As you may have guessed from the name, Integrations are used to connect Wallam WAF with other systems and tools that you use in your work.
You can see which integrations you have already configured and which are available on the Integrations page in your Account Settings. We divide all integrations into two categories: “Reports” and “Incident Management and SIEM Systems”. The first category is used to send reports to an email or instant messengers. The second is for transferring logs and events of Wallarm to third-party systems.
In 2019, we actively developed our Integrations – added support for PagerDuty and expanded support for Splunk® Enterprise Security.
PagerDuty is a widespread incident processing platform that can handle incoming events through various integrations, set up the duty order, and notify the duty engineer in different ways depending on the level of the incident. By the way, we use PagerDuty in Wallarm to work with various incidents.
You probably heard about Splunk Enterprise Security – it is a platform for collecting, storing, processing, and analyzing machine data, that is, logs. Splunk is one of the market leaders in SIEM systems, which is extremely popular in the US and Europe. To make Splunk integration richer, we started supporting the ability to upload all information about security events. Now you can analyze everything that happens with your system in one place!
By the way, if you use Splunk Phantom together with Splunk Enterprise, then our technical support can help with obtaining information about attacks and vulnerabilities in Splunk Phantom.
What to do if integration with the product you need is not yet in Wallarm WAF? Tell us about it – write to your AE in Wallarm or send an email to firstname.lastname@example.org! We consider all improvement requests from our customers. If you prefer not to wait for development, then you can use our API – https://console.wallarm.com/. With it, you can not only access security events but also manage the system.
We are currently working on support for importing events into IBM QRadar! IBM QRadar is one of the leading SIEM systems products that help security services improve the accuracy of enterprise-wide threat detection and prioritize them.
There is another functionality that we want to talk about. Current Integrations do not allow flexible configuration of notification policies for various attacks. Therefore, we are developing a new mechanism called Triggers, a convenient tool for setting notification rules (and more…). Their development is approaching the final stages, and soon we will not only tell you what we did, but you will also be able to try working with Triggers in your Wallarm dashboard. Stay tuned for our updates!