Push Notification Integrations

Follow

Introduction

Threat Stack integrates with several third-party notification platforms to help users operationalize alert data in their existing workflows. Threat Stack currently supports the following push notification platforms:

  • PagerDuty
  • Slack
  • VictorOps
  • Threat Stack Webhooks API
PagerDuty

Overview

Threat Stack uses PagerDuty Connect to configure seamless PagerDuty integrations. As a result, the user selects the severity level of Threat Stack alerts to push to PagerDuty. Any Threat Stack alerts that match the selected severity level automatically push to PagerDuty and result in PagerDuty incidents and notifications.

Tip

As soon as Threat Stack receives an alert that matches the push notification criteria, it pushes an alert notification to PagerDuty.

Prerequisites

  • Access to the Threat Stack console and ownership of the Threat Stack organization
  • A Basic, Standard, or Enterprise PagerDuty account with API access

Configure Integration

  1. Log into Threat Stack.
  2. Go to Settings > Integrations tab > PagerDuty section.


    PagerDutySection.png

  3. Click the Alert with PagerDuty button. A new window opens. The PagerDuty Authorize Threat Stack to integrate with your account? page displays.


    PagerDutyAuthPg.png

  4. In the E-mail field, type your PagerDuty e-mail address.
  5. In the Password field, type the password associated with the PagerDuty e-mail address.
  6. Click the Authorize Integration button. The Configure the Threat Stack integration page displays.


    PagerDutyConfigPg.png

  7. Select the Use an integration or an existing service radio button.
  8. From the drop-down menu, confirm Threat Stack Service (Threat Stack) is selected.
  9. Click the Finish Integration button. The PagerDuty window closes.
  10. In the Threat Stack window, in the PagerDuty section, from the Alert severity levels drop-down menu, select the severity level of alerts to push to PagerDuty.


    PagerDutyTSDone.png

  11. Click the Trigger button. The PagerDuty integration is now live. When a user receives a PagerDuty notification, they can view details about the incident and/or click the View in Threat Stack link to go directly to the Threat Stack alert.
Slack
 

Overview

Threat Stack uses the Slack Webhooks API to configure seamless Slack integrations. As a result, any Threat Stack alerts that match the selected severity level automatically push as notifications to a selected Slack channel.

Tip

As soon as Threat Stack receives an alert that matches the push notification criteria, it pushes an alert notification to Slack.

Prerequisites

  • Access to the Threat Stack console
  • A Slack administrator account with access to the Slack webhooks API
  • A Slack channel dedicated to Threat Stack alert notifications

Tip

Use side-by-side browser windows – one for Slack and one for Threat Stack – to complete these instructions.

Configure Integration

Configure Custom Slack Webhook URL

  1. Log into Slack.
  2. In Slack, go to the Slack webhooks API.


    SlackAddConfig.png

  3. Click the Add Configuration button. The Incoming WebHooks page displays.


    SlackIncomWebhookPg.png

  4. From the Post to Channel drop-down menu, select the dedicated alert notifications channel.
  5. Click the Add Incoming WebHooks integration button. The Setup Instructions page displays.


    SlackWebhookURL.png

  6. In the Webhook URL field, copy the URL.

Configure Threat Stack Slack Integration

  1. Log into Threat Stack.
  2. Go to Settings > Integrations tab > Slack section.


    SlackTSDone.png

  3. In the Name field, type a name for the integration.
  4. In the Description field, type a description of the integration.
  5. In the Webhook URL field, paste the URL copied in step 6 of the “Configure Custom Slack Webhook URL” procedure.
  6. From the Alert Severity drop-down menu, select the severity of the alert(s) to push to Slack.
  7. Click the Save button. The Slack integration is now live. The dedicated Slack alert notification channel contains an automated integration confirmation message.


    SlackAutoNotify.png

Tip

Threat Stack recommends intentionally causing an alert to test the Slack integration.

VictorOps
 

Overview

Threat Stack uses the VictorOps REST API to configure seamless VictorOps integrations. As a result, any Threat Stack alerts that match the selected severity level automatically push as notifications to your selected VictorOps channel.

Tip

As soon as Threat Stack receives an alert that matches the push notification criteria, it pushes an alert notification to VictorOps.

Prerequisites

  • Access to the Threat Stack console
  • A VictorOps administrator account with access to the VictorOps REST API

Tip

Use side-by-side browser windows – one for VictorOps and one for Threat Stack – to complete these instructions.

Configure Integration

Configure Custome VictorOps REST Endpoints

  1. Log into VictorOps.
  2. Go to Settings > Alert Behavior > Integrations.


    VictorOpsIntegration.png

    The Integrations page displays.

    VictorOpsTS.png

  3. Scroll down the list of integrations and click Threat Stack. The Threat Stack page displays.


    VictorOpsTSPg.png 

  4. Click the Enable Integration button. The integration enables.
  5. In the Service API Endpoint field, copy the URL up to /$routing_key.

    Note

    The string of numbers and letters after alert/ are unique to your account.

    VictorOpsURL.png

Configure Threat Stack VictorOps Integration

  1. Log into Threat Stack.
  2. Go to Settings > Integrations tab > VictorOps section.


    VictorOpsTSDone.png

  3. In the Name field, type a name for the integration.
  4. In the Description field, type a description of the integration.
  5. In the Webhook URL field, paste the URL copied in step 5 of the “Configure Custom VictorOps REST Endpoint” procedure.
  6. From the Alert Severity drop-down menu, select the severity of the alert(s) to push to VictorOps.
  7. Click the Save button. The VictorOps integration is now live.
Threat Stack Webhooks API
 

Overview

The Threat Stack Webhooks API pushes trigger-based alerts to a specific URL and allows Threat Stack users to operationalize alert data in near-real time. The Webhooks API batches alerts by severity for an organization.

Tip

The Threat Stack Webhooks API pushes batched alerts to the your webhook endpoint every 10 seconds.

Prerequisites

  • Access to the Threat Stack console
  • Access to a third-party integration in which to receive Threat Stack alerts

Configure Integration

For configuration instructions, see the Threat Stack Webhooks API documentation.

Note

While the Threat Stack Webhooks API integrates with any third-party push notification application that supports webhooks, troubleshooting of those third-party integrations is the responsibility of the user, not Threat Stack.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.