You can use email as a notification method, and you can forward alerts from the StackRox Kubernetes Security Platform to a standard email provider. This topic explains how to integrate the StackRox Kubernetes Security Platform with your email provider.
To forward alerts from the StackRox Kubernetes Security Platform to an email address, you can either use:
- Default recipients
- Deployment annotations
Create a new integration in the StackRox Kubernetes Security Platform by using the email plugin notifier:
- Navigate to Platform Configuration > Integrations.
- Under the Plugins section, select Email.
- Select the New Integration icon.
- Enter a name for your email integration in the Integration Name.
- For Email Server, enter the address of your email server.
- Enter Username and Password to use for authentication.
- (Optional) For FROM, specify the
- For SENDER, specify the
- Enter the email address on which to send the notifications in the Default Recipient box or enter an annotation key for Annotation Key For Recipient.
- (Optional) Turn on the Connect Without TLS (Unencrypted) toggle to send email without TLS. We recommend that you don’t disable TLS unless you are using StartTLS.
- (Optional) To use StartTLS, either select Login or Plain for the Use STARTTLS (Requires TLS To Be Disabled) drop-down.
We recommend using TLS for email notifications. Without TLS, all email is sent unencrypted.
We don’t recommend using StartTLS because unencrypted credentials are sent to the email server during authentication.
- StartTLS with the login parameter sends authentication credentials in a
- StartTLS with the plain parameter sends authentication credentials to your mail relay in plaintext.
To send email through an annotation in your deployment:
- Add an annotation similar to the following example in your deployment YAML
file where email is the Annotation key that you specify in your email
annotations: email: firstname.lastname@example.org
Once configured, if a deployment has the annotation, the StackRox Kubernetes Security Platform sends the alert to the email specified in the annotation. Otherwise, it sends the alert to the default recipient.
- Navigate to Platform Configuration > System policies.
- Select the check boxes for one or more policies for which you want to send alerts.
- Select Enable Notifications or Actions > Enable Notification (depends upon the StackRox Kubernetes Security Platform version you are using).
- In the Enable Notifications dialog, select the check box for the email notifier (same as the Integration Name). If you haven’t configured any other integrations, you’ll see the message No notifiers configured!.
- Select Enable.
The StackRox Kubernetes Security Platform sends notifications on an opt-in basis. To receive notifications, you must first assign a notifier to the policy.
Notifications are only sent once for a given alert. If you have assigned a notifier to a policy, you won’t receive a notification unless a violation generates a new alert. The StackRox Kubernetes Security Platform creates a new alert when:
- a policy violation occurs for the first time in a deployment, or
- a runtime-phase policy violation occurs in a deployment after you resolved the previous runtime alert for that policy in that deployment.
We're happy to help! Reach out to us to discuss questions, issues, or feature requests.