OpsGenie

OpsGenie is an alerting and on-call management solution for dev & ops teams. It provides tools needed to design actionable alerts, manage on-call schedules & escalations, and ensure that the right people are notified at the right time, using multiple notification methods.

The OpsGenie-Demisto integration allows querying specific on-call schedules and determining the right resource of who is currently (or in future time) on call.

To set up OpsGenie to work with Demisto:

1. From main OpsGenie screen, go to the Integrations page, and select to add API (first box).
2. In the new API integration, do the following:
   • Enter name: Demisto
   • Copy the API Key presented in the page to use for the Demisto set up below.
   • Make sure Enabled checkbox is marked.
   • You can check the Restrict Access and Limit to Read Only check boxes as well (not mandatory)
   • Click on Save Integration

To set up the integration on Demisto:

1. Go to ‘Settings > Integrations > Servers & Services’
2. Locate the OpsGenie integration by searching for it using the search box on the top of the page.

3. Click ‘Add instance’ to create and configure a new integration. You should configure the following settings:
   Name : A textual name for the integration instance.
   Base URL : The base OpsGenie service URL. The default value should be used (https://api.opsgenie.com/v2), unless otherwise instructed by Demisto.
   API Key : The API Key acquired from the OpsGenie interface in the previous step.
   Use system proxy configuration : Check this box in case there is a proxy server configures on the platform.
   Demisto engine : If relevant, select the engine that acts as a proxy to the server. Engines are used when you need to access a remote network segments and there are network devices such as proxies, firewalls, etc. that prevent the Demisto server from accessing the remote networks.

For more information on Demisto engines see:
https://demisto.zendesk.com/hc/en-us/articles/226274727-Settings-Integrations-Engines
Require users to enter additional password: Select whether you’d like an additional step where users are required to authenticate themselves with a password.

4. Press the ‘Test’ button to validate connection.
   If you are experiencing issues with the service configuration, please contact Demisto support at support@demisto.com
5. After completing the test successfully, press the ‘Done’ button.

Fetched incidents data:

This integration does not fetch incidents

Use-cases:

• Assigning an analyst based on the current on-call schedule
  When an incident enters Demisto, a playbook task can get the current on-call analyst, based on the on-call schedule.
  This can be done by using the opsgenie-get-on-call command, using the SOC analysts rotation schedule in OpsGenie.
• Setting handover path based on future on-call rotation
  As part of the incident playbook, the next shift analyst can also be queries for heads-up notification if needed, using the opsgenie-get-on-call command, using the schedule name, and the date to query based upon

Commands:

• opsgenie-get-on-call <schedule> [<date>] - Get current on-call users of a given Schedule.
  The Schedule name is used to query for the specific on-call. The Date can be provided to check future on-call assignments.
• opsgenie-get-schedule-timeline <schedule> - Get the schedule timeline information of the given schedule name.
• opsgenie-get-schedules - Get all schedules listed in the system.
• opsgenie-get-user <user> - Get user information based on the given user ID (email)

Example of commands:

• !opsgenie-get-on-call schedule="OnCAll"
• !opsgenie-get-on-call schedule="OnCAll" date=2018-01-01
• !opsgenie-get-user email@company.com

Example of commands with outputs:

• !opsgenie-get-on-call schedule="SOC"

War room output:

OpsGenie On-Call Schedule SOC Currently on-call for SOC schedule: John Doe (john@company.com)

Context output:

OnCall:[] 1 item 0:{} 2 items email:john@company.com name:John Doe

Raw output:

root:[] 1 item 0:{} 3 items id:<ID> name:john@company.com type:user

• !opsgenie-get-on-call schedule="SOC"  date="2018-01-01"

  War room output:

OpsGenie On-Call Schedule SOC Currently on-call for SOC schedule: Jane Doe (jane@company.com)

Context output:

OnCall:[] 1 item 0:{} 2 items email:jane@company.com name:Jane Doe

Raw output:

root:[] 1 item 0:{} 3 items id:<ID> name:jane@company.com type:user

• !opsgenie-get-user userID="john@company.com"

War room output:

OpsGenie      User Info Key              Value createdAt      2017-10-08T05:27:28.535Z fullName       Gilad Shriki id                 6297fa63-7816-4cd6-93e4-404a9ab6a3cf locale           en_US role.id          Owner role.name     Owner timeZone      Israel username     shriki@demisto.com verified         true

Context output:

None

Raw output:

root:{} 10 items blocked:false createdAt:2017-10-08T05:27:28.535Z fullName:John Doe id:<ID> locale:en_US role:{} 2 items id:Owner name:Owner timeZone:US-E userAddress:{} 5 items city: country: line: state: zipCode: username:john@company.com verified:true

Troubleshooting

• Make sure to have the web-proxy open to the OpsGenie API URL (https://api.opsgenie.com/v2)
• Make sure API Key is enabled in the OpsGenie interface, and it is copies correctly
• Make sure API Key is created with a user that has access to the relevant on call schedules.