Opus Onboarding Overview
In the following guide we'll describe the various types of integrations Opus has to offer and where you can benefit from configuring them.
As Opus is a connective tissue between your security tools, your security team and the rest of the organization such as developers and engineers, it is most beneficial to connect it to your security tools, the cloud environments & accounts, the ticketing tools and of course you code management solution.
we'll start by defining your organization, connecting to your cloud environment and security tools, and configuring applications for your environment.
Define your Organization
In Opus you can define your organizational structure to help you with teams and department association of services as well as findings. this helps you better report, manage the dashboards and also communicate better with your colleagues using automated reports as well as notifications.
☁ Connect to your Cloud ☁
connecting to your cloud accounts in AWS or Azure will allow Opus to read information about the applications as well as help with remediation actions if you choose to allow write permission. this allows enrichment from tags, resolve resource ownership from logs and give you the complete visibility Opus is able to provide
🈸 Create you Application 🈸
Next we'll create and an application or business unit definition for your first Applications and associate it with the chosen cloud environments - this allows Opus to associate security findings and relevant cloud resources with your application, determine business criticality based on application & environment types criticality such as development / production / staging, etc.
🔐Connect your Security Tools 🔐
Security tools or finding source like we call them in Opus, are the main tools which will feed security findings to Opus so that we could start working on remediation. You can choose to integrate currently a variety of tools including Orca Security, Wiz and AWS Security hub
🎫Integrate with your ticketing solution🎫
Next thing to integrate would be your ticketing tools such as Jira or Azure DevOps, with such integrations Opus could create tickets for the relevant owners which were identified in the security finding ingestion, assign tickets, and follow up on their progress, allow reporting and even verify resolution with the security tools which you configured earlier.
☁ Have your Cloud-to-Code fixes up and running </>
In order to provide a holistic view around remediation we would benefit by connecting to your code repositories, for example GitHub or Azure DevOps. With this integration you allow Opus to read your code and even generate Pull-Requests for fixes in your code where for example vulnerabilities are being introduced by docker files or other application manifests.
🙌Collaborate🙌
Last but not least is to keep your colleagues informed, Opus will let your Engineers & Developers know when a ticket was assigned to them, let them have an overview of their open findings and also notify groups or channels when something got resolved. that can be done by using the Teams & Slack integratio
Updated 10 months ago