Skip to content

Latest commit

 

History

History
73 lines (58 loc) · 3.46 KB

README.md

File metadata and controls

73 lines (58 loc) · 3.46 KB
Raw

Aqua OpsGenie Plug-in

Send Aqua's security issues to OpsGenie

OpsGenie Plug-in is compatible with Aqua Cloud Native Security Platform 4.x

Description

The OpsGenie plug-in extends Aqua CSP with the ability to open tickets in your OpsGenie account. The plug-in is delivered as an image that should be pushed into the Aqua CSP Kubernetes cluster. Configuring the plug-in is done through the deployment yaml file.

Tickets types sent to OpsGenie -

Aqua opens the following security ticket types:

Context Ticket type
Scanning Images that failed the security scans and are non-compliant
Scanning Hosts that failed the security scans and are non-compliant
Assurance Attempts to push non-compliant or unregistered images to the cluster
Runtime Suspicious or unauthorized activity in a container
Runtime Suspicious or unauthorized network activity at the container level

Example: Host Failed Assurance Policy Host ticket

Example: Unauthorized File Execution Detected Runtime ticket

Implementation Requirements

Deploying the OpsGenie plug-in

  1. Clone the GitHub OpsGenie repository in your working environment
git clone git@github.com:aquasecurity/opsgenie-plugin.git

  1. You can change the default tickets language in the template files at ./lc/

  2. Create a new secret to hold the OpsGenie API Key code

kubectl create secret -n <aqua namespace> generic lc-secrets --from-literal=opsgenie-apikey=<opsgenie-integration-key>
  1. Create a configmap from the local messages and configurations
kubectl create configmap aqua-lc-opsgenie-config -n <aqua namespace> --from-file=./lc/

  1. Configure OpsGenie behavior by editing the Kubernetes deployment yaml template. Copy opsgenie_deployment_template.yaml to opsgenie_deployment.yaml and change the following parameters -

    Context Field Description
    Cluster namespace Use Aqua's namespace
    Cluster service account Use Aqua's service account
    Database INPUT_PROPERTIES_PASSWORD Point to Aqua's db password secret
    Database INPUT_PROPERTIES_HOST Point to the Aqua's DB service
    Database COMMON_STORAGE_PROPERTIES_HOST Point to Aqua's DB service
    OpsGenie OUTPUT_PROPERTIES_ALERTRESPONDERS Set OpsGenie Responders field (see at https://docs.opsgenie.com/docs/alert-api)
    OpsGenie OUTPUT_PROPERTIES_ALERTVISIBLETO Set OpsGenie Visible To field (see at https://docs.opsgenie.com/docs/alert-api)

  2. Push the OpsGenie plug-in to the cluster :

kubectl create -f opsgenie_deployment.yaml

Troubleshooting and Support

To validate the integration check the logs of the plug-in

kubectl logs aqua-lc-opsgenie-<pod-unique-code> -n aqua

For support and questions please contact us at - community.plugins@aquasec.com

Disclaimer

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.