Custom Actions

Owned by Hannah Liberty, created
Last updated: Nov 03, 2023 by Marco Palella (Unlicensed)
5 min read

This document provides instructions on how to set up custom actions such as posting to Slack or Teams in your instance of Zilla. Zilla uses a Webhook, a URL exposed by a third-party service to connect. Follow the directions below to configure.

Connecting to IT Service Management

  1. In Settings, navigate to Custom Actions. You should see the Create Ticket Action. Select the pencil to edit this:

  1. Add the email(s) of your ticketing system(s) to configuration (comma separated if you have multiple):

 

This action will be used when you manually generate a ticket, if you are sending a ticket with a custom policy, or after an access review is completed. After a UAR, we will send one email per application with an attached CSV that contains all the revocations and changes made for that application.

 

  1. Parse emails into a ticket using workflows in your ITSM. This varies across platforms, and will be different for each ticketing system.

Connecting to Slack

  1. In settings, navigate to the Custom Actions box. Click on +Add Action. Name your action.
    Keep it concise because it will be the name you see in the Take Action menu (under 30 characters)

  2. In a separate window open api.slack.com, login into your slack instance, and select Create App. On the next page, click on From scratch.

     

  3. Name your application "Zilla Notifications" and indicate your workspace. Click Create App.

  4. Select Incoming Webhooks

  5. Activate webhooks by moving the slider to “on". Click on "Add New Webhook to Workspace"

     

  6. Indicate which channel you would like posts from Zilla to show up. Click Allow.

     

  7. Copy the URL that is generated

     

  8. Paste the URL into Add Custom Action dialog in Zilla. Make sure the slack channel matches what is indicated above.

     

  9. Click Save. This named action will now be available from the Take Action menu.

     

  10. Additional configuration for the Slack app: Navigate to https://api.slack.com/apps and click the “Zilla Notifications” app.

  11. Scroll down to Display Information and click + Add App Icon.

  12. Download the Zilla logo here and input into the selection dialog. Optionally fill in descriptions and click Save Changes.

Connecting to Teams

  1. In settings, navigate to the Custom Actions box. Click on +Add Action. Name your action.
    Keep it concise because it will be the name you see in the Take Action menu (under 30 characters)

  2. Select Type: "Teams"

 

  1. In a separate window, log into Microsoft Teams. Navigate to the channel you would like to have your notifications sent to, and follow This Guide to setup an incoming webhook integration on Microsoft Teams.

 

  1. Copy the Webhook URL provided to you and add it to the URL input field in Zilla Settings.

  2. Click Save. This named action will now be available from the Take Action menu.

     

Connecting to a Generic Webhook

  1. In settings, navigate to the Custom Actions box. Click on +Add Action Name your action. Keep it concise because it will be the name you see in the Take Action menu (under 30 characters)

  2. Select Type: Webhook

  3. Copy the URL from your destination application

  4. For steps 4-6, consult the documentation of your destination app to find the expected method, content type, and JSON structure for webhook requests. Select the method the webhook will use

  5. Enter the Content-Type, for example, application/json; charset=utf-8.

  6. Replace the sample JSON with your own custom code. Enter keywords in double brackets and Zilla will replace the keywords with relevant details when sending to the webhook.
    Currently supported keywords:

    • {{headline}} - A short summary of the message. Example: "Detected 42 Findings in Zilla Security that require attention."

    • {{body}} - Additional context and remediation steps. Example: "Please review and take any necessary action."

    • {{comment}} - The comment you added in Zilla when manually triggering the webhook.

  7. Click Save. This named action will now be available from the Take Action menu.

Adding an Email Distribution List

 

  1. In settings, navigate to the Custom Actions box. Click on +Add Action. Name your action. Keep it concise because it will be the name you see in the Take Action menu (under 30 characters)

  2. Select Type: Email

  3. Enter an email address. In needed, separate multiple email addresses with a comma.

  4. Click Save. This named action will now be available from the Take Action menu.

Having trouble? Please contact support@zillasecurity.com