Added incident.io integration assets

.github/CODEOWNERS

@@ -265,6 +265,11 @@ datadog_checks_base/datadog_checks/base/checks/windows/              @DataDog/wi
 /godaddy/manifest.json                                              @DataDog/saas-integrations @DataDog/documentation
 /godaddy/metadata.csv                                               @DataDog/saas-integrations @DataDog/documentation
 
+/incident_io/                                                        @DataDog/saas-integrations
+/incident_io/*.md                                                    @DataDog/saas-integrations @DataDog/documentation
+/incident_io/manifest.json                                           @DataDog/saas-integrations @DataDog/documentation
+/incident_io/assets/logs/                                            @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend
+
 /lastpass/                                                          @DataDog/saas-integrations
 /lastpass/*.md                                                      @DataDog/saas-integrations @DataDog/documentation
 /lastpass/manifest.json                                             @DataDog/saas-integrations @DataDog/documentation

.github/workflows/config/labeler.yml

@@ -251,6 +251,8 @@ integration/iis:
 - iis/**/*
 integration/impala:
 - impala/**/*
+integration/incident_io:
+- incident_io/**/*
 integration/istio:
 - istio/**/*
 integration/jboss_wildfly:

incident_io/CHANGELOG.md

@@ -0,0 +1,7 @@
+# CHANGELOG - incident.io
+
+## 1.0.0 / 2024-09-04
+
+***Added***:
+
+* Initial Release

incident_io/README.md

@@ -0,0 +1,52 @@
+## Overview
+
+[incident.io][1] helps companies declare, collaborate, communicate around and learn from events that disturb their normal course of business - from critical infrastructure being down, to data breaches and security incidents. It is a service that helps teams manage incidents and outages effectively. It typically provides features like incident reporting, tracking, and resolution workflows.
+
+Integrate your incident.io account with Datadog to gain insights into incident related activities.
+
+## Setup
+
+Follow the instructions below to configure this integration for your incident.io account.
+
+### Configuration
+
+#### Webhook Configuration
+Configure the Datadog endpoint to forward events of incident.io incidents as logs to Datadog. See [incident.io webhook overview][2] for more details.
+
+1. Select an existing API key or create a new one by clicking one of the buttons below: <!-- UI Component to be added by Datadog team -->
+2. Log in to your [incident.io account][3] as org owner.
+3. Go to **Settings > Webhooks**.
+4. Click **Add Endpoint**.
+5. Fill in the webhook URL that you generated in step 1.
+6. Select the type of incident events that you want to push to Datadog under **Subscribe to events**.
+7. Click **Create**.
+
+## Data Collected
+
+### Logs
+The incident.io integration ingests the following logs:
+- Public incident event logs
+- Private incident event logs
+- Action and follow up event logs 
+
+### Metrics
+
+incident.io does not include any metrics.
+
+### Service Checks
+
+incident.io does not include any service checks.
+
+### Events
+
+incident.io does not include any events.
+
+## Support
+
+Need help? Contact [Datadog support][4].
+
+[1]: https://incident.io/
+[2]: https://api-docs.incident.io/tag/Webhooks/
+[3]: https://app.incident.io/
+[4]: https://docs.datadoghq.com/help/
+

incident_io/assets/logs/incident-io.yaml

@@ -0,0 +1,184 @@
+id: incident-io
+metric_id: incident-io
+backend_only: false
+facets:
+  - groups:
+      - Event
+    name: Event Name
+    path: evt.name
+    source: log
+pipeline:
+  type: pipeline
+  name: incident.io
+  enabled: true
+  filter:
+    query: "source:incident-io"
+  processors:
+    - type: attribute-remapper
+      name: Map `event_type` to `evt.name`
+      enabled: true
+      sources:
+        - event_type
+      sourceType: attribute
+      target: evt.name
+      targetType: attribute
+      preserveSource: false
+      overrideOnConflict: false
+    - type: attribute-remapper
+      name: Map `data` for each event type
+      enabled: true
+      sources:
+        - private_incident.action_created_v1
+        - private_incident.action_updated_v1
+        - private_incident.follow_up_created_v1
+        - private_incident.follow_up_updated_v1
+        - private_incident.incident_created_v2
+        - private_incident.incident_updated_v2
+        - private_incident.membership_granted_v1
+        - private_incident.membership_revoked_v1
+        - public_incident.action_created_v1
+        - public_incident.action_updated_v1
+        - public_incident.follow_up_created_v1
+        - public_incident.follow_up_updated_v1
+        - public_incident.incident_created_v2
+        - public_incident.incident_status_updated_v2
+        - public_incident.incident_updated_v2
+      sourceType: attribute
+      target: data
+      targetType: attribute
+      preserveSource: false
+      overrideOnConflict: false
+    - type: pipeline
+      name: Creation Events
+      enabled: true
+      filter:
+        query: "@evt.name:(public_incident.action_created_v1 OR
+          public_incident.follow_up_created_v1)"
+      processors:
+        - type: date-remapper
+          name: Map `data.created_at`
+          enabled: true
+          sources:
+            - data.created_at
+    - type: pipeline
+      name: Update Events
+      enabled: true
+      filter:
+        query: "@evt.name:(public_incident.action_updated_v1 OR
+          public_incident.follow_up_updated_v1)"
+      processors:
+        - type: date-remapper
+          name: Map `data.updated_at`
+          enabled: true
+          sources:
+            - data.updated_at
+    - type: pipeline
+      name: Incident Created Event
+      enabled: true
+      filter:
+        query: "@evt.name:public_incident.incident_created_v2"
+      processors:
+        - type: date-remapper
+          name: Map `data.created_at`
+          enabled: true
+          sources:
+            - data.created_at
+        - type: attribute-remapper
+          name: Map `data.id` to `data.incident_id`
+          enabled: true
+          sources:
+            - data.id
+          sourceType: attribute
+          target: data.incident_id
+          targetType: attribute
+          preserveSource: false
+          overrideOnConflict: false
+    - type: pipeline
+      name: Incident Updated Event
+      enabled: true
+      filter:
+        query: "@evt.name:public_incident.incident_updated_v2"
+      processors:
+        - type: date-remapper
+          name: Map `data.updated_at`
+          enabled: true
+          sources:
+            - data.updated_at
+        - type: attribute-remapper
+          name: Map `data.id` to `data.incident_id`
+          enabled: true
+          sources:
+            - data.id
+          sourceType: attribute
+          target: data.incident_id
+          targetType: attribute
+          preserveSource: false
+          overrideOnConflict: false
+    - type: pipeline
+      name: Incident Status Update Event
+      enabled: true
+      filter:
+        query: "@evt.name:public_incident.incident_status_updated_v2"
+      processors:
+        - type: date-remapper
+          name: Map `data.incident.updated_at`
+          enabled: true
+          sources:
+            - data.incident.updated_at
+        - type: attribute-remapper
+          name: Map `data.incident.name` to `data.name`
+          enabled: true
+          sources:
+            - data.incident.name
+          sourceType: attribute
+          target: data.name
+          targetType: attribute
+          preserveSource: false
+          overrideOnConflict: false
+        - type: attribute-remapper
+          name: Map `data.incident.reference` to `data.reference`
+          enabled: true
+          sources:
+            - data.incident.reference
+          sourceType: attribute
+          target: data.reference
+          targetType: attribute
+          preserveSource: false
+          overrideOnConflict: false
+        - type: attribute-remapper
+          name: Map `data.incident.id` to `data.incident_id`
+          enabled: true
+          sources:
+            - data.incident.id
+          sourceType: attribute
+          target: data.incident_id
+          targetType: attribute
+          preserveSource: false
+          overrideOnConflict: false
+        - type: attribute-remapper
+          name: Map `data.incident.incident_type.name` to `data.incident_type.name`
+          enabled: true
+          sources:
+            - data.incident.incident_type.name
+          sourceType: attribute
+          target: data.incident_type.name
+          targetType: attribute
+          preserveSource: false
+          overrideOnConflict: false
+    - type: pipeline
+      name: Private Incident Events
+      enabled: true
+      filter:
+        query: "@evt.name:(private_incident.incident_created_v2 OR
+          private_incident.incident_updated_v2)"
+      processors:
+        - type: attribute-remapper
+          name: Map `data.id` to `data.incident_id`
+          enabled: true
+          sources:
+            - data.id
+          sourceType: attribute
+          target: data.incident_id
+          targetType: attribute
+          preserveSource: false
+          overrideOnConflict: false