icon-zwp.svg
Posture Control (ZPC)

About Third-Party Integrations

Security Information and Event Management (SIEM) solutions collect security data from security systems, network devices, servers, domain controllers, etc. The tools store, aggregate and apply analytics to that data to discover trends, detect threats, anomalies, enabling the security team to investigate these threats and any alerts from all of their security tools in one place.

You can integrate ZPC with the following third-party tools:

  • SIEM and ITSM tools for data analysis, incident management, and remediation.
  • Cloud storage services such as Amazon simple storage service (Amazon S3) and send the system audit logs and alert notifications to an S3 bucket for further evaluation.
  • ChatOps tools like Slack and send notifications to specific Slack channels.

Third-party integration includes the following benefits and enables you to:

  • Have increased visibility into the security posture of your cloud infrastructure, identify potential threats, and take immediate action.
  • Reduce the number of false positive alerts and focus on real threats.
  • Integrate the SIEM solutions with other tools or services, such as Amazon S3, Azure Blob Storage, etc. for storage, auditing, or further evaluation.

About the Integrations Page

On the Integrations page (Administration > Integrations), you can view the integrations for:

    1. View the list of cloud storage integrations. For each integration, you can see:
      • Cloud Storage: The name of the cloud storage service (Amazon S3 Bucket or Azure Blob Storage).
      • Integration Name: The integration name.
      • Log Type: The type of data log (Alert or Audit Logs) that is sent to the storage service.
      • Last Sent: The date and time when the data was last sent to the storage service.
      • Status: The outcome (Success, Failed, Paused, or Pending) of the previous data transfer.
      • Data Transfer: The state (Enabled or Disabled) of data transfer.

    By default, the data transfer is enabled. If you want to pause the transfer without deleting the integration, select the toggle to disable the data transfer. If any data transfer is in progress, the activity is completed and then the data transfer is disabled.

    1. Add a cloud storage integration.
    2. Edit a cloud storage integration.
    3. Delete a cloud storage integration.

    Cloud storage integrations

    Close
    1. View the list of ITSM integrations. For each ITSM integration, you can see:
    • IT Service: The name of the service (Jira or ServiceNow).
    • Integration Name: The integration name.
    • Hostname: The host name for the service.
    • Log Type: The type of data log (Alert or Audit Logs) that is sent to the IT service.
    • Last Sent: The date and time when the data was last sent to the IT service.
    • Status: The outcome (Success, Failed, Paused, or Pending) of the previous data transfer.
    • Data Transfer: The state (Enabled or Disabled) of data transfer.
    1. Add an ITSM integration.
    2. Sort the column data.
    3. Enable or disable the data transfer.
    4. Edit an ITSM integration.
    5. Delete an ITSM integration.

    ITSM integrations

    Close
    1. View the list of Slack integrations. For each integration, you can see:
    • Service: The name of the service (Slack).
    • Integration Name: The integration name.
    • Channels: The number of channels that are added for sending notifications.
    • Last Sent: The date and time when the data was last sent to the Slack channels.
    • Status: The outcome (Success, Failed, Paused, or Pending) of the previous data transfer.
    • Data Transfer: The state (Enabled or Disabled) of data transfer.
    1. Add a Slack integration.
    2. Sort the column data.
    3. Enable or disable the data transfer.
    4. Edit a Slack integration.
    5. Delete a Slack integration.

    Slack integrations

    Close

The Integrations page

Related Article
About Third-Party Integrations