Blog Categories Application Security Cloud Security Compliance Container Security & Orchestration DevSecOps General Professional Development SOC Threat Intel Threat Stack Uncategorized Subscribe Now x Subscribe to Our Blog! DevSecOps 3 Min Read What’s In Our SecOps Stack: 6 Top Integrations Mark Moore August 15, 2018 When it comes to creating a solid SecOps program, an organization must consider people, processes, and technology. It’s not one area that makes a secure program, but a combination of all three working together. As good as our people are, however, they would not get far without systematic processes backed by powerful tools and integrations. Here at Threat Stack, we use the following tools to ensure that our organization is safe, secure, and operating effectively. Today, we’re sharing information about some of the top integrations we use at Threat Stack. By using these tools, we’re able to create processes that set our people up for success. 1. Internally Built Orchestration App To integrate many of our systems, we use an internally built security orchestration app (SOAR). We created this custom internal app to receive, store, and perform actions on information from different sources (such as AWS, Cloudflare, Threat Stack itself, and others). Alerts from our own Threat Stack monitoring platform are received, and additional context is obtained for each alert by calling the same API our customers can use. We chose to build our own app because we felt we could take an event-driven framework in a language we all knew and easily extend it to meet our needs, incorporating our internal detection and automated response systems. The decision to build vs. buy is often a difficult one for organizations, so building an orchestration app from scratch is not a choice we would have made if our team or organization looked different. 2. Threat Stack Cloud Security Platform Yes, we eat our own dog food. We use our own cloud security platform to detect alerts and misconfigurations. By using Threat Stack, we’re able to reduce the risk of breach by detecting security incidents and malicious behavior, ensure compliance, and enable innovation without sacrificing velocity. 3. Graylog Graylog is a tried-and-true tool at our organization, used by our Operations team for log management. Our Security team adapted the tool for our own purposes, using our SOAR application to push and pull data, including Threat Stack alerts, to various systems. SOAR both pushes information to Graylog, and pulls out Graylog alerts, which are sent to tools like Slack and PagerDuty to notify our staff of any potentially anomalous activity. In essence, Graylog is doing double duty as a log management and SIEM tool. 4. Cloudflare Most organizations use a DNS provider, WAF, or CDN to ensure that web traffic is flowing properly both to and from their site while filtering out malicious traffic before it makes its way to their servers. At Threat Stack, we use Cloudflare for those purposes. We use the logs generated from Cloudflare received requests to feed into our internal orchestration app. Via Graylog monitoring of those logs, we can also feed in Threat Stack alerts, and other data sources, to discover whether any anomalies in web traffic are a cause for concern. 5. Slack We use Slack primarily to keep our team members on the same page, in real time, but it’s also a useful tool to aggregate alerts. This integration streamlines security with SecOps team workflows so issues can be responded to (and remedied) as quickly as possible. These alerts allow our team to be more proactive about security. 6. PagerDuty PagerDuty is one of the best tools for aggregating information for engineering and IT systems in one place, as it displays operations systems, teams, and data in a single console. It makes managing and responding to incidents in real time much easier. Among other applications, we use PagerDuty to alert security team members in the on-call rotation about their temporary credentials, as well as manage other security events that need immediate response. Integrations at Threat Stack Threat Stack integrates with a wide array of tools using APIs and Webhooks, allowing SecOps teams to create an environment that works seamlessly to detect events and vulnerabilities. Ultimately, it’s up to individual teams to decide which tools make them most effective, but we find that Threat Stack’s system ensures that we are aware of issues in real time, and that nothing slips through the cracks. Tags:IntegrationsSecOps Best Practices You Might Also Like... Best SecOps Tools: 50 Must-Have Tools For Your SecOps Arsenal Five OpSec Best Practices to Live By The 5 Ingredients of a Successful SecOps Implementation How to Apply DevOps Culture to Security & Why You Should Do It About Mark Moore As a Senior Software Security Engineer on Threat Stack’s Security team, Mark focuses on guiding development teams in the practice of secure application coding that meets our data security and compliance standards. He also codes secure applications himself as well as building security-related services and product features. Prior to Threat Stack, Mark gained extensive full stack application development experience in large companies and small startups with a special focus on application security. View more posts by Mark Moore Request a Demo Share this Blog