Integrations Overview
Infracast integrates with your existing toolchain to push findings, sync inventory, trigger alerts, and authenticate users. Integrations are configured under Settings → Integrations.
Available Integrations
| Integration | Type | Use Cases |
|---|---|---|
| ServiceNow | API-based | CMDB sync, incident creation, POA&M sync |
| Splunk | API-based (HEC) | Finding export, SIEM dashboards |
| Elastic / ELK | API-based | Finding export, Kibana dashboards |
| Jira | API-based | Finding → ticket, POA&M → issue sync |
| Slack | Webhook | Alert notifications, discovery events |
| Microsoft Teams | Webhook | Alert notifications |
| Okta SSO | SAML/OIDC | Single sign-on, user provisioning |
Integration Types
API-Based Integrations
API-based integrations connect to an external system's REST API to push or pull data. Infracast initiates outbound HTTPS connections using credentials you provide (API keys, OAuth tokens, or username/password).
Examples: ServiceNow, Splunk, Elastic, Jira
Configuration typically requires:
- The external system's instance URL
- An API key or service account credentials
- Configuration for what data to sync (which findings, which fields)
Webhook-Based Integrations
Webhook-based integrations push JSON payloads to a URL when specific events occur in Infracast. The receiving system (Slack, Teams) processes the payload and displays it.
Examples: Slack, Microsoft Teams
Configuration requires:
- An incoming webhook URL generated in the destination system
- Event trigger configuration (which events send notifications)
SSO Integrations
SSO integrations delegate authentication to an external identity provider using SAML 2.0 or OIDC. Users log into Infracast using their existing corporate credentials.
Examples: Okta
Configuration requires:
- Your identity provider's SAML metadata or OIDC discovery URL
- An application registration in the IdP
Configuring Integrations
All integrations are configured in the Infracast web UI under Settings → Integrations:
- Click Add Integration
- Select the integration type
- Enter the required configuration fields (instance URL, credentials, mappings)
- Click Test Connection to validate connectivity
- Click Save
Integrations can also be managed via the Infracast REST API:
# List configured integrations
GET /api/v1/tenants/{tenantID}/integrations
# Create a new integration
POST /api/v1/tenants/{tenantID}/integrations
# Update an integration
PUT /api/v1/tenants/{tenantID}/integrations/{integrationID}
# Delete an integration
DELETE /api/v1/tenants/{tenantID}/integrations/{integrationID}
Integration Events
Integrations are triggered by the following Infracast events:
| Event | Description |
|---|---|
| New Finding | A new vulnerability, misconfiguration, or policy violation is created |
| Finding Severity Change | A finding's severity is escalated or de-escalated |
| Discovery Complete | A discovery job finishes (success or failure) |
| Asset Created | A new asset appears in the Infracast graph |
| POA&M Updated | A Plan of Action and Milestones item is created or updated |
Each integration type supports a configurable subset of these events.
Security Considerations
- Credentials stored in integration configurations are encrypted at rest using AES-256
- Test connection requests are made from the Infracast backend, not the browser
- Webhook URLs should use HTTPS endpoints; HTTP webhook targets generate a warning
- For API integrations, use dedicated service accounts with minimal permissions rather than personal accounts