Threat Stack Integration

Threat Stack protects cloud-based systems against insider threats, external attacks, data loss, etc. By using Threat Stack Integration, you can get notifications from OpsGenie, based on events that happened in Threat Stack.

What does OpsGenie offers to Threat Stack users?

With Threat Stack Integration, OpsGenie acts as a dispatcher for these alerts, determining the right people to notify based on on-call schedules, notifying them using email, text messages (SMS), phone calls and iPhone & Android push notifications, and escalating alerts until the alert is acknowledged or closed.


Functionality of the integration

  • When an alert is created in Threat Stack, an alert will be automatically created in OpsGenie.

Add Threat Stack Integration in OpsGenie

  1. Please create an OpsGenie account if you haven't done already
  2. Go to OpsGenie ThreatStack Integration page,
  3. Specify who should be notified for Threat Stack alerts using the "Teams" field. Auto-complete suggestions will be provided as you type. 
  4. Copy the Webhook URL by clicking on the copy button or selecting.
  5. Click on "Save Integration".

Configuration in Threat Stack

  1. In Threat Stack, go to Configurations and select Integrations tab.
  2. Navigate Webhook API.
  3. Fill Name and Description fields.
  4. Paste integration API URL into Webhook URL.
  5. Select which severity level will fire alerts in Alert Severity field.
  6. Click Save button.

Sample payload sent from Threat Stack

{
"created_at": 1459447024000,
"id": "56fd65138c1e0c173af5a3de",
"organization_id": "545d0293b620cd090d000023",
"server_or_region": "Threat_Stack_Demo_Ubuntu1",
"severity": 3,
"source": "Host",
"title": "Threat Intelligence Activity: Communication to openbl by 185.110.132.54"
}

Sample alert