Overview
The primary purpose of this document is to provide a walk-thru on configuring Infocyte and PagerDuty so the Security Alerts generated by Infocyte can generate events within PagerDuty.
Integrating between Infocyte and PagerDuty is extremely simple and is accomplished by leveraging a Service created in PagerDuty and a Webhook configured in Infocyte. The integration between the two platforms leverages an Integration with the PagerDuty Service where an API Integration is created (PagerDuty Events API v2) and a defined Webhook with the Infocyte Platform where the Webhook calls out to the PagerDuty API for Events and sends the alert payload to initiate an event in PagerDuty.
Configuring PagerDuty
Configuring a Service within PagerDuty is quite simple and leverages PagerDuty’s Services component of the PagerDuty Platform. Simple create the service, create an integration within the service.
1) Creating a PagerDuty Service
2) Configuring the PagerDuty API Integration
Configuring the Infocyte Webhook
Infocyte’s platform provides a simple mechanism to forward Alerts within Infocyte to any number of receiving platforms; and in this example, PagerDuty.
Creating a Webhook in Infocyte
Infocyte’s direct Webhook capability allows the end-user to create the Webhook and fully customize the payload and delivery options for the alert. In the example below, the Webhook is created, named as "PagerDuty Event Integration" and is directed at PagerDuty’s API for Events.
The method is "POST."
The url will be "https://events.pagerduty.com/v2/enqueue"
The headers section should contain the content type set to json and the Authorization token from the PagerDuty Service.
content-type=application/json, Authorization=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The body of the Webhook is then configured based on PagerDuty’s API documentation (https://v2.developer.pagerduty.com/docs/events-api-v2).
Here's an example:
{
"payload": {
"summary": "string",
"timestamp": "{{createdOn}}",
"severity": "critical",
"source": "string",
"component": "string",
"group": "string",
"class": "string",
"custom_details": {}
},
"routing_key": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"event_action": "trigger",
"dedup_key": "string",
"client": "string",
"client_url": "string",
"links": [
{
"href": "string",
"text": "string"
}
],
"images": [
{
"src": "string",
"href": "string",
"alt": "string"
}
]
}
Once the Webhook is created and saved, any alert that is triggered within the Infocyte platform will be sent to PagerDuty as an Event into the defined and referenced PageDuty service (with the Integration API key)
Comments
0 comments
Please sign in to leave a comment.