Skip to content

Commit

Permalink
[SIEMINT-123] DDSaaS: incident.io: Integration v1.0.0 (#18595)
Browse files Browse the repository at this point in the history
* Added incident.io integration assets

* Removed saved views from manifest

* Resolved log pipeline tests check failure

* Fixed pipeline tests file identation

* Changed tab spacing of pipeline tests yaml

* Changed tab spacing of pipeline tests yaml

* Reformatted pipeline tests file

* Reformatted pipeline tests file

* Fixed identation

* log sample fixed

* log sample fixed

* Updated README and monitor descriptions

* incorporated PR review suggestions

* Update critical_public_incident.json

* Update high_number_of_public_incidents.json

* Update public_incident_reopened.json

* Clean up monitor names

---------

Co-authored-by: Bhavik Parmar <[email protected]>
Co-authored-by: Bhavik Parmar <[email protected]>
Co-authored-by: Chris Laverdiere <[email protected]>
Co-authored-by: Chris Laverdiere <[email protected]>
Co-authored-by: Doug Gunter <[email protected]>
  • Loading branch information
6 people authored Nov 15, 2024
1 parent 61912ca commit e820982
Show file tree
Hide file tree
Showing 16 changed files with 4,283 additions and 0 deletions.
5 changes: 5 additions & 0 deletions .github/CODEOWNERS
Original file line number Diff line number Diff line change
Expand Up @@ -276,6 +276,11 @@ datadog_checks_base/datadog_checks/base/checks/windows/ @DataDog/wi
/greenhouse/manifest.json @DataDog/saas-integrations @DataDog/documentation
/greenhouse/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend

/incident_io/ @DataDog/saas-integrations
/incident_io/*.md @DataDog/saas-integrations @DataDog/documentation
/incident_io/manifest.json @DataDog/saas-integrations @DataDog/documentation
/incident_io/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend

/lastpass/ @DataDog/saas-integrations
/lastpass/*.md @DataDog/saas-integrations @DataDog/documentation
/lastpass/manifest.json @DataDog/saas-integrations @DataDog/documentation
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/config/labeler.yml
Original file line number Diff line number Diff line change
Expand Up @@ -261,6 +261,8 @@ integration/iis:
- iis/**/*
integration/impala:
- impala/**/*
integration/incident_io:
- incident_io/**/*
integration/istio:
- istio/**/*
integration/jboss_wildfly:
Expand Down
7 changes: 7 additions & 0 deletions incident_io/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# CHANGELOG - incident.io

## 1.0.0 / 2024-09-04

***Added***:

* Initial Release
51 changes: 51 additions & 0 deletions incident_io/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
## Overview

[incident.io][1] helps companies declare, collaborate, communicate around, and learn from events that disturb their normal course of business-from critical infrastructure being down, to data breaches and security incidents. It is a service that helps teams manage incidents and outages effectively. It typically provides features like incident reporting, tracking, and resolution workflows.

Integrate your incident.io account with Datadog to gain insights into incident-related activities.

## Setup

Follow the instructions below to configure this integration for incident.io incident events through a Webhook.

### Configuration

#### Webhook configuration
Configure the Datadog endpoint to forward events of incident.io incidents as logs to Datadog. For more details, see the incident.io [webhooks][2] documentation.

1. Select an existing API key or create a new one by clicking one of the buttons below: <!-- UI Component to be added by Datadog team -->
2. Log in to your [incident.io account][3] as org owner.
3. Go to **Settings > Webhooks**.
4. Click **Add Endpoint**.
5. Fill in the webhook URL that you generated in step 1.
6. Select the type of incident events that you want to push to Datadog under the **Subscribe to events** section.
7. Click **Create**.

## Data Collected

### Logs
The incident.io integration ingests the following logs:
- Public incident event logs
- Private incident event logs
- Action and follow up event logs

### Metrics

incident.io does not include any metrics.

### Service Checks

incident.io does not include any service checks.

### Events

incident.io does not include any events.

## Support

Need help? Contact [Datadog support][4].

[1]: https://incident.io/
[2]: https://api-docs.incident.io/tag/Webhooks/
[3]: https://app.incident.io/
[4]: https://docs.datadoghq.com/help/
1,781 changes: 1,781 additions & 0 deletions incident_io/assets/dashboards/incident-io_incidents_overview.json

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions incident_io/assets/incident_io.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
184 changes: 184 additions & 0 deletions incident_io/assets/logs/incident-io.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,184 @@
id: incident-io
metric_id: incident-io
backend_only: false
facets:
- groups:
- Event
name: Event Name
path: evt.name
source: log
pipeline:
type: pipeline
name: incident.io
enabled: true
filter:
query: "source:incident-io"
processors:
- type: attribute-remapper
name: Map `event_type` to `evt.name`
enabled: true
sources:
- event_type
sourceType: attribute
target: evt.name
targetType: attribute
preserveSource: false
overrideOnConflict: false
- type: attribute-remapper
name: Map `private_incident.action_created_v1`, `private_incident.action_updated_v1`, `private_incident.follow_up_created_v1`, `private_incident.follow_up_updated_v1`, `private_incident.incident_created_v2`, `private_incident.incident_updated_v2`, `private_incident.membership_granted_v1`, `private_incident.membership_revoked_v1`, `public_incident.action_created_v1`, `public_incident.action_updated_v1`, `public_incident.follow_up_created_v1`, `public_incident.follow_up_updated_v1`, `public_incident.incident_created_v2`, `public_incident.incident_status_updated_v2`, `public_incident.incident_updated_v2` to `data`
enabled: true
sources:
- private_incident.action_created_v1
- private_incident.action_updated_v1
- private_incident.follow_up_created_v1
- private_incident.follow_up_updated_v1
- private_incident.incident_created_v2
- private_incident.incident_updated_v2
- private_incident.membership_granted_v1
- private_incident.membership_revoked_v1
- public_incident.action_created_v1
- public_incident.action_updated_v1
- public_incident.follow_up_created_v1
- public_incident.follow_up_updated_v1
- public_incident.incident_created_v2
- public_incident.incident_status_updated_v2
- public_incident.incident_updated_v2
sourceType: attribute
target: data
targetType: attribute
preserveSource: false
overrideOnConflict: false
- type: pipeline
name: Creation Events
enabled: true
filter:
query: "@evt.name:(public_incident.action_created_v1 OR
public_incident.follow_up_created_v1)"
processors:
- type: date-remapper
name: Define `data.created_at` as the official date of the log
enabled: true
sources:
- data.created_at
- type: pipeline
name: Update Events
enabled: true
filter:
query: "@evt.name:(public_incident.action_updated_v1 OR
public_incident.follow_up_updated_v1)"
processors:
- type: date-remapper
name: Define `data.updated_at` as the official date of the log
enabled: true
sources:
- data.updated_at
- type: pipeline
name: Incident Created Event
enabled: true
filter:
query: "@evt.name:public_incident.incident_created_v2"
processors:
- type: date-remapper
name: Define `data.created_at` as the official date of the log
enabled: true
sources:
- data.created_at
- type: attribute-remapper
name: Map `data.id` to `data.incident_id`
enabled: true
sources:
- data.id
sourceType: attribute
target: data.incident_id
targetType: attribute
preserveSource: false
overrideOnConflict: false
- type: pipeline
name: Incident Updated Event
enabled: true
filter:
query: "@evt.name:public_incident.incident_updated_v2"
processors:
- type: date-remapper
name: Define `data.updated_at` as the official date of the log
enabled: true
sources:
- data.updated_at
- type: attribute-remapper
name: Map `data.id` to `data.incident_id`
enabled: true
sources:
- data.id
sourceType: attribute
target: data.incident_id
targetType: attribute
preserveSource: false
overrideOnConflict: false
- type: pipeline
name: Incident Status Update Event
enabled: true
filter:
query: "@evt.name:public_incident.incident_status_updated_v2"
processors:
- type: date-remapper
name: Define `data.incident.updated_at` as the official date of the log
enabled: true
sources:
- data.incident.updated_at
- type: attribute-remapper
name: Map `data.incident.name` to `data.name`
enabled: true
sources:
- data.incident.name
sourceType: attribute
target: data.name
targetType: attribute
preserveSource: false
overrideOnConflict: false
- type: attribute-remapper
name: Map `data.incident.reference` to `data.reference`
enabled: true
sources:
- data.incident.reference
sourceType: attribute
target: data.reference
targetType: attribute
preserveSource: false
overrideOnConflict: false
- type: attribute-remapper
name: Map `data.incident.id` to `data.incident_id`
enabled: true
sources:
- data.incident.id
sourceType: attribute
target: data.incident_id
targetType: attribute
preserveSource: false
overrideOnConflict: false
- type: attribute-remapper
name: Map `data.incident.incident_type.name` to `data.incident_type.name`
enabled: true
sources:
- data.incident.incident_type.name
sourceType: attribute
target: data.incident_type.name
targetType: attribute
preserveSource: false
overrideOnConflict: false
- type: pipeline
name: Private Incident Events
enabled: true
filter:
query: "@evt.name:(private_incident.incident_created_v2 OR
private_incident.incident_updated_v2)"
processors:
- type: attribute-remapper
name: Map `data.id` to `data.incident_id`
enabled: true
sources:
- data.id
sourceType: attribute
target: data.incident_id
targetType: attribute
preserveSource: false
overrideOnConflict: false
Loading

0 comments on commit e820982

Please sign in to comment.