External system integration

Relevant for: System administrators

This section describes how to integrate ASMS with external systems, such as linking directly to the Administration areas, CLI tools for batch operations, and SIEM systems.

Important: AlgoSec does not approve installing any agent on ASMS appliances (physical/virtual/cloud).

Tip: For more details, see Run CLI batch processes and the ASMS API reference.

Link to Administration pages

Link directly to ASMS Administration pages to navigate directly there from an external system.

Note: Any system logging in to ASMS must have administrator permissions to access the Administrator areas.

For example, use the following URLs to link to AFA Administration areas:

Administration Page

URL

Options tab

<afa_address>/afa/php/options.php

Scheduler tab

<afa_address>/afa/php/scheduler.php

Devices setup page to add a new device

<afa_address>/afa/php/data_collection.php?action=add_device

Devices setup page to add a new group

<afa_address>/afa/php/data_collection.php?action=add_group

Devices setup page to edit an existing group

<afa_address>/afa/php/data_collection.php?action=edit_group&group_id=<group_id)

where group_id is the group tree name

Integrate FireFlow with external change management systems

FireFlow can be integrated with an organization's main Change Management System (CMS), such as BMC Remedy, HP Service Center and Service Manager (formerly Peregrine), and more. Communication between the two systems can be based on the following protocols:

The CMS's SOAP web service

FireFlow can establish a uni-directional connection with a CMS's SOAP Web service. This enables FireFlow to send the CMS requests to open a change request or update its status.

For details, see Integrate FireFlow via a CMS's Web Service .

Email

FireFlow can send email messages to the CMS and receive requests to open a change request or update its status via email. If the CMS has these same capabilities, it is possible to achieve an email-based integration.

Email is the easiest protocol to configure and allows for bi-directional communication.

For details, see Integrate FireFlow via email .

Note: Regardless of the protocol selected, integrating FireFlow with a CMS requires customization on both sides.

Integrate ASMS with SIEM systems

Security information and event management (SIEM) solutions, such as Splunk and IBM QRadar, detect and analyze potential security breaches. The AlgoSec Security Management Suite (ASMS) manages security policies and augments them with business context. AlgoSec supports directly integrating with Splunk or IBM QRadar, enabling you to utilize AlgoSec's capabilities directly from your SIEM.

Note: AlgoSec additionally supports sending its logs to SIEM systems via syslog messages. For details, see Configure ASMS to generate and send syslog messages .

The AlgoSec Splunk App for Security Incident Response and the AlgoSec QRadar App for Security Incident Response provide the ability to better analyze security incidents, understand their impact, and quickly accomplish remediation. The applications enhance and automate the security incident response process in the following ways:

  • Highlights the potential impact on business applications and business processes.
  • Adds information regarding the infected server's exposure to the internet or access to sensitive internal networks. This provides the security analyst with key information about the severity and urgency of the incident.
  • Automates the actions performed to contain the incident, such as isolating the infected server from the network.

For details, see Integrate ASMS with Splunk and Integrating ASMS with IBM QRadar .