Integrations

CloudGuard operates with a number of third-party systems upstream (sources of asset and compliance findings information) and downstream (log collectors, ticketing and messaging systems):

Cloud Security Posture Providers

Tenable.io provides information about vulnerabilities in cloud environments. It can be configured to provide this information to CloudGuard, where it can be seen on the Events page.

See Configuring Tenable.io as a Provider for CloudGuard.

Cloud Security Threat Detection

Amazon GuardDuty is an Amazon threat-detection service that continuously monitors logs for signs of malicious activity, infected hosts, and unauthorized behavior in your AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. account. See Integrating Amazon GuardDuty Findings with CloudGuard

Communication and Collaboration Systems

Slack is a SaaS-based collaboration and messaging tool. You can configure CloudGuard to send summaries of Compliance findings to Slack, with a Notification that connects to Slack with an HTTP webhook.

See How to configure CloudGuard to send events to Slack

Microsoft Teams is a business communication platform developed by Microsoft that offers workspace chat and videoconferencing, file storage, and application integration. You can configure CloudGuard to send summaries of Posture findings to Teams through a Notification that connects to Teams with an HTTP webhook.

See Integration with Microsoft Teams

Issue Management Systems

Jira is a platform that combines issue collection and agile project management capabilities. You can configure CloudGuard to send Posture findings to Jira with an HTTP endpoint.

See Sending Reports to Jira

PagerDuty is a SaaS-based incident response system. You can configure CloudGuard to send Posture findings to PagerDuty, from where they can be managed as incidents.

See How to configure PagerDuty with CloudGuard

ServiceNow is a SaaS incident response system. You can configure CloudGuard to send alerts to ServiceNow, with a custom application, available in the ServiceNow Store.

See Sending Alerts to ServiceNow and Use CloudGuard as a ServiceNow Provider

Log Collectors

Splunk is a data collection, monitoring, and analysis system. You can configure CloudGuard to send Posture findings to it, from where they can be seen, searched, and analyzed.

See Configure Splunk as a Log system for CloudGuard

IBM QRadar is an enterprise security information and event management (SIEM) system. It collects log data from an enterprise, its network devices, host assets and operating systems, applications, vulnerabilities, and user activities and behaviors.

See Sending Findings to QRadar

AWS SNS, which stands for Simple Notification Service, is a cloud-based web service that sends messages. You can configure CloudGuard to send its system events to an SNS target and then configure SNS to forward these messages to different destinations (emails included).

See Sending System Notifications to AWS SNS

Sumo Logic is a cloud-native, real-time, unified logs, and metrics analytic platform. You can configure CloudGuard to send Posture findings to Sumo with an HTTP endpoint.

See Configure Sumo Logic as a Log system for CloudGuard

Eventarc is a Google Cloud Platform service that allows you to asynchronously send events from other Google services, SaaS, and your apps.

See Sending Findings to Eventarc

Security Management Systems

GCP Security Command Center - The Google Cloud Security Command Center is a GCPClosed Google® Cloud Platform - a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, Google Drive, and YouTube. service for security management and data risk assessment. It aggregates information security issues and risks on your GCP resources and gives centralized visibility and control of your cloud data and services. You can configure CloudGuard to send Compliance findings to the Command Center.

See Configure CloudGuard as a source for the Google Cloud Security Command Center (CSCC)

AWS Security Hub - The AWS Security Hub is an AWS service on which you can centrally see and manage security alerts from your cloud resources, and automate compliance checks. You can configure CloudGuard to send findings to the hub, from where they can be seen and managed.

See Configuring CloudGuard as an AWS Security Hub Provider

Microsoft Defender for Cloud - Microsoft solution for cloud security posture management (CSPM) and cloud workload protection (CWP) that finds weak spots across your cloud configuration, helps strengthen the overall security posture of your environment, and can protect workloads across multi-cloud and hybrid environments from evolving threats. You can configure CloudGuard to send Compliance findings to the Defender.

See Sending Findings to Microsoft Defender