Threat Stack Enhances Integration Framework to Unify Security and Operations Teams
March 07, 2018

Threat Stack announced enhancements to its integration framework to enable deep security insights and continuous improvement across Security and Operations teams.

The framework expands Threat Stack’s existing integrations with Slack, VictorOps, and PagerDuty to security analytics and SIEM platforms like Splunk, Sumo Logic, and Graylog to unify security and operations teams and enable proactive, automated cloud security management.

The Threat Stack integration framework is powered by a combination of RESTful APIs and Webhooks to allow customers to consume the rich, context-driven information from Threat Stack in a variety of use cases for alert, event, vulnerability, and threat analytics. It also allows customers to drive notifications and remediation workflows via integration with systems like OpsGenie, Jira, GitLab, and more.

“Threat Stack has always provided unprecedented data and context for customers to respond to security incidents,” said Aditya Joshi, Threat Stack EVP of Products and Technology. “The data-rich insights enabled by our enhanced integrations allow Security teams’ value to shift from point-in-time reaction to proactive risk reduction with powerful analytics that highlight patterns and trends across their environments. We’ve seen customers realize this value in how they understand and communicate risk across their own organizations and to their customers.”

The Threat Stack integration framework allows DevOps teams to build custom workflows based on security alerts, while security teams benefit from the combination of Threat Stack data with feeds to tools and services like Splunk, Graylog, Sumo Logic, AWS S3, and Glacier. Several Threat Stack customers are using the integration framework for a wide variety of use cases.

- Enabling Frictionless SecOps with OpsGenie Integration – With Threat Stack integration, OpsGenie acts as a dispatcher for alerts, determining the right people to notify based on on-call schedules, notifying them using email, text messages (SMS), phone calls, and iPhone and Android push notifications, and escalating alerts until the alert is acknowledged or closed. This allows operations teams to monitor Threat Stack alerts in the same place they’re already working, saving them time, while decreasing the likelihood they’ll miss something important that could cause a breach.

- Improving Security Posture with SIEM Integration – Beyond the insight Threat Stack provides into cloud infrastructure where it is deployed, Threat Stack data also can be used to enhance and provide context to other feeds. For example, combining Threat Stack data with Guard Duty in a SIEM provides valuable user and application context for network events that the SIEM receives.

- Driving Security Prioritization through Security Orchestration with Graylog Integration – Threat Stack leveraged its own integration framework to develop an internal security orchestration application that pulled from Threat Stack data, internal apps, and vendor data sources from operations that extend beyond AWS – aggregating them into Graylog to analyze trends from alert data, and ultimately automate workflows to Ops with security insight. This integration provided enhanced visibility across forensic data to enable Security and Operations teams to drive improved security policy.

Share this

Industry News

October 03, 2022

Spectro Cloud announced a major new release of its Palette Edge platform.

October 03, 2022

Arcion announced agentless change data capture (CDC) for all of its supported databases and applications.

September 29, 2022

CloudBees announced the acquisition of ReleaseIQ to expand the company’s DevSecOps capabilities, empowering customers with a low-code, end-to-end release orchestration and visibility solution.

September 29, 2022

SmartBear continues expanding its commitment to the Atlassian Marketplace, adding Bugsnag for Jira and SwaggerHub Integration for Confluence.

Bugsnag developers monitoring application stability and documenting in Jira no longer need to interrupt their workflow to access the app. Developers working in SwaggerHub can use the macro to push API definitions and changes directly to other teams and business stakeholders that work within Confluence. By increasing the presence of SmartBear tools on the Atlassian Marketplace, the company continues meeting developers where they are.

September 29, 2022

Ox Security exited stealth today with $34M in funding led by Evolution Equity Partners, Team8, and M12, Microsoft's venture fund, with participation from Rain Capital.

September 29, 2022

cnvrg.io announced that the new Intel Developer Cloud is now available via the cnvrg.io Metacloud platform, providing a fully integrated software and hardware solution.

September 28, 2022

Kong introduced a number of new performance, security and extensibility features across its entire product portfolio, including major new releases of Kong Gateway, Kong Konnect, Kong Mesh, Kong Insomnia and Kong Ingress Controller, as well as new projects from the Kong Incubator.

September 28, 2022

BroadPeak Partners announced the availability of the new K3 API Connector.

September 28, 2022

Aqua Security announced a new end-to-end software supply chain security solution.

September 27, 2022

DevOps Institute will host SKILup Festival in Singapore on November 15, 2022.

September 27, 2022

Delinea announced the latest release of DevOps Secrets Vault, its high-speed vault for DevOps and DevSecOps teams.

September 27, 2022

The Apptainer community announced version 1.1.0 of the popular container system for secure, high-performance computing (HPC). Improvements in the new version provide a smaller attack surface for production deployments while offering features that improve and simplify the user experience.

September 26, 2022

Secure Code Warrior unveiled Coding Labs, a new mechanism that allows developers to more easily move from learning to applying secure coding knowledge, leading to fewer vulnerabilities in code.

September 26, 2022

ActiveState announced the availability of the ActiveState Artifact Repository.

September 26, 2022

Split Software announced the availability of its Feature Data Platform in the Microsoft Azure Marketplace.