Connections

Increase efficiency and your security posture by connecting Alert Logic to your third-party applications and services. The Connections feature in the Alert Logic console includes connections and templated connections, which enable automated workflows between Alert Logic and your external systems.

You can create connections to enable interactions initiated from Alert Logic such as notifications and responses. If you want to collect data from your third-party systems, use the Application Registry or system/application log configuration.

Connection versus templated connection

A connection allows you to define common authentication path and credential references that you can use to connect Alert Logic to your external systems. When you configure a simple response, for example, you create a connection to the external system that you want to include in your automation. You can also create a connection from the Connections page.

A templated connection combines a connection with a payload template. The template specifies which fields to include from the payload, for example, an Alert Logic incident payload. The payload template formats the payload for compatibility with your external system. Notifications, which allow you to send a message or generate an IT service management (ITSM) ticket from a security event automatically, require a templated connection. You can create a templated connection from the Templated Connections tab on the Connections page.

Access the Connections page

To access the Connections page, click the navigation menu icon (), click Configure, and then click Connections.

Connection configuration

Application requirements vary and often require different information. For specific configuration instructions, see:

When configuring a templated connection, you must select or create a connection first.

Connection types

Alert Logic offers connections to commonly used applications and services in several business categories. If you need to create a connection for a different system, an experienced DevOps professional can configure the universal webhook by using information in the vendor documentation.

Ticketing

Connections are available for these ITSM systems:

  • Atlassian Jira Software (Jira)
  • Jira Service Desk
  • ServiceNow

Messaging

Connections are available for these messaging or team collaboration systems:

  • Microsoft Teams
  • Slack
  • PagerDuty

API Connections

You can configure an AWS IAM Role connection for integrations with Amazon Web Services (AWS).

Endpoint Detection and Response

Connections are available for these endpoint detection and response systems:

  • SentinelOne
  • Microsoft Azure

Universal

To create a connection for an external system that is not listed, an experienced DevOps professional can configure a Webhook connection for any HTTP endpoint.

Alert Logic provides several fully supported connections for commonly used systems. Customers are responsible for correctly configuring a universal webhook for other applications. To assist your experienced DevOps professional with troubleshooting, Alert Logic passes through all error messages sent by the target application.

Templated Connection Types

Alert Logic offers templated connections for commonly used ticketing and messaging systems. If you need to create a templated connection for a different system, an experienced DevOps professional can configure a universal templated connection by using information in the vendor documentation.

Ticketing

Templated connections are available for these ITSM systems:

  • Atlassian Jira Software (Jira)
  • Jira Service Desk
  • ServiceNow

Messaging

Templated connections are available for these messaging or team collaboration systems:

  • Microsoft Teams
  • Slack
  • PagerDuty

Universal

To create a templated connection for an external system that is not listed, an experienced DevOps professional can configure one of the universal templated connections:

  • Webhook—You can configure this type of templated connection to send security notifications to any HTTP endpoint. Alert Logic provides a sample payload that you can customize for compatibility with the external system and your security goals.
  • Email—You can configure this type of templated connection to send incident notifications to any web server configured to accept email requests. With this option, the incident payload that Alert Logic sends is not customizable, but you can customize the email subject.
Alert Logic provides several fully supported templated connections for commonly used systems. Customers are responsible for correctly configuring a universal templated connection for other applications. To assist your experienced DevOps professional with troubleshooting, Alert Logic passes through all error messages sent by the target application.

Connection management

You can view a list of connections and templated connections created in your account from the Connections page. You can also delete and edit existing connections and templated connections. For more information, see Manage Connections and Manage Templated Connections.