External system integration
Relevant for: System administrators
This section describes how to integrate ASMS with external systems, such as linking directly to the Administration areas, CLI tools for batch operations, and SIEM systems.
Tip: For more details, see Run CLI batch processes and the ASMS API reference.
Link to Administration pages
Link directly to ASMS Administration pages to navigate directly there from an external system.
Note: Any system logging in to ASMS must have administrator permissions to access the Administrator areas.
For example, use the following URLs to link to AFA Administration areas:
Integrate FireFlow with external change management systems
FireFlow can be integrated with an organization's main Change Management System (CMS), such as BMC Remedy, HP Service Center and Service Manager (formerly Peregrine), and more. Communication between the two systems can be based on the following protocols:
The CMS's SOAP web service |
FireFlow can establish a uni-directional connection with a CMS's SOAP Web service. This enables FireFlow to send the CMS requests to open a change request or update its status. For details, see Integrate FireFlow via a CMS's Web Service . |
FireFlow can send email messages to the CMS and receive requests to open a change request or update its status via email. If the CMS has these same capabilities, it is possible to achieve an email-based integration. Email is the easiest protocol to configure and allows for bi-directional communication. For details, see Integrate FireFlow via email . |
Note: Regardless of the protocol selected, integrating FireFlow with a CMS requires customization on both sides.
Integrate ASMS with SIEM systems
Security information and event management (SIEM) solutions, such as Splunk and IBM QRadar, detect and analyze potential security breaches. The AlgoSec Security Management Suite (ASMS) manages security policies and augments them with business context. AlgoSec supports directly integrating with Splunk or IBM QRadar, enabling you to utilize AlgoSec's capabilities directly from your SIEM.
Note: AlgoSec additionally supports sending its logs to SIEM systems via syslog messages. For details, see Monitoring and syslog messages.
The AlgoSec Splunk App for Security Incident Response and the AlgoSec QRadar App for Security Incident Response provide the ability to better analyze security incidents, understand their impact, and quickly accomplish remediation. The applications enhance and automate the security incident response process in the following ways:
- Highlights the potential impact on business applications and business processes.
- Adds information regarding the infected server's exposure to the internet or access to sensitive internal networks. This provides the security analyst with key information about the severity and urgency of the incident.
- Automates the actions performed to contain the incident, such as isolating the infected server from the network.
For details, see Integrate ASMS with Splunk and Integrating ASMS with IBM QRadar .
The AlgoSec Splunk and IBM QRadar add-ons for Security Incident Response are distributed under the following license:
Copyright (c) 2019 AlgoSec Systems Ltd.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute and/or sublicense, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.