Integration Hub
The CloudGuard Integrations central hub enables seamless integration with internal and external third-party applications, APIs, and services. Integrations enhance CloudGuard functionality to provide a unified security view of your cloud environments.
On the All Integrations page, you can create, search, edit, and delete CloudGuard integrations.
On the Configured Integrations page, you can view, search, edit, and delete configured CloudGuard integrations.
Editing or deleting an Integration
-
From the left menu, click Integration Hub.
-
Click on the icon for the integration.
The sliding window opens.
-
Edit the integration, or click the delete (trash can) icon to delete it.
Note - You cannot delete an integration that is currently in use.
-
Click Save.
Integrations that Can Be Configured on the Integrations Page
Events and Logging
-
Splunk is a data collection, monitoring, and analysis system. You can configure CloudGuard to send Posture findings to it, from where they can be seen, searched, and analyzed. See Configure Splunk as a Log system for CloudGuard
-
IBM QRadar is an enterprise security information and event management (SIEM) system. It collects log data from an enterprise, its network devices, host assets and operating systems, applications, vulnerabilities, and user activities and behaviors. See Sending Findings to QRadar
-
Sumo Logic is a cloud-native, real-time, unified logs, and metrics analytic platform. You can configure CloudGuard to send Posture findings to Sumo with an HTTP endpoint. See Configure Sumo Logic as a Log system for CloudGuard
Ticketing Systems
-
ServiceNow is a SaaS incident response system. You can configure CloudGuard to send alerts to ServiceNow, with a custom application, available in the ServiceNow Store. See Sending Alerts to ServiceNow and
Use CloudGuard as a ServiceNow Provider -
Jira is a platform that combines issue collection and agile project management capabilities. You can configure CloudGuard to send Posture findings to Jira with an HTTP endpoint. See Sending Reports to Jira
-
PagerDuty is a SaaS-based incident response system. You can configure CloudGuard to send Posture findings to PagerDuty, from where they can be managed as incidents. See How to configure PagerDuty with CloudGuard
Collaborations and Messaging
-
Generic Webhook
-
AWS SNS, which stands for Simple Notification Service, is a cloud-based web service that sends messages. You can configure CloudGuard to send its system events to an SNS target and then configure SNS to forward these messages to different destinations (emails included). See Sending System Notifications to AWS SNS
-
Microsoft Teams is a business communication platform developed by Microsoft that offers workspace chat and videoconferencing, file storage, and application integration. You can configure CloudGuard to send summaries of Posture findings to Teams through a Notification that connects to Teams with an HTTP webhook. See Integration with Microsoft Teams
-
Sentra is a Data Security Posture Management (DSPM) platform that classifies cloud assets by data sensitivity. See Classifying Assets with Sentra .
-
Slack is a SaaS-based collaboration and messaging tool. You can configure CloudGuard to send summaries of Compliance findings to Slack, with a Notification that connects to Slack with an HTTP webhook. See How to configure CloudGuard to send events to Slack
-
Email
Vulnerability Security Scanner-
Tenable.io provides information about vulnerabilities in cloud environments. It can be configured to provide this information to CloudGuard, where it can be seen on the Events page. See Configuring Tenable.io as a Provider for CloudGuard.
Cloud Services
-
Microsoft Defender for Cloud - Microsoft solution for cloud security posture management (CSPM) and cloud workload protection (CWP) that finds weak spots across your cloud configuration, helps strengthen the overall security posture of your environment, and can protect workloads across multi-cloud and hybrid environments from evolving threats. You can configure CloudGuard to send Compliance findings to the Defender. See Sending Findings to Azure Defender for Cloud
-
GCP Security Command Center - The Google Cloud Security Command Center is a GCP
Google® Cloud Platform - a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, Google Drive, and YouTube. service for security management and data risk assessment. It aggregates information security issues and risks on your GCP resources and gives centralized visibility and control of your cloud data and services. You can configure CloudGuard to send Compliance findings to the Command Center. See Configure CloudGuard as a source for the Google Cloud Security Command Center (CSCC) -
AWS Security Hub - AWS
Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. Security Hub provides you with a comprehensive view of your security state in AWS and helps you assess your AWS environment against security industry standards and best practices.Security Hub collects security data across AWS accounts, AWS services, and supported third-party products and helps you analyze your security trends and identify the highest priority security issues. See Configuring CloudGuard as an AWS Security Hub Provider.
System Audit
-
SNS Audit - see Sending System Notifications to AWS SNS.
Other Integrations
Data Sensitivity (DSPM)
-
Amazon Macie - see Data Sensitivity.
-
Azure PureView - see Data Sensitivity.
Cloud Services
-
Amazon Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure. See AWS Policies and Permissions.
-
Amazon GuardDuty is an Amazon threat-detection service that continuously monitors logs for signs of malicious activity, infected hosts, and unauthorized behavior in your AWS account. See Integrating Amazon GuardDuty Findings with CloudGuard
-
GCP Eventarc is a Google Cloud Platform service that allows you to asynchronously send events from other Google services, SaaS, and your apps. See Sending Findings to Eventarc
-
Microsoft Defender for Cloud - Microsoft solution for cloud security posture management (CSPM) and cloud workload protection (CWP) that finds weak spots across your cloud configuration, helps strengthen the overall security posture of your environment, and can protect workloads across multi-cloud and hybrid environments from evolving threats. You can configure CloudGuard to send Compliance findings to the Defender. See Sending Findings to Azure Defender for Cloud
-
GCP Security Command Center - The Google Cloud Security Command Center is a GCP service for security management and data risk assessment. It aggregates information security issues and risks on your GCP resources and gives centralized visibility and control of your cloud data and services. You can configure CloudGuard to send Compliance findings to the Command Center. See Configure CloudGuard as a source for the Google Cloud Security Command Center (CSCC)
Platforms (Cloud providers)
-
AWS - see Unified Onboarding of AWS Environments.
-
Azure - see Onboarding an Azure Subscription.
-
GCP - see Onboarding a Google Cloud Platform (GCP) Project and Google Workspace.
-
Alibaba Cloud - see Onboarding Alibaba Cloud Accounts.
-
OCI - see Onboarding Oracle Cloud Infrastructure Environments.
-
Kubernetes - see Onboarding Kubernetes Clusters.
-
Container Registry - see Onboarding Container Registries.
-
ShiftLeft - see Create a ShiftLeft Environment and Service Account.