Evident.io Integration Guide

The Evident Security Platform (ESP) performs continuous AWS security monitoring as a service and can identify and assist you in correcting problems in as little as 5 minutes. ESP for AWS identifies over 100 critical AWS security vulnerabilities across all of your AWS accounts. It can be easily configured to send alerts to PagerDuty, thus allowing you to take advantage of PagerDuty’s comprehensive alerting and incident tracking functionality. The guide below describes how to integrate Evident.io (ESP) with PagerDuty.

In PagerDuty

    1. From the Configuration menu, select Services. 
    2. On your Services page:

      If you are creating a new service for your integration, click +Add New Service.

      If you are adding your integration to an existing service, click the name of the service you want to add the integration to. Then click the Integrations tab and click the +New Integration button.

    3. RS-Add-New-Service
      RS-Add-Integration-Existing-Service

    4. Select your app from the Integration Type menu and enter an Integration Name.

      If you are creating a new service for your integration, in General Settings, enter a Name for your new service. Then, in Incident Settings, specify the Escalation Policy, Notification Urgency, and Incident Behavior for your new service.

    5. Click the Add Service or Add Integration button to save your new integration. You will be redirected to the Integrations page for your service.
      RS-Integration-Settings
    6. Copy the Integration Key for your new integration: RS_API_pd_3

    In Evident.io

    1. Login to the Evident.io control panel, go to Integrations, then click the PagerDuty icon.

    2. Paste in the Integration Key you copied from PagerDuty earlier and click Save.

    3. Choose the ESP Alerts that you’d like to send to PagerDuty, then click Save once more.

    4. Next, either trigger a manual report for your team (Control Panel → Teams → Team → Run Report), or wait until the next hour when an automated report is run.

    5. You should now be getting alarms for your selected ESP alerts.

      Congratulations – the integration is now complete! Now when an alert fires based on one of your Evident.io signatures and rules, a PagerDuty incident will be triggered.

    FAQ

    Will Evident Security Platform (ESP) incidents automatically resolve?

    Yes, when alerts fail/warn/error statuses an incident will be created in PagerDuty. If it comes up on the next report run as a pass the incident will be resolved.

    Can I setup ESP to be tied to multiple PagerDuty services?

    No, at this time the PagerDuty Integration Key is a global setting in ESP, so only a single service can be used.

    Are there logs I can reference in ESP?

    Yes, all alerts are stored and displayed for users within the ESP UI.