-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[SIEMINT-123] DDSaaS: incident.io: Integration v1.0.0 (#18595)
* Added incident.io integration assets * Removed saved views from manifest * Resolved log pipeline tests check failure * Fixed pipeline tests file identation * Changed tab spacing of pipeline tests yaml * Changed tab spacing of pipeline tests yaml * Reformatted pipeline tests file * Reformatted pipeline tests file * Fixed identation * log sample fixed * log sample fixed * Updated README and monitor descriptions * incorporated PR review suggestions * Update critical_public_incident.json * Update high_number_of_public_incidents.json * Update public_incident_reopened.json * Clean up monitor names --------- Co-authored-by: Bhavik Parmar <[email protected]> Co-authored-by: Bhavik Parmar <[email protected]> Co-authored-by: Chris Laverdiere <[email protected]> Co-authored-by: Chris Laverdiere <[email protected]> Co-authored-by: Doug Gunter <[email protected]>
- Loading branch information
1 parent
61912ca
commit e820982
Showing
16 changed files
with
4,283 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# CHANGELOG - incident.io | ||
|
||
## 1.0.0 / 2024-09-04 | ||
|
||
***Added***: | ||
|
||
* Initial Release |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
## Overview | ||
|
||
[incident.io][1] helps companies declare, collaborate, communicate around, and learn from events that disturb their normal course of business-from critical infrastructure being down, to data breaches and security incidents. It is a service that helps teams manage incidents and outages effectively. It typically provides features like incident reporting, tracking, and resolution workflows. | ||
|
||
Integrate your incident.io account with Datadog to gain insights into incident-related activities. | ||
|
||
## Setup | ||
|
||
Follow the instructions below to configure this integration for incident.io incident events through a Webhook. | ||
|
||
### Configuration | ||
|
||
#### Webhook configuration | ||
Configure the Datadog endpoint to forward events of incident.io incidents as logs to Datadog. For more details, see the incident.io [webhooks][2] documentation. | ||
|
||
1. Select an existing API key or create a new one by clicking one of the buttons below: <!-- UI Component to be added by Datadog team --> | ||
2. Log in to your [incident.io account][3] as org owner. | ||
3. Go to **Settings > Webhooks**. | ||
4. Click **Add Endpoint**. | ||
5. Fill in the webhook URL that you generated in step 1. | ||
6. Select the type of incident events that you want to push to Datadog under the **Subscribe to events** section. | ||
7. Click **Create**. | ||
|
||
## Data Collected | ||
|
||
### Logs | ||
The incident.io integration ingests the following logs: | ||
- Public incident event logs | ||
- Private incident event logs | ||
- Action and follow up event logs | ||
|
||
### Metrics | ||
|
||
incident.io does not include any metrics. | ||
|
||
### Service Checks | ||
|
||
incident.io does not include any service checks. | ||
|
||
### Events | ||
|
||
incident.io does not include any events. | ||
|
||
## Support | ||
|
||
Need help? Contact [Datadog support][4]. | ||
|
||
[1]: https://incident.io/ | ||
[2]: https://api-docs.incident.io/tag/Webhooks/ | ||
[3]: https://app.incident.io/ | ||
[4]: https://docs.datadoghq.com/help/ |
1,781 changes: 1,781 additions & 0 deletions
1,781
incident_io/assets/dashboards/incident-io_incidents_overview.json
Large diffs are not rendered by default.
Oops, something went wrong.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,184 @@ | ||
id: incident-io | ||
metric_id: incident-io | ||
backend_only: false | ||
facets: | ||
- groups: | ||
- Event | ||
name: Event Name | ||
path: evt.name | ||
source: log | ||
pipeline: | ||
type: pipeline | ||
name: incident.io | ||
enabled: true | ||
filter: | ||
query: "source:incident-io" | ||
processors: | ||
- type: attribute-remapper | ||
name: Map `event_type` to `evt.name` | ||
enabled: true | ||
sources: | ||
- event_type | ||
sourceType: attribute | ||
target: evt.name | ||
targetType: attribute | ||
preserveSource: false | ||
overrideOnConflict: false | ||
- type: attribute-remapper | ||
name: Map `private_incident.action_created_v1`, `private_incident.action_updated_v1`, `private_incident.follow_up_created_v1`, `private_incident.follow_up_updated_v1`, `private_incident.incident_created_v2`, `private_incident.incident_updated_v2`, `private_incident.membership_granted_v1`, `private_incident.membership_revoked_v1`, `public_incident.action_created_v1`, `public_incident.action_updated_v1`, `public_incident.follow_up_created_v1`, `public_incident.follow_up_updated_v1`, `public_incident.incident_created_v2`, `public_incident.incident_status_updated_v2`, `public_incident.incident_updated_v2` to `data` | ||
enabled: true | ||
sources: | ||
- private_incident.action_created_v1 | ||
- private_incident.action_updated_v1 | ||
- private_incident.follow_up_created_v1 | ||
- private_incident.follow_up_updated_v1 | ||
- private_incident.incident_created_v2 | ||
- private_incident.incident_updated_v2 | ||
- private_incident.membership_granted_v1 | ||
- private_incident.membership_revoked_v1 | ||
- public_incident.action_created_v1 | ||
- public_incident.action_updated_v1 | ||
- public_incident.follow_up_created_v1 | ||
- public_incident.follow_up_updated_v1 | ||
- public_incident.incident_created_v2 | ||
- public_incident.incident_status_updated_v2 | ||
- public_incident.incident_updated_v2 | ||
sourceType: attribute | ||
target: data | ||
targetType: attribute | ||
preserveSource: false | ||
overrideOnConflict: false | ||
- type: pipeline | ||
name: Creation Events | ||
enabled: true | ||
filter: | ||
query: "@evt.name:(public_incident.action_created_v1 OR | ||
public_incident.follow_up_created_v1)" | ||
processors: | ||
- type: date-remapper | ||
name: Define `data.created_at` as the official date of the log | ||
enabled: true | ||
sources: | ||
- data.created_at | ||
- type: pipeline | ||
name: Update Events | ||
enabled: true | ||
filter: | ||
query: "@evt.name:(public_incident.action_updated_v1 OR | ||
public_incident.follow_up_updated_v1)" | ||
processors: | ||
- type: date-remapper | ||
name: Define `data.updated_at` as the official date of the log | ||
enabled: true | ||
sources: | ||
- data.updated_at | ||
- type: pipeline | ||
name: Incident Created Event | ||
enabled: true | ||
filter: | ||
query: "@evt.name:public_incident.incident_created_v2" | ||
processors: | ||
- type: date-remapper | ||
name: Define `data.created_at` as the official date of the log | ||
enabled: true | ||
sources: | ||
- data.created_at | ||
- type: attribute-remapper | ||
name: Map `data.id` to `data.incident_id` | ||
enabled: true | ||
sources: | ||
- data.id | ||
sourceType: attribute | ||
target: data.incident_id | ||
targetType: attribute | ||
preserveSource: false | ||
overrideOnConflict: false | ||
- type: pipeline | ||
name: Incident Updated Event | ||
enabled: true | ||
filter: | ||
query: "@evt.name:public_incident.incident_updated_v2" | ||
processors: | ||
- type: date-remapper | ||
name: Define `data.updated_at` as the official date of the log | ||
enabled: true | ||
sources: | ||
- data.updated_at | ||
- type: attribute-remapper | ||
name: Map `data.id` to `data.incident_id` | ||
enabled: true | ||
sources: | ||
- data.id | ||
sourceType: attribute | ||
target: data.incident_id | ||
targetType: attribute | ||
preserveSource: false | ||
overrideOnConflict: false | ||
- type: pipeline | ||
name: Incident Status Update Event | ||
enabled: true | ||
filter: | ||
query: "@evt.name:public_incident.incident_status_updated_v2" | ||
processors: | ||
- type: date-remapper | ||
name: Define `data.incident.updated_at` as the official date of the log | ||
enabled: true | ||
sources: | ||
- data.incident.updated_at | ||
- type: attribute-remapper | ||
name: Map `data.incident.name` to `data.name` | ||
enabled: true | ||
sources: | ||
- data.incident.name | ||
sourceType: attribute | ||
target: data.name | ||
targetType: attribute | ||
preserveSource: false | ||
overrideOnConflict: false | ||
- type: attribute-remapper | ||
name: Map `data.incident.reference` to `data.reference` | ||
enabled: true | ||
sources: | ||
- data.incident.reference | ||
sourceType: attribute | ||
target: data.reference | ||
targetType: attribute | ||
preserveSource: false | ||
overrideOnConflict: false | ||
- type: attribute-remapper | ||
name: Map `data.incident.id` to `data.incident_id` | ||
enabled: true | ||
sources: | ||
- data.incident.id | ||
sourceType: attribute | ||
target: data.incident_id | ||
targetType: attribute | ||
preserveSource: false | ||
overrideOnConflict: false | ||
- type: attribute-remapper | ||
name: Map `data.incident.incident_type.name` to `data.incident_type.name` | ||
enabled: true | ||
sources: | ||
- data.incident.incident_type.name | ||
sourceType: attribute | ||
target: data.incident_type.name | ||
targetType: attribute | ||
preserveSource: false | ||
overrideOnConflict: false | ||
- type: pipeline | ||
name: Private Incident Events | ||
enabled: true | ||
filter: | ||
query: "@evt.name:(private_incident.incident_created_v2 OR | ||
private_incident.incident_updated_v2)" | ||
processors: | ||
- type: attribute-remapper | ||
name: Map `data.id` to `data.incident_id` | ||
enabled: true | ||
sources: | ||
- data.id | ||
sourceType: attribute | ||
target: data.incident_id | ||
targetType: attribute | ||
preserveSource: false | ||
overrideOnConflict: false |
Oops, something went wrong.