You can configure Red Canary to ingest external alerts from a supported security product, allowing you to correlate external alerts with a process or endpoint in a centralized place where you can review and search all alerts ingested, the alert’s status, and results of any alert investigations.

Connecting a new alert source to Red Canary

You can configure Red Canary to receive alerts from your security products using a number of collection methods.

To add a new alert source:

1. Navigate to Record > External Alert Sources.
2. Start typing the name of your alert source. If your security product is not listed, click Suggest a new addition and let us know!
3. Select your alert source from the list.
4. Click the title of the alert source, then click Configure.
5. Follow the instructions on the form to select how Red Canary will receive alerts and in which format. Not all formats are supported; we prioritize the highest quality formats whenever possible.
6. Configure your security product to send alerts to the provided Red Canary email address or collector, or provide the information needed for API polling.

How can I test the integration?

For email-based alerts, trigger an alert/email in the source platform. There is no integrated test functionality for API-based alerts at this time.