Cortex XSOAR for Developers (Formerly Demisto)

OpsGenie

OpsGenie is an alerting and on-call management solution for dev & ops teams. It provides tools needed to design actionable alerts, manage on-call schedules & escalations, and ensure that the right people are notified at the right time, using multiple notification methods.

The OpsGenie-Demisto integration allows querying specific on-call schedules and determining the right resource of who is currently (or in future time) on call.

To set up OpsGenie to work with Demisto:

  1. From main OpsGenie screen, go to the Integrations page, and select to add API (first box).
  2. In the new API integration, do the following:
    • Enter name: Demisto
    • Copy the API Key presented in the page to use for the Demisto set up below.
    • Make sure Enabled checkbox is marked.
    • You can check the Restrict Access and Limit to Read Only check boxes as well (not mandatory)
    • Click on Save Integration

To set up the integration on Demisto:

  1. Go to ‘Settings > Integrations > Servers & Services’
  2. Locate the OpsGenie integration by searching for it using the search box on the top of the page.
  1. Click ‘Add instance’ to create and configure a new integration. You should configure the following settings:
    Name : A textual name for the integration instance.
    Base URL : The base OpsGenie service URL. The default value should be used ( https://api.opsgenie.com/v2) , unless otherwise instructed by Demisto.
    API Key : The API Key acquired from the OpsGenie interface in the previous step.
    Use system proxy configuration : Check this box in case there is a proxy server configures on the platform.
    Demisto engine : If relevant, select the engine that acts as a proxy to the server. Engines are used when you need to access a remote network segments and there are network devices such as proxies, firewalls, etc. that prevent the Demisto server from accessing the remote networks.

For more information on Demisto engines see:
https://demisto.zendesk.com/hc/en-us/articles/226274727-Settings-Integrations-Engines
Require users to enter additional password: Select whether you’d like an additional step where users are required to authenticate themselves with a password.

  1. Press the ‘Test’ button to validate connection.
    If you are experiencing issues with the service configuration, please contact Demisto support at support@demisto.com
  2. After completing the test successfully, press the ‘Done’ button.

Fetched incidents data:

This integration does not fetch incidents

Use-cases:

  • Assigning an analyst based on the current on-call schedule
    When an incident enters Demisto, a playbook task can get the current on-call analyst, based on the on-call schedule.
    This can be done by using the opsgenie-get-on-call command, using the SOC analysts rotation schedule in OpsGenie.
  • Setting handover path based on future on-call rotation
    As part of the incident playbook, the next shift analyst can also be queries for heads-up notification if needed, using the opsgenie-get-on-call command, using the schedule name, and the date to query based upon

Commands:

  • opsgenie-get-on-call <schedule> [<date>] - Get current on-call users of a given Schedule.
    The Schedule name is used to query for the specific on-call. The Date can be provided to check future on-call assignments.
  • opsgenie-get-schedule-timeline <schedule> - Get the schedule timeline information of the given schedule name.
  • opsgenie-get-schedules - Get all schedules listed in the system.
  • opsgenie-get-user <user> - Get user information based on the given user ID (email)

Example of commands:

  • !opsgenie-get-on-call schedule="OnCAll"
  • !opsgenie-get-on-call schedule="OnCAll" date=2018-01-01
  • !opsgenie-get-user email@company.com

Example of commands with outputs:

  • !opsgenie-get-on-call schedule="SOC"

War room output:

OpsGenie On-Call Schedule SOC
Currently on-call for SOC schedule:
John Doe (john@company.com)

Context output:

OnCall:[] 1 item
0:{} 2 items
email:john@company.com
name:John Doe

Raw output:

root:[] 1 item
0:{} 3 items
id:<ID>
name:john@company.com
type:user

  • !opsgenie-get-on-call schedule="SOC"  date="2018-01-01"

    War room output:

OpsGenie On-Call Schedule SOC
Currently on-call for SOC schedule:
Jane Doe (jane@company.com)

Context output:

OnCall:[] 1 item
0:{} 2 items
email:jane@company.com
name:Jane Doe

Raw output:

root:[] 1 item
0:{} 3 items
id:<ID>
name:jane@company.com
type:user

  • !opsgenie-get-user userID="john@company.com"

War room output:

OpsGenie      User Info
Key              Value
createdAt      2017-10-08T05:27:28.535Z
fullName       Gilad Shriki
id                 6297fa63-7816-4cd6-93e4-404a9ab6a3cf
locale           en_US
role.id          Owner
role.name     Owner
timeZone      Israel
username     shriki@demisto.com
verified         true

Context output:

None

Raw output:

root:{} 10 items
blocked:false
createdAt:2017-10-08T05:27:28.535Z
fullName:John Doe
id:<ID>
locale:en_US
role:{} 2 items
id:Owner
name:Owner
timeZone:US-E
userAddress:{} 5 items
city:
country:
line:
state:
zipCode:
username:john@company.com
verified:true

Troubleshooting

  • Make sure to have the web-proxy open to the OpsGenie API URL ( https://api.opsgenie.com/v2 )
  • Make sure API Key is enabled in the OpsGenie interface, and it is copies correctly
  • Make sure API Key is created with a user that has access to the relevant on call schedules.
Edit this page
Report an Issue