OpsGenie
OpsGenie is an alerting and on-call management solution for dev & ops teams. It provides tools needed to design actionable alerts, manage on-call schedules & escalations, and ensure that the right people are notified at the right time, using multiple notification methods.
The OpsGenie-Demisto integration allows querying specific on-call schedules and determining the right resource of who is currently (or in future time) on call.
To set up OpsGenie to work with Demisto:
- From main OpsGenie screen, go to the Integrations page, and select to add API (first box).
-
In the new API integration, do the following:
- Enter name: Demisto
- Copy the API Key presented in the page to use for the Demisto set up below.
- Make sure Enabled checkbox is marked.
- You can check the Restrict Access and Limit to Read Only check boxes as well (not mandatory)
- Click on Save Integration
To set up the integration on Demisto:
- Go to ‘Settings > Integrations > Servers & Services’
- Locate the OpsGenie integration by searching for it using the search box on the top of the page.
-
Click ‘Add instance’ to create and configure a new integration. You should configure the following settings:
Name : A textual name for the integration instance.
Base URL : The base OpsGenie service URL. The default value should be used (https://api.opsgenie.com/v2), unless otherwise instructed by Demisto.
API Key : The API Key acquired from the OpsGenie interface in the previous step.
Use system proxy configuration : Check this box in case there is a proxy server configures on the platform.
Demisto engine : If relevant, select the engine that acts as a proxy to the server. Engines are used when you need to access a remote network segments and there are network devices such as proxies, firewalls, etc. that prevent the Demisto server from accessing the remote networks.
For more information on Demisto engines see:
https://demisto.zendesk.com/hc/en-us/articles/226274727-Settings-Integrations-Engines
Require users to enter additional password: Select whether you’d like an additional step where users are required to authenticate themselves with a password.
-
Press the ‘Test’ button to validate connection.
If you are experiencing issues with the service configuration, please contact Demisto support at support@demisto.com - After completing the test successfully, press the ‘Done’ button.
Fetched incidents data:
This integration does not fetch incidents
Use-cases:
-
Assigning an analyst based on the current on-call schedule
When an incident enters Demisto, a playbook task can get the current on-call analyst, based on the on-call schedule.
This can be done by using the opsgenie-get-on-call command, using the SOC analysts rotation schedule in OpsGenie. -
Setting handover path based on future on-call rotation
As part of the incident playbook, the next shift analyst can also be queries for heads-up notification if needed, using the opsgenie-get-on-call command, using the schedule name, and the date to query based upon
Commands:
-
opsgenie-get-on-call <schedule> [<date>] -
Get current on-call users of a given Schedule.
The Schedule name is used to query for the specific on-call. The Date can be provided to check future on-call assignments. - opsgenie-get-schedule-timeline <schedule> - Get the schedule timeline information of the given schedule name.
- opsgenie-get-schedules - Get all schedules listed in the system.
- opsgenie-get-user <user> - Get user information based on the given user ID (email)
Example of commands:
- !opsgenie-get-on-call schedule="OnCAll"
- !opsgenie-get-on-call schedule="OnCAll" date=2018-01-01
- !opsgenie-get-user email@company.com
Example of commands with outputs:
- !opsgenie-get-on-call schedule="SOC"
War room output:
OpsGenie On-Call Schedule SOC
|
Context output:
OnCall:[] 1 item
|
Raw output:
root:[] 1 item
|
-
!opsgenie-get-on-call schedule="SOC" date="2018-01-01"
War room output:
OpsGenie On-Call Schedule SOC
|
Context output:
OnCall:[] 1 item
|
Raw output:
root:[] 1 item
|
- !opsgenie-get-user userID="john@company.com"
War room output:
OpsGenie User Info
|
Context output:
None |
Raw output:
root:{} 10 items
|
Troubleshooting
- Make sure to have the web-proxy open to the OpsGenie API URL (https://api.opsgenie.com/v2)
- Make sure API Key is enabled in the OpsGenie interface, and it is copies correctly
- Make sure API Key is created with a user that has access to the relevant on call schedules.