Threat Stack Integration

Threat Stack protects cloud-based systems against insider threats, external attacks, data loss, etc. Use the Threat Stack Integration to get notifications from Opsgenie based on events that happened in Threat Stack.

What does Opsgenie offer Threat Stack users?

With the Threat Stack Integration, Opsgenie acts as a dispatcher for these alerts and determines the right people to notify based on on-call schedules– notifies via email, text messages (SMS), phone calls, and iPhone & Android push notifications, and escalates alerts until the alert is acknowledged or closed.

Functionality of the Integration

  • When an alert is created in Threat Stack, an alert is automatically created in Opsgenie.

Add Threat Stack Integration in Opsgenie

  1. Please create an Opsgenie account if you haven't so already.
  2. Go to Opsgenie ThreatStack Integration page.

For Free and Essentials plans, you can only add the integrations from the Team Dashboards, please use the alternative instructions given below to add this integration.

  1. Specify who is notified of Threat Stack alerts using the Teams field. Auto-complete suggestions are provided as you type.

An alternative for Step 2) and Step 3) is to add the integration from the Team Dashboard of the team which will own the integration. To add an integration directly to a team, navigate to the Team Dashboard and open Integrations tab. Click Add Integration and select the integration that you would like to add.

  1. Copy the Webhook URL.
  2. Click Save Integration.

Configuration in Threat Stack

  1. In Threat Stack, go to "Configurations" and select the "Integrations" tab.
  2. Navigate to "Webhook API".
  3. Fill in the Name and Description fields.
  4. Paste the integration API URL copied previously into the "Webhook URL" field.
  5. Select which severity level to fire alerts for in the "Alert Severity" field.
  6. Click Save.

Sample payload sent from Threat Stack

{
"created_at": 1459447024000,
"id": "56fd65138c1e0c173af5a3de",
"organization_id": "545d0293b620cd090d000023",
"server_or_region": "Threat_Stack_Demo_Ubuntu1",
"severity": 3,
"source": "Host",
"title": "Threat Intelligence Activity: Communication to openbl by 185.110.132.54"
}

Sample alert