Integrations#

What Integrations Are#

Integrations connect SilentBolt to your external communication and project management tools. When significant events occur — a scan completes, a critical finding is discovered, a finding is escalated — SilentBolt automatically sends notifications to your configured integrations.

Integrations are outbound only: SilentBolt pushes events to external services. It does not currently pull data from them.

Why Integrations Matter#

Security events need to reach the right people at the right time through the channels they already use. Without integrations, analysts must log into SilentBolt to check for updates. With integrations:

  • Critical findings trigger immediate alerts in your team's chat channel.
  • Scan completions automatically create tickets in your project tracker.
  • Security events become visible alongside your other operational workflows.

Who Uses This#

  • Security analysts — receive real-time alerts without watching the dashboard constantly.
  • Team leads — get notified when scans complete or critical issues emerge.
  • DevOps teams — receive findings as GitHub Issues for tracking in their existing workflow.
  • MSSP operators — route client notifications to the appropriate channels.

Supported Integration Providers#

Provider Mechanism Best For
Microsoft Teams Incoming Webhook Team-wide notifications in chat channels
Telegram Bot API Lightweight mobile-friendly alerts
GitHub Issues API Creating issue tickets from findings
Jira Cloud API Enterprise ticket/issue creation and tracking

What Events Are Sent#

SilentBolt emits integration events at specific points in the platform workflow:

Event When It Fires Typical Use
scan.completed A scan finishes successfully Notify the team that results are ready for review
finding.created A critical or high-severity finding is detected Immediate alert for urgent issues
finding.escalated A finding's severity or status is escalated Alert when an issue becomes more urgent

Each event includes context: domain name, scan ID, finding title/severity, and a link back to the SilentBolt UI for full details.

For a comprehensive list, see Reference: Integration Events.

How to Configure an Integration#

Step 1: Navigate to Integrations#

Click Integrations in the main navigation. You'll see the list of active integrations for your company.

Step 2: Add an Integration#

Click Add Integration and select the provider type.

Step 3: Configure the Provider#

Each provider requires different configuration:

Microsoft Teams#

  1. Create an Incoming Webhook in your Teams channel (Teams → Channel Settings → Connectors → Incoming Webhook).
  2. Copy the webhook URL.
  3. Paste the URL into SilentBolt's integration configuration.

Telegram#

  1. Create a Telegram Bot via @BotFather.
  2. Get the bot token.
  3. Add the bot to your target chat/group and get the chat ID.
  4. Enter the bot token and chat ID in SilentBolt.

GitHub#

  1. Generate a GitHub Personal Access Token with repo scope.
  2. Enter the token, repository owner, and repository name.
  3. SilentBolt will create Issues in the specified repository.

Jira#

  1. Create a Jira API token for your Atlassian account.
  2. Enter the Jira base URL, email, API token, and project key.
  3. SilentBolt will create issues in the specified Jira project.

Step 4: Select Events#

Choose which events should be sent to this integration. You can configure multiple integrations with different event subscriptions.

Step 5: Test the Connection#

Click Test Connection to send a test event to the provider. Verify that the notification arrives in the expected channel/inbox.

Step 6: Activate#

Save and activate the integration. Events will now be dispatched automatically.

Delivery, Retry, and Logging#

SilentBolt tracks every event dispatch:

  • Dispatch logs record the event type, payload, destination, delivery status, and timestamp.
  • Retry logic — if delivery fails (e.g., webhook returns an error, API is temporarily unavailable), SilentBolt retries the delivery.
  • Failure visibility — failed dispatches are visible in the integration's dispatch log, including error messages.

You can view dispatch logs for any integration in its detail page.

Common Actions#

Action How
View all integrations Integrations (top nav)
Add a new integration Integrations → Add Integration
Edit integration config Integrations → select → Edit
Test a connection Integration detail → Test Connection
View dispatch logs Integration detail → Dispatch Logs
Deactivate an integration Integration detail → Deactivate
Delete an integration Integration detail → Delete

Best Practices#

  • Test before relying on an integration. Always use the Test Connection feature after initial setup. A misconfigured webhook URL or expired API token will silently fail.
  • Be selective with events. Don't subscribe integrations to all event types unless necessary. A high-volume domain that generates many findings can flood a Teams channel.
  • Use separate channels for different severity levels. Consider routing critical-only findings to a high-urgency channel and all findings to a broader channel.
  • Rotate API tokens regularly. Especially for GitHub and Jira integrations where tokens have broad repository or project access.
  • Monitor dispatch logs periodically. Check for persistent delivery failures that could indicate a revoked token or changed webhook URL.

Security Considerations#

  • Credentials storage — integration configuration (webhook URLs, API tokens) is stored encrypted in the database. Credentials are decrypted only in-process during dispatch.
  • Tenant isolation — integrations are company-scoped. One tenant's integrations and events are invisible to another.
  • Outbound only — SilentBolt sends data out but does not accept inbound calls from integration providers. No attack surface is added by enabling integrations.
  • Sensitive data in payloads — event payloads include finding titles, severities, and domain names. Be aware that this information is transmitted to the external service. Ensure your receiving channels have appropriate access controls.

Edge Cases and Warnings#

  • Webhook URL changes — if you regenerate a Teams webhook URL or change a Telegram bot, you must update the integration config in SilentBolt. The old URL will return errors.
  • Rate limits — external services may rate-limit incoming requests. A scan that generates 50 critical findings will dispatch 50 events in rapid succession. Some providers may throttle or reject messages.
  • GitHub Issues duplication — each finding.created event creates a new GitHub Issue. SilentBolt does not currently deduplicate across events or check for existing issues with the same title.
  • Jira project permissions — the API token user must have permission to create issues in the specified Jira project. Permission errors will appear in dispatch logs.

Future Improvements#

  • Slack integration — support for Slack Incoming Webhooks and Slack App.
  • Email integration — direct email notifications for stakeholders who don't use chat tools.
  • Webhook (generic) — custom HTTP webhook for any service that accepts HTTP POST.
  • Event filtering by domain — subscribe to events only for specific domains, not all scans.
  • Two-way integration — pull status updates from Jira (e.g., when a ticket is closed, mark the finding as resolved).
  • Custom payload templates — control the format and content of integration messages.
  • PagerDuty / Opsgenie — incident management integration for critical finding escalation.

Related Pages

ScansFindingsReference: Integration EventsGlossary
PreviousAttack Orchestration
NextWorkflow: Exporting Reports