Coralogix security integration

The Coralogix security integration snap-in enables automatic creation and management of DevRev issues based on security alerts from your Coralogix instance. This integration helps streamline your security incident response workflow by bringing Coralogix alerts directly into your DevRev workspace.

Features

Automatic creation of issues in DevRev when Coralogix security alerts are triggered
Rich context integration with detailed alert information
Smart priority mapping between Coralogix severity and DevRev priorities
Structured custom fields for enhanced alert tracking

Installation

Go to the Settings > Integrations > Snap-ins.
Search for Coralogix Security Integration and click Install.
Configure the snap-in settings:
- Select the default Part ID for issue creation
- (Optional) Set a default owner for created issues
- (Optional) Configure tags to be added to issues
- Click Save > Install
After installation, you receive:
- A webhook URL
- A secret signature key

Configure coralogix webhook

In your Coralogix console, go to Data Flow > Outbound Webhooks > Generic Webhook.
Click Add new webhook destination.
Configure the webhook:
- Set the HTTP method to POST
- Paste the copied webhook URL in the URL field
- Add the following header for authentication:
```
1 X-DevRev-Signature: <your-secret-signature-key>
```
  Replace <your-secret-signature-key> with the signature key provided during installation.
Configure the payload format according to your alert requirements.

The secret signature key is used to verify that webhook requests are genuinely from your Coralogix instance. Keep it confidential and never share it publicly.

Custom fields

The integration creates and populates the following custom fields for each issue:

Field Name	Description
Alert Name	Name of the triggered security alert
Alert Action	Action taken by Coralogix
Alert Event Timestamp	Time when the alert was triggered
Application Name	Affected application or service
Alert URL	Direct link to the alert in Coralogix
Alert Metadata	Structured alert details and context

Priority mapping

The integration automatically maps Coralogix severity levels to corresponding DevRev priorities:

Coralogix Severity	DevRev Priority
critical	P0
error	P1
warning	P2
info	P3

Using the Integration

Once configured, the integration works automatically:

When a security alert is triggered in Coralogix, it sends the alert data to DevRev.
The snap-in validates the webhook signature.
Upon successful validation, it creates a new issue with:
- Alert details in the description
- Mapped priority level
- Configured tags
- Assigned owner (if specified)
- Populated custom fields

Troubleshooting

If you encounter issues with the integration:

Verify the webhook URL is correctly configured in Coralogix.
Ensure the signature header is set with the correct secret key.
Check that the snap-in configuration has the correct Part ID.
Review the webhook delivery logs in Coralogix for any authentication errors.
Verify that the secret signature key is correctly formatted in the header.