Arnica Chat Integration
Arnica’s chat integration allows you to interact with the Arnica solution directly from your existing collaboration tools such as Slack and Teams to complete mitigations, respond to threats, request permissions, and push notifications and alerts to developers without interrupting their normal development process.
Below are some of the primary features that Arnica provides for Slack and Teams.
Arnica Notifications Channel:
The Notification channel pushes Arnica notifications directly to your chat, including ingestion and analysis job completion alerts, notifications for when risks are mitigated, or mitigations are reversed. The Arnica notifications channel can also be used to review and grant permissions requests submitted through the self-service permissions bot.
Arnica Self Service Permissions
An Arnica self-service access provisioning bot will be accessible by typing “/Arnica” into slack or teams which prompts the Arnica permissions window. This window will allow users to request access to a specific org, repo, and permission level. Based on policies set out within Arnica, these requests can be automatically granted, or result in requests being sent to the notifications channel.
Secret Detection Alerts
The Arnica chat bot can be configured to alert developers directly when a hardcoded secret is identified within a pull request, allowing them to remove the secret before it becomes a risk. These alerts are triggered in real time, and are sent directly to the developer responsible for the pull request. They can also include one-click mitigations, or automated mitigations that remove the secret and erase any history of the secret within the merged branch.
Anomaly Detection Alerts
The Arnica chat bot can be configured to alert developers to code anomalies and abnormal developer behavior directly through chat integration, ensuring that developers see real-time activity on their accounts. These alerts can be configured to flag potentially malicious code, request confirmation of recently pushed code changes, and even protect against account takeovers by requiring the developer to confirm they were responsible for the action flagged.