From AlienVault’s USM Anywhere, you can send an alarm or event notification to your PagerDuty incident management console so that team members receive alerts. This facilitates communication and collaboration within the same messaging tool that your organization uses for incident response. When you have this integration configured in USM Anywhere, you can create orchestration rules to automatically send these notifications when an event or alarm matches the rule criteria.
- Go to the Configuration menu and select Services.
- On the Services page:
- If you are creating a new service for your integration, click Add New Service.
- If you are adding your integration to an existing service, click the name of the service you want to add the integration to. Then click the Integrations tab and click the New Integration button.
- Search for AlienVault from the integration tools in the Integration Type section.
- Enter an Integration Name. If you are creating a new service for your integration, in General Settings, enter a Name for your new service. Then, in Incident Settings, specify the Escalation Policy, Notification Urgency, and Incident Behavior for your new service.
- Click the Add Service or Add Integration button to save your new integration. You will be redirected to the Integrations page for your service.
- Copy the Integration Key for your new integration.
- From your AlienVault USM Anywhere account, go to Settings → Notifications.
- Select PagerDuty from he left sidebar, enter your integration key from Step 6 above, and click Save Credentials.
- From the top menu, go to either Activity → Alarms, or Activity → Events. (note that below screenshots use the Alarms page.)
- Click the name of an alarm or event to open the details. Click Create Rule.
- Enter the Rule Name and set the matching conditions you want for the rule, and then click Next.
The Create Rule dialog displays property values for the selected alarm or event that you can use to specify the match conditions. For more information, see Orchestration Rules
- Under Select an Action, choose to Send a Notification. For Notification Method, choose the PagerDuty option. Then click Save.
Will AlienVault automatically resolve incidents?
No. AlienVault only triggers alerts and incidents and does not resolve them. Likewise, if an incident is resolved in PagerDuty, you will need to resolve it in AlienVault.
How do you configure AlienVault to trigger incidents on different services in PagerDuty?
At this time, AlienVault can only be integrated with a single PagerDuty service. If you would like to integrate with multiple services, you can submit a feature request to their team.