AIP uses the Slack webhooks API to configure a seamless Slack integration for threatML notifications. As a result, the daily threatML report will send a message to your selected Slack channel.

Prerequisites

  • Access to the Distributed Cloud AIP console
  • A Slack administrator account with access to the Slack webhooks API
  • A Slack channel dedicated to Distributed Cloud AIP alert notifications

Tip

Use side-by-side browser windows – one for Slack and one for Distributed Cloud AIP – to complete these instructions.

Configure Integration

Configure Custom Slack Webhook URL

  1. Log into Slack.
  2. In Slack, go to the Slack webhooks API.


    SlackAddConfig.png

  3. Click the Add Configuration button. The Incoming WebHooks page displays.


    SlackIncomWebhookPg.png

  4. From the Post to Channel drop-down menu, select the dedicated alert notifications channel.
  5. Click the Add Incoming WebHooks integration button. The Setup Instructions page displays.


    SlackWebhookURL.png

  6. In the Webhook URL field, copy the URL.

Configure Distributed Cloud AIP Slack Integration

  1. Log into Distributed Cloud AIP.
  2. In the left navigation pane, click Settings.
  3. Click Integrations.


    integrationstab.png

  4. Scroll to the Slack ThreatML Daily Report section.


    SlackThreatMLDailyReport.png

  5. On the Disabled slider bar, click the button. The slider bar now reads Enabled.
  6. In the Name field, type a name for the integration.
  7. In the Description field, type a description of the integration.
  8. In the URL field, paste the URL copied in step 6 of the “Configure Custom Slack Webhook URL” procedure.
  9. Click the Save button. The Slack integration is now live. The dedicated Slack alert notification channel contains an automated integration confirmation message.


    SlackAutoNotify.png

VictorOps
 

Overview

Distributed Cloud AIP uses the VictorOps REST API to configure seamless VictorOps integrations. As a result, any Distributed Cloud AIP alerts that match the selected severity level automatically push as notifications to your selected VictorOps channel.

Tip

As soon as Distributed Cloud AIP receives an alert that matches the push notification criteria, it pushes an alert notification to VictorOps.

Prerequisites

  • Access to the Distributed Cloud AIP console
  • A VictorOps administrator account with access to the VictorOps REST API

Tip

Use side-by-side browser windows – one for VictorOps and one for Distributed Cloud AIP – to complete these instructions.

Configure Integration

Configure Custom VictorOps REST Endpoints

  1. Log into VictorOps.
  2. Go to Settings > Alert Behavior > Integrations.


    VictorOpsIntegration.png

    The Integrations page displays.

    VictorOpsTS.png

  3. Scroll down the list of integrations and click Distributed Cloud AIP. The Distributed Cloud AIP page displays.


    VictorOpsTSPg.png 

  4. Click the Enable Integration button. The integration enables.
  5. In the Service API Endpoint field, copy the URL up to /$routing_key.

    Note

    The string of numbers and letters after alert/ are unique to your account.

    VictorOpsURL.png

Configure Distributed Cloud AIP VictorOps Integration

  1. Log into Distributed Cloud AIP.
  2. In the left navigation pane, click Settings.
  3. Click Integrations.


    integrationstab.png

  4. Scroll to the VictorOps section.


    VictorOps.png

  5. In the Name field, type a name for the integration.
  6. In the Description field, type a description of the integration.
  7. In the Webhook URL field, paste the URL copied in step 5 of the “Configure Custom VictorOps REST Endpoint” procedure.
  8. From the Alert Severity drop-down menu, select the severity of the alert(s) to push to VictorOps.
  9. Click the Save button. The VictorOps integration is now live.
Distributed Cloud AIP Webhooks API
 

Overview

The Webhooks API pushes trigger-based alerts to a specific URL and allows Distributed Cloud AIP users to operationalize alert data in near-real time. The Webhooks API batches alerts by severity for an organization.

Tip

The Webhooks API pushes batched alerts to the your webhook endpoint every 10 seconds.

Prerequisites

  • Access to the Distributed Cloud AIP console
  • Access to a third-party integration in which to receive Distributed Cloud AIP alerts

Configure Integration

For configuration instructions, see Webhooks Setup.

Note

While the Webhooks API integrates with any third-party push notification application that supports webhooks, troubleshooting of those third-party integrations is the responsibility of the user, not Distributed Cloud AIP.

Integration Status Webhook
 

Overview

The Integration Status Webhook pushes notifications when AWS EC2 Correlation and / or AWS CloudTrail integration with Distributed Cloud AIP stops working. Each Distributed Cloud AIP organization includes one webhook for all of these notifications.

Note

If the AWS EC2 Correlation or AWS ClousTrail integration with Distributed Cloud AIP is disabled, then you do not receive a notification through the webhook.

Prerequisites

  • Access to the Distributed Cloud AIP console and ownership of the Distributed Cloud AIP organization
  • Access to the AWS Console

Configure Integration

  1. Log into Distributed Cloud AIP.
  2. In the left navigation pane, click Settings.
  3. Click Integrations.


    integrationstab.png

  4. Scroll to the Integration Status Webhook section.


    IntegrationStatusWebhook.png

  5. Click the Disabled slider. The slider now reads Enabled.
  6. In the Name field, type a name for the integration.
  7. In the Description field, type a description of the integration.
  8. In the URL field, type the address to which you want to send the data.
  9. Click the Save button. The Integration Status Webhook integration is now live.


    IntegrationWebhookStatusDone.png

Was this article helpful?
0 out of 0 found this helpful