/
Custom Actions

Custom Actions

Overview

Zilla supports custom actions such as posting to Slack or Teams in your Zilla tenant using a webhook (a URL exposed by a third-party service) to connect.

Scope: Admins

This article covers the following topics:

Prerequisites

  • Admin account with Zilla Security

  • Access to set up webhooks in your desired application

Connecting to IT Service Management

  1. Log in to Zilla as an admin and click the Settings tab on the left side of the page. On the Discovery & Configuration tab, expand the Custom Actions dropdown and you should see the Create Ticket Action. Click the pencil to the right of the Description of Action to edit the Custom Action.

  1. Add the email(s) of your ticketing system(s) to the Ticketing System Email Address field. If there are multiple email addresses, separate them with a comma.

This action will be used when you manually generate a ticket, if you are sending a ticket with a custom policy, or after an access review is completed. After a UAR, one email per application will be sent with an attached CSV that contains all the revocations and changes made for that application.

  1. Parse emails into a ticket using workflows in your ITSM. This varies across platforms and will be different for each ticketing system.

Connecting to Slack

  1. Log in to Zilla as an admin and click the Settings tab on the left side of the page. On the Discovery & Configuration tab, expand the Custom Actions dropdown and click + Add Action.

  2. Type a concise name (under 30 characters) into the Action Name field. This will be the name you see in the Take Action menu.

  3. Select Slack from the Type dropdown.

  1. In a separate window open api.slack.com, log in into your Slack instance, and click Create App. On the next page, select From scratch.

  1. Name your application Zilla Notifications and indicate your workspace. Click Create App.

  1. Under Basic Information, click Incoming Webhooks.

  1. Toggle Activate Incoming Webhooks to On. Click Add New Webhook to Workspace.

 

  1. Select a channel to receive Zilla Notifications posts and click Allow.

 

  1. Copy the URL that is generated.

 

  1. Paste the URL into the URL field of the Add Custom Action dialog in Zilla. Make sure the Channel Name matches the name in Slack.

 

  1. Click Save. This named action will now be available from the Take Action menu.

 

  1. To further configure the Slack app, navigate to https://api.slack.com/apps and select the Zilla Notifications app.

  1. Download the Zilla logo here. In slack api, scroll down to Display Information, click + Add App Icon and upload the Zilla Logo.

  1. Fill in the short and long descriptions (optional) and click Save Changes.

Connecting to Teams

  1. Log in to Zilla as an admin and click the Settings tab on the left side of the page. On the Discovery & Configuration tab, expand the Custom Actions dropdown and click + Add Action.

  2. Type a concise name (under 30 characters) into the Action Name field. This will be the name you see in the Take Action menu.

  3. Select Teams from the Type dropdown.

  1. Log in to Microsoft Teams, choose a channel to receive Zilla Notifications posts, and follow these steps to setup an incoming webhook integration on Microsoft Teams.

  2. Copy the Teams webhook URL paste it in the URL field in the Add Custom Action dialog.

  1. Click Save. This named action will now be available from the Take Action menu.

Connecting to a Generic Webhook

  1. Log in to Zilla as an admin and click the Settings tab on the left side of the page. On the Discovery & Configuration tab, expand the Custom Actions dropdown and click + Add Action.

  2. Type a concise name (under 30 characters) into the Action Name field. This will be the name you see in the Take Action menu.

  3. Select Webhook from the Type dropdown.

  4. Copy the URL from your destination application and paste it in the URL field in the Add Custom Action dialog.

  5. For steps 6-8, refer to your destination app’s documentation to determine the expected method, content type, and JSON structure for webhook requests. Select the method the webhook will use.

  6. Select the appropriate Method from the dropdown in the Add Custom Action dialog.

  7. Enter the Content-Type into the Content-Type (HTTP Header) field of the Add Custom Action dialog. For example, application/json; charset=utf-8.

  8. Replace the sample JSON with your own custom code. Zilla will replace keywords in double brackets with relevant details when sending to the webhook. Currently supported keywords:

    • {{headline}} - A short summary of the message. Example: "Detected 42 Findings in Zilla Security that require attention."

    • {{body}} - Additional context and remediation steps. Example: "Please review and take any necessary action."

    • {{comment}} - The comment you added in Zilla when manually triggering the webhook.

  1. Click Save. This named action will now be available from the Take Action menu.

Adding an Email Distribution List

  1. Log in to Zilla as an admin and click the Settings tab on the left side of the page. On the Discovery & Configuration tab, expand the Custom Actions dropdown and click + Add Action.

  2. Type a concise name (under 30 characters) into the Action Name field. This will be the name you see in the Take Action menu.

  3. Select Email from the Type dropdown.

  4. Enter an email address. If needed, separate multiple email addresses with a comma.

  1. Click Save. This named action will now be available from the Take Action menu.

If you encounter any issues, please refer to our troubleshooting articles or visit support.zillasecurity.com and submit a ticket. Our support team will assist you in resolving the problem as quickly as possible.