Integration Admin
The Integration Admin module provides centralized management of RhythmX's integration layer — API keys, ticket integration, auto-push, and syslog export settings. All integrations are configured globally through System Settings and apply across all entities.
How Integrations Work
flowchart TD
A["Global Configuration<br><b>Jira / ServiceNow / Syslog</b>"] --> B["All Incidents"]
B --> C["Ticket Created<br><i>Entity info included</i>"]
B --> D["Syslog Forwarded<br><i>Entity info included</i>"]
B --> E["External Feed API<br><i>Entity info included</i>"]
style A fill:#0d47a1,stroke:#42a5f5,color:#fff
style B fill:#00695c,stroke:#4db6ac,color:#fff
style C fill:#e65100,stroke:#ff9d3f,color:#fff
style D fill:#4a148c,stroke:#9c27b0,color:#fff
style E fill:#1b5e20,stroke:#4c8c4a,color:#fffRhythmX uses a single global configuration for all integrations. Every incident and case record carries its entity name, so downstream systems (Jira, ServiceNow, SOAR) can identify which customer organization the data belongs to — without requiring separate configurations per entity.
API Key Management
API keys provide authentication for the External Feed API. Keys grant read-only access to all incidents and cases across all entities.
Key Lifecycle
| Action | Description |
|---|---|
| Create | Generate a new API key. The plaintext key is shown only once — save it immediately. |
| View | List all keys with their metadata (label, scopes, rate limit, status, last used). The key value itself is never shown again. |
| Update | Change a key's description, scopes, rate limit, or enabled status. |
| Revoke | Permanently delete an API key. This is immediate and irreversible. |
Key Properties
| Property | Description |
|---|---|
| Label | Optional human-readable label (e.g., "SOAR integration", "Customer SOC") |
| Description | Additional description for the key's purpose |
| Scopes | Permissions: read:incidents, read:cases (default: both) |
| Rate Limit | Maximum requests per minute (default: 60) |
| Expires At | Optional expiration date |
| Enabled | Toggle to temporarily disable without deleting |
| Created By | Administrator who created the key |
| Last Used | Timestamp of the most recent API call using this key |
Entity Data in API Responses
Every record returned by the External Feed API includes the entity_name field, so consumers can filter or route data by entity on their side:
{
"incident_id": "INC-a1b2c3d4",
"group_key": "jsmith",
"entity_name": "Primary Site",
"status": "OPEN",
"risk_score": 87
}
Syslog Export
RhythmX forwards incident and case events as structured syslog messages (RFC 5424) to an external SIEM or log collector.
Configuration
| Setting | Default | Description |
|---|---|---|
| Host | — | Syslog server hostname or IP (required) |
| Port | 514 | Syslog server port |
| Protocol | UDP | Transport protocol: UDP or TCP |
| Facility | 17 | Syslog facility code (17 = local1) |
| Enabled | false | Master toggle |
What Gets Exported
- New incidents — When an incident is created
- Status changes — When an incident transitions between statuses
- Case events — Correlated threat case creation and updates
Each syslog message includes the incident/case ID, actor, entity name, risk score, severity, MITRE tactics, and timestamp — formatted for direct ingestion by downstream SIEMs.
Integration Admin Workflow
flowchart TD
A["Configure Integrations<br><i>Jira, ServiceNow, Syslog</i>"] --> B["Test Connections<br><i>Verify credentials</i>"]
B --> C["Create API Keys<br><i>For external access</i>"]
C --> D["Verify & Monitor<br><i>Check status, review usage</i>"]
style A fill:#0d47a1,stroke:#42a5f5,color:#fff
style B fill:#00695c,stroke:#4db6ac,color:#fff
style C fill:#1a237e,stroke:#534bae,color:#fff
style D fill:#1b5e20,stroke:#4c8c4a,color:#fff| Step | What the Admin Does | Key Decision |
|---|---|---|
| 1. Configure | Set up global Jira/ServiceNow/syslog credentials | What are the integration targets? |
| 2. Test | Verify all connections with Test Connection buttons | Are credentials valid? |
| 3. API Keys | Create API keys for SOAR/SIEM external access | Who needs API access? |
| 4. Monitor | Review API key usage, delivery retries, syslog status | Are integrations healthy? |