Open Samrose-Ahmed opened 1 year ago
Hey guys, great to see this on the roadmap. Would love to see TheHive on the list as well.
Hey Guys ,
It would be really nice to have below as part of external integrations in general.
1.Webhook - This can solve lot of generic use cases.
Great suggestions, especially step functions. Adding to the list.
Yeah , I have used socless and this idea comes from there . Stepfunctions also helps in approval based workflow where a user can be reached out to confirm if a given alert is indeed triggered due to a genuine use or any unauthorised use which can further be taken ahead by SOC Analyst. This reduces burden on SOC analyst to address every alert.
Adding the link to socless framework to provide context to the ask.
Doc Link: https://twilio-labs.github.io/socless/ Reference to human based confirmation in socless : https://twilio-labs.github.io/socless/tutorial-interacting-with-humans-via-slack/ Repository : https://github.com/twilio-labs/socless
Are you looking for contributions on this front, or is this something actively in progress?
I believe @shaeqahmed was working on some integrations, starting with a Slack integration, but we are definitely happy to accept any contributions. Is there a specific integration you are interested in?
It would be nice to have standalone AWS lambda as a trigger as well in case there is not much complex workflow to have a step function.
It would be nice to have standalone AWS lambda as a trigger as well in case there is not much complex workflow to have a step function.
SNS was recently added as a destination. You could hook SQS + Lambda into that topic.
Tracking for integrating Matano alerts with external systems
Destinations
Design
Integration
@shaeqahmed