HomeMITRECVE JournalCarbonpediaDocsReleases
Integrations

Integrations

This article explains how to configure and manage integrations for customers in RedCarbon.

Overview

Integrations connect RedCarbon to external security vendors and tools, allowing automatic collection of alerts and cases. Each customer can have multiple integrations configured for different security products.

For detailed configuration instructions for each vendor, see the integration guides in the Integrations section.

Creating an Integration

To create a new integration:

  1. Navigate to Organization Admin > Customers.
  2. Click on the customer name to open the details.
  3. Click Add integration.
  4. Select the integration type from the available vendors.
  5. Follow the specific integration guide to configure the required fields (host, API key, etc.). See the Integrations section for vendor-specific guides.
  6. Click Save to create the integration.
  7. Click the Test button to verify the connection.
  8. Once the health check passes (shows Active), click Enable in the top right corner.
Integration Activity

Integration Status

Integrations can have the following statuses:

StatusDescription
ActiveIntegration is running and collecting alerts
PausedIntegration is temporarily paused
Not activeIntegration is disabled or has errors
IngestingIntegration is actively collecting data

API Query Chart

The chart at the top of the integration details shows the API query activity:

  • new: Standard periodic queries for new alerts
  • lost-found: Queries that search for missed alerts in the new APIs (fallback 1)
  • fallback: Recovery queries to collect any missed alerts (fallback 2)
Integration API

Logs Activity

The Logs Activity section at the bottom shows:

  • Actions performed by users (enabled, disabled, configuration changes)
  • Health check status updates
  • Errors and warnings from the integration

Mirroring (Beta)

The Mirroring feature allows automatic synchronization from RedCarbon to the vendor. For more information, see the Case Mirroring page.

Best Practices

  • Test Before Enabling: Always run the health check before enabling an integration.
  • Monitor Logs: Regularly check the Logs Activity for errors or warnings.
  • Review API Activity: Use the API query chart to ensure data is being collected correctly.