إنتقل إلى المحتوى الرئيسي

External Integrations

AuroraSOC integrates with ticketing systems, notification channels, and identity providers.

Notification Channels

Configure notification channels via environment variables:

ChannelVariablesSeverity Routing
SlackAURORA_SLACK_WEBHOOK_URLCritical, High, Medium
Microsoft TeamsAURORA_TEAMS_WEBHOOK_URLCritical, High, Medium
PagerDutyAURORA_PAGERDUTY_ROUTING_KEYCritical, High
Email (SMTP)AURORA_SMTP_HOST, AURORA_SMTP_PORT, AURORA_SMTP_USER, AURORA_SMTP_PASS, AURORA_SMTP_FROMCritical, High

Default Routing Rules

  • Critical → PagerDuty + Slack + Teams + Email
  • High → Slack + Teams + Email
  • Medium → Slack + Teams
  • Low → Slack only
  • Info → No notification

Testing

curl -X POST http://localhost:8000/api/v1/integrations/notifications/test \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"channel": "slack", "severity": "info", "message": "Test from AuroraSOC"}'

Ticketing Integration

Jira

AURORA_JIRA_URL=https://yourcompany.atlassian.net
AURORA_JIRA_USER=automation@company.com
AURORA_JIRA_API_TOKEN=your-api-token
AURORA_JIRA_PROJECT=SOC

Features:

  • Auto-creates issues from cases (severity maps to Jira priority)
  • MITRE techniques added as labels
  • Bidirectional comment sync
  • Webhook receiver at POST /api/v1/integrations/jira/webhook

ServiceNow

AURORA_SNOW_INSTANCE=yourcompany
AURORA_SNOW_USER=aurora_integration
AURORA_SNOW_PASSWORD=your-password

Features:

  • Creates incidents from cases
  • Maps severity to impact/urgency
  • State sync on case status changes
  • Webhook receiver at POST /api/v1/integrations/servicenow/webhook

Integration Health

GET /api/v1/integrations/status

Returns connectivity status for all configured providers.

SSO / OIDC

See Authentication for OIDC and SAML configuration.

SCIM Provisioning

AuroraSOC exposes SCIM 2.0 endpoints for automated user provisioning:

  • POST /api/v1/auth/scim/v2/Users - Create user
  • GET /api/v1/auth/scim/v2/Users - List users
  • PUT /api/v1/auth/scim/v2/Users/{id} - Update user
  • DELETE /api/v1/auth/scim/v2/Users/{id} - Deactivate user

Configure your IdP (Okta, Entra ID, etc.) to point at these endpoints with a Bearer token.