Appearance
Understand Integrations
AttackLens integrations connect your exposure management workflow to external systems, enabling automated issue tracking and AI-assisted security analysis. Integrations eliminate the manual effort of copying findings into ticketing systems and provide intelligent access to your security data through AI assistants.
Integration Types
AttackLens supports two categories of integrations:
Issue Integrations
Issue integrations connect AttackLens to your ticketing or issue tracking platform. When a security finding meets your configured criteria, AttackLens can automatically create a ticket in the connected system with the relevant details -- severity, affected asset, remediation guidance, and supporting evidence.
Supported platforms:
| Platform | Description |
|---|---|
| Jira | Create Jira issues in any project. Supports custom fields, priority mapping, and label assignment. |
| ServiceNow | Create ServiceNow incidents with configurable urgency, impact, and assignment group mapping. |
| GitHub Issues | Create issues in GitHub repositories with label and assignee mapping. Suitable for teams that track security work alongside code. |
MCP Server (AI Integration)
The Model Context Protocol (MCP) server integration allows AI assistants like Claude to query your AttackLens data in real time. This enables natural-language security analysis, automated report generation, and intelligent remediation guidance without leaving your AI workflow.
How Issue Integrations Work
The issue integration workflow follows these steps:
- Configure: You set up a connection to your ticketing platform (URL, credentials, project).
- Map: You define how AttackLens fields map to issue fields (severity to priority, finding title to issue title, etc.).
- Trigger: When a finding matches your criteria (e.g., severity is High or Critical), AttackLens creates an issue in the connected platform.
- Track: AttackLens logs every created issue, including its external URL, so you can trace findings to their corresponding tickets.
INFO
Issue creation is triggered manually from the findings view. You select one or more findings and choose Create Issue to push them to your configured integration. Automatic creation based on rules is on the roadmap.
How the MCP Server Works
The MCP server runs as part of your AttackLens deployment and exposes a set of tools and data sources that AI assistants can access:
- Enable: Turn on the MCP server from the integrations settings.
- Connect: Configure your AI assistant (e.g., Claude Desktop) with the MCP server URL and credentials.
- Query: The AI assistant can now query assets, findings, vulnerabilities, attack paths, and compliance data.
- Analyze: The assistant uses this data to answer questions, generate summaries, suggest remediation, and provide context-aware security guidance.
Security Considerations
WARNING
Integration credentials (API tokens, passwords) are stored encrypted in the AttackLens database. However, you should follow the principle of least privilege when creating service accounts or API tokens for integrations:
- Jira: Use an API token with access scoped to the specific project.
- ServiceNow: Create a dedicated integration user with only the incident creation role.
- GitHub: Use a fine-grained personal access token with repository-level permissions.
- MCP Server: The server respects the access scope you configure -- it cannot access data outside the defined scope.
Next Steps
- Configure Jira -- Set up Jira issue creation.
- Configure ServiceNow -- Set up ServiceNow incident creation.
- Configure GitHub Issues -- Set up GitHub Issues creation.
- Manage Integrations -- View, edit, and delete existing integrations.
- Configure MCP Server -- Enable AI assistant access to your security data.