Threat Stack Enhances Integration Framework to Unify Security and Operations Teams

New Integrations Bring Rich, Context-driven Information from Threat Stack to SIEM, Security Analytics, and DevOps Tools; Enables Proactive Cloud Security Management

BOSTON--()--Threat Stack, provider of the industry’s most comprehensive intrusion detection platform for cloud, hybrid-cloud, and on-premise environments, today announced enhancements to its integration framework to enable deep security insights and continuous improvement across Security and Operations teams. The framework expands Threat Stack’s existing integrations with Slack, VictorOps, and PagerDuty to industry-leading security analytics and SIEM platforms like Splunk, Sumo Logic, and Graylog to unify security and operations teams and enable proactive, automated cloud security management.

The Threat Stack integration framework is powered by a combination of RESTful APIs and Webhooks to allow customers to consume the rich, context-driven information from Threat Stack in a variety of use cases for alert, event, vulnerability, and threat analytics. It also allows customers to drive notifications and remediation workflows via integration with systems like OpsGenie, Jira, GitLab, and more.

“Threat Stack has always provided unprecedented data and context for customers to respond to security incidents,” said Aditya Joshi, Threat Stack EVP of Products and Technology. “The data-rich insights enabled by our enhanced integrations allow Security teams’ value to shift from point-in-time reaction to proactive risk reduction with powerful analytics that highlight patterns and trends across their environments. We’ve seen customers realize this value in how they understand and communicate risk across their own organizations and to their customers.”

Threat Stack recently released research that found a significant gap when it comes to practicing SecOps, which unites security principles and standards within DevOps practices. Sixty percent of respondents admit that security is not being integrated into DevOps processes today. Threat Stack’s integration framework helps companies break down silos between security and operations by bridging valuable insights that can drive shared operational team goals.

Integration Framework Enables Security & Customer Value

The Threat Stack integration framework allows DevOps teams to build custom workflows based on security alerts, while security teams benefit from the combination of Threat Stack data with feeds to tools and services like Splunk, Graylog, Sumo Logic, AWS S3, and Glacier. Several Threat Stack customers are using the integration framework for a wide variety of use cases.

Enabling Frictionless SecOps with OpsGenie Integration – With Threat Stack integration, OpsGenie acts as a dispatcher for alerts, determining the right people to notify based on on-call schedules, notifying them using email, text messages (SMS), phone calls, and iPhone and Android push notifications, and escalating alerts until the alert is acknowledged or closed. This allows operations teams to monitor Threat Stack alerts in the same place they’re already working, saving them time, while decreasing the likelihood they’ll miss something important that could cause a breach.

Improving Security Posture with SIEM Integration – Beyond the insight Threat Stack provides into cloud infrastructure where it is deployed, Threat Stack data also can be used to enhance and provide context to other feeds. For example, combining Threat Stack data with Guard Duty in a SIEM provides valuable user and application context for network events that the SIEM receives.

Driving Security Prioritization through Security Orchestration with Graylog Integration – Threat Stack leveraged its own integration framework to develop an internal security orchestration application that pulled from Threat Stack data, internal apps, and vendor data sources from operations that extend beyond AWS – aggregating them into Graylog to analyze trends from alert data, and ultimately automate workflows to Ops with security insight. This integration provided enhanced visibility across forensic data to enable Security and Operations teams to drive improved security policy.

To download the full Threat Stack SecOps research report, please go to

About Threat Stack
Threat Stack enables companies to scale securely and meet complex cloud security needs by identifying and verifying insider threats, external attacks, and data loss in real time. Purpose built for today’s infrastructure, Threat Stack’s comprehensive intrusion detection platform combines continuous security monitoring and risk assessment to empower security and operations to better manage risk and compliance across their entire infrastructure, including cloud, hybrid-cloud and multi-cloud.

For more information, or to start a free cloud security trial, visit


fama PR for Threat Stack
Ted Weismann, 617-986-5009


fama PR for Threat Stack
Ted Weismann, 617-986-5009