All in on flexible and efficient integrations


Our users secure products and services developed by dozens of distributed technical teams. They rely on tools like Detectify to prioritize and triage vulnerability findings onward to development teams to remediate. This process is anything but straightforward, which is why we’re excited to see our users utilize our integration platform in ways that help them work efficiently alongside their tech teams. To continue benefiting from these improvements and ensure a seamless experience using integrations, users will need to switch to this platform by 15 October.

Users appreciate flexible integrations that support efficient workflows

Our users regularly cite that Detectify is intuitive to use. That’s reassuring because the Detectify team is driven by making it possible for AppSec teams to make sense of vulnerabilities on their attack surface, such as details about how we found the vulnerability, the affected asset, and its DNS footprint just to list a few dimensions. This context means that our users can automatically triage findings confidently, resulting in less friction caused by unclear vulnerability data.

Here are a few use cases from customers using our integration platform:

  • Meeting different needs within the dev org. This customer has an integration with Jira to assign severity automatically to tickets. They also have certain developers that want to receive every finding that is generated for their specific app when the rest of the organization only wants Medium or higher. We created rules for them that will work within their workflow and they can go in and update the recipe simply with any changes that they want to make. 
  • Enforcing Jira with flexible formatting to meet the needs of each team. Other customers want their developers to work 100% within their ticketing platforms. While this wasn’t possible with the original integrations, this is more than possible to do if you are leveraging our integration platform. Customers can now pick and choose what information gets passed through to their applications and format it the way they want it done. 
  • Bi-directional syncing with ticketing software. A select few power users have taken integrations to the next step by creating workflows that will update Detectify when a ticket has been resolved. This automates a large part of Security Engineers jobs within Detectify so they only need to check in on the progress when needed. 
  • Getting ahead of failing scans for Application Scanning. Customers have set up alerts to know automatically when one of their scan profiles have an error. We also see use cases where customers are using the integrations to let them know about new assets being added to their attack surface as well as any policy breaches. 

Through our integration platform, all customers have access to hundreds of vendors, such as common ticketing software like Jira and Splunk to collaboration tools like Slack.

Users will need to switch to our integration platform by 15 October

Until now we’ve had several methods for users to integrate with Detectify that will be replaced by our new integration platform. Over the last months we’ve seen how beneficial our integration platform has been to users seeking a flexible tool that automates steps in their workflows, like remediating vulnerabilities. Therefore, we’re requiring some users to switch to our new integration platform. 

Users who have one or more of the following providers should set up their integration using our new integration platform: OpsGenie, Zapier, Trello, Splunk, PagerDuty, Jira, and Slack.

Are you using one of the above providers and are wondering what you need to do before 15 October?

  • Check if you have any integrations listed on the legacy integrations page. If you have an integration listed under “Feeds” continue to the knowledge base for instructions on switching. 
  • For Application Scanning users, check your Scan Profile settings for any active integrations. You can follow the same instructions on our knowledge base.

Please note: email reports will still be available after 15 October. You can read more about what you need to do before 15 October on our changelog HERE.

Join our upcoming workshop to learn more about how it can help automate workflows

On Thursday 10 October we’re hosting workshops with customers to help them switch to our integration platform and take questions about other ways they can use it to automate their workflows. We’ll be joined by members of our Product Management and Customer Success teams as they tackle the following:

  • Setting up integrations for vulnerabilities. They’ll go through how to work with existing templates directly in the tool and how you can modify them to accommodate how your teams work with remediation.
  • Setting up integrations for policy alerts. Users can also be alerted when a policy is breached, such as open ports associated with the recent CUPS vulnerability
  • Q&A. We’ll take some time at the end of the session to answer any questions you may have about other capabilities of the platform.

This workshop is open to customers and non-customers and will be hosted at different times to suit multiple time zones. Folks in US time zones can RSVP here and those in EU time zones can RSVP here.

Are you interested in learning more about Detectify? Start a 2-week free trial or talk to our experts.



Source link