Twistlock

Twistlock is the cloud native cybersecurity platform for modern applications. From vulnerability management to runtime defense and firewalls, Twistlock offers complete security for cloud native apps.

Overview

When Twistlock detects anomalies, it generates alerts. Alerts are raised when the rules that make up your policy are violated. You can configure Twistlock to route alerts to PagerDuty.

Configure PagerDuty

  1. Go to the Configuration menu and select Services.
  2. On the Services page:
    • If you are creating a new service for your integration, click Add New Service.
    • If you are adding your integration to an existing service, click the name of the service you want to add the integration to. Then click the Integrations tab and click the New Integration button.
  3. Select Use our API directly with Events v2 API selected from the Integration Type menu.
  4. Enter an Integration Name. If you are creating a new service for your integration, in General Settings, enter a Name for your new service. Then, in Incident Settings, specify the Escalation Policy, Notification Urgency, and Incident Behavior for your new service.
  5. Click the Add Service or Add Integration button to save your new integration. You will be redirected to the Integrations page for your service.
  6. Copy the Integration Key and set it aside. You’ll use it to configure the integration in Twistlock Console.

Configure Twistlock

Configure Twistlock to route alerts to PagerDuty.

  1. Log into Twistlock Console.
  2. Go to Manage > Alerts > Manage.
  3. Select the PagerDuty tab.
  4. Set Enabled to On.
  5. In Routing Key, paste the integration key you copied from PagerDuty.
  6. Click Verify to validate that the integration with PagerDuty is properly configured.
  7. Click Save.

Send a test alert

Trigger a test alert, then view it in PagerDuty.

  1. In Twistlock Console, got to Manage > Alerts > Manage.
  2. Under Alert profiles, click Add profile.
  3. Enter a profile name, such as PagerDuty test.
  4. Select the PagerDuty tab.
    • Enabled: On.
    • Summary: Container runtime alerts.
    • Severity: Info.
  5. Under Alert types, select Container Runtime.
  6. Click Send Test Alert.
  7. Go to PagerDuty.
  8. In the Twistlock service, open the Incidents tab, where you’ll find the test alert.