Threat Stack

Send notifications to Squadcast from Threat Stack

Threat Stack provides full-stack cloud security observability and compliance for infrastructure and applications.

Route detailed events from Threat Stack to the right users in Squadcast.

How to integrate Threat Stack with Squadcast

In Squadcast: Using Threat Stack as an Alert Source

Navigate to Services -> Service Overview -> select or search for your Service. Expand the accordion -> In the Alert Sources section, click Add.

2. Select Threat Stack. Copy the displayed Webhook URL to configure it within Threat Stack. Finish by clicking Add Alert Source -> Done.

Important:

When an alert source turns Active, it’ll show up under Configured Alert Sources, you can either generate a test alert from the integration or wait for a real-time alert to be generated by the Alert Source. An Alert Source is active if there is a recorded incident via that Alert Source for the Service.

In Threat Stack: Create a Squadcast Webhook

(1) From the Home Page, go to Settings

(2) Select the Integrations tab

(3) Scroll below to Webhook API. Give it a Name, paste the Webhook URL copied from Squadcast under URL and pick Alert Severity from the drop down to suit your needs. Click on Save

Pro Tip:

While choosing an option from the Alert Severity dropdown, in order to ensure all alerts reach Squadcast and you do not miss out on any by mistake, choose the option Fire Webhook for all alerts. This will ensure all alerts are reaching Squadcast.

Within Squadcast, you can choose how you want each of these alerts to be treated (i.e., you can choose to tag and route them to the right people based on severity, deduplicate, or suppress them to control alert noise).

That is it, you are good to go! Based on the "Alert Severity" value chosen while creating the Webhook, only notifications with those severity values would be created as incidents in Squadcast. You can then manually resolve incidents in Squadcast.

Things to Remember:

Webhook Concurrency Limit The Threat Stack Webhook API batches alerts by severity for an organization. The Webhook API pushes the batched alerts to the customer's webhook endpoint every 10 seconds. For example, you configure the Threat Stack Webhook API to only send you Severity 1 alerts. At 10:00:01 a.m., in the Threat Stack platform, you receive 15 alerts. Five are Severity 1 and ten are Severity 3. The Threat Stack Webhook API batches the five Severity 1 alerts and sends them to your receiving application at 10:00:10 a.m.
Configure Network Webhook Access Ensure the following IP addresses are open in your firewall to allow the Threat Stack Webhook API to push alerts to the Squadcast Webhook:
- 52.20.173.142
- 54.173.79.87
- 54.174.225.119

You can check out Threat Stack's documentation for more information.

FAQ:

Q: Does this integration support auto-resolution of incidents in Squadcast?

A: No, this integration does not support auto-resolution of incidents in Squadcast since Threat Stack does not send out alert resolve notifications via Webhook.

Have any other questions? Ask the community.

PreviousSysdig Monitor NextTrello

Last updated 1 year ago

Was this helpful?