Articles in this section

Infocyte's PagerDuty Integration via Webhooks and APIs

Avatar
Chris Mills
  • Updated
Follow

Overview

The primary purpose of this document is to provide a walk-thru on configuring Infocyte and PagerDuty so the Security Alerts generated by Infocyte can generate events within PagerDuty.  

Integrating between Infocyte and PagerDuty is extremely simple and is accomplished by leveraging a Service created in PagerDuty and a Webhook configured in Infocyte.  The integration between the two platforms leverages an Integration with the PagerDuty Service where an API Integration is created (PagerDuty Events API v2) and a defined Webhook with the Infocyte Platform where the Webhook calls out to the PagerDuty API for Events and sends the alert payload to initiate an event in PagerDuty.

Configuring PagerDuty

Configuring a Service within PagerDuty is quite simple and leverages PagerDuty’s Services component of the PagerDuty Platform.  Simple create the service, create an integration within the service.

 

1) Creating a PagerDuty Service

PagerDutyService-1.png

2) Configuring the PagerDuty API Integration

configurepagerduty_api-2.png

Configuring the Infocyte Webhook

Infocyte’s platform provides a simple mechanism to forward Alerts within Infocyte to any number of receiving platforms; and in this example, PagerDuty.  

Creating a Webhook in Infocyte

Infocyte’s direct Webhook capability allows the end-user to create the Webhook and fully customize the payload and delivery options for the alert.  In the example below, the Webhook is created, named as "PagerDuty Event Integration" and is directed at PagerDuty’s API for Events. 

 

The method is "POST."

The url will be "https://events.pagerduty.com/v2/enqueue"

The headers section should contain the content type set to json and the Authorization token from the PagerDuty Service.

content-type=application/json, Authorization=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

The body of the Webhook is then configured based on PagerDuty’s API documentation (https://v2.developer.pagerduty.com/docs/events-api-v2). 

Here's an example:

{
"payload": {
"summary": "string",
"timestamp": "{{createdOn}}",
"severity": "critical",
"source": "string",
"component": "string",
"group": "string",
"class": "string",
"custom_details": {}
},
"routing_key": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"event_action": "trigger",
"dedup_key": "string",
"client": "string",
"client_url": "string",
"links": [
{
"href": "string",
"text": "string"
}
],
"images": [
{
"src": "string",
"href": "string",
"alt": "string"
}
]
}

 

 

Once the Webhook is created and saved, any alert that is triggered within the Infocyte platform will be sent to PagerDuty as an Event into the defined and referenced PageDuty service (with the Integration API key)

PDuty-3.png

 

Related articles

Comments

0 comments

Please sign in to leave a comment.