Integration: OpsGenie

Hi,

We are starting to use more OpsGenie, I couldnt see it in the plugins/integrations when searching
LINK

Is this at all possible?

Hey Phil – sure, it looks like they have a well-documented REST API. I also noticed they have a webhook alert function, which you could use with an API trigger in InsightConnect today to trigger workflows on new OpsGenie alerts.

Could I ask you (and any other OpsGenie users out there reading this) to elaborate a bit on the use case(s) you have in mind? It’s helpful when we’re framing the actions to build into the plugin.

Thanks!

We also added OpsGenie authentication support to the HTTP Requests plugin recently to serve as a shorter-term solution.

Well the use case for us that we have an on call team, what I’d like to do is allow use opsgenie and ICON to raise the on call team to alerts
Also with this ability I would like to alow the MDR team to also raise on call teams when security engineers are not about.

That ok?

Yessir!

We could do something like:

  1. Trigger workflow on New Alert (a webhook event from OpsGenie would work best)
  2. Action to Get Alert as the webhook event does not contain all details
  3. <some business logic to decide which team/individual should be assigned the alert>
  4. Action to Assign Alert or Add Team to Alert
  5. <some notification via email/chat/other to notify on-call team of the new alert>

I can’t speak for the MDR team, but from a workflow building perspective, we could trigger a similar workflow upon delivery of a findings report. Then we could check and see if it’s within normal business hours; if so, stop. If it’s 3 a.m. on a Sunday, Create Alert in OpsGenie, assign it, and notify on-call team.

Thoughts?