-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SIEMINT-123] DDSaaS: incident.io: Integration v1.0.0 #18595
Merged
gunterd
merged 22 commits into
DataDog:master
from
bhargavnariyanicrest:incident-io-assets-v1.0.0
Nov 15, 2024
Merged
Changes from 21 commits
Commits
Show all changes
22 commits
Select commit
Hold shift + click to select a range
583487a
Added incident.io integration assets
mauneelsorathia-crest d82b4b4
Removed saved views from manifest
mauneelsorathia-crest a1bb23e
Resolved log pipeline tests check failure
mauneelsorathia-crest 593832b
Fixed pipeline tests file identation
mauneelsorathia-crest 84f69b1
Changed tab spacing of pipeline tests yaml
mauneelsorathia-crest 37a9314
Changed tab spacing of pipeline tests yaml
mauneelsorathia-crest 68d7b2b
Reformatted pipeline tests file
mauneelsorathia-crest 8d09a0d
Reformatted pipeline tests file
mauneelsorathia-crest 5f50f96
Fixed identation
mauneelsorathia-crest 1d3c447
log sample fixed
bparmar-crest bf6bef1
log sample fixed
bparmar-crest 50f4079
Merge branch 'master' into incident-io-assets-v1.0.0
bparmar-crest 04f17b1
Updated README and monitor descriptions
mauneelsorathia-crest 32ab5c7
Merge branch 'master' into incident-io-assets-v1.0.0
bparmar-crest fdc875a
incorporated PR review suggestions
bparmar-crest fc32ab5
conflicts resolved
bparmar-crest 8fa8f15
Merge branch 'master' into incident-io-assets-v1.0.0
bparmar-crest 0afc4e6
Update critical_public_incident.json
cmlaverdiere bc9ae5c
Update high_number_of_public_incidents.json
cmlaverdiere facedbd
Update public_incident_reopened.json
cmlaverdiere 2acb630
Merge branch 'master' into incident-io-assets-v1.0.0
cmlaverdiere c9acf5f
Clean up monitor names
gunterd File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # CHANGELOG - incident.io | ||
|
|
||
| ## 1.0.0 / 2024-09-04 | ||
|
|
||
| ***Added***: | ||
|
|
||
| * Initial Release |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| ## Overview | ||
|
|
||
| [incident.io][1] helps companies declare, collaborate, communicate around, and learn from events that disturb their normal course of business-from critical infrastructure being down, to data breaches and security incidents. It is a service that helps teams manage incidents and outages effectively. It typically provides features like incident reporting, tracking, and resolution workflows. | ||
|
|
||
| Integrate your incident.io account with Datadog to gain insights into incident-related activities. | ||
|
|
||
| ## Setup | ||
|
|
||
| Follow the instructions below to configure this integration for incident.io incident events through a Webhook. | ||
|
|
||
| ### Configuration | ||
|
|
||
| #### Webhook configuration | ||
| Configure the Datadog endpoint to forward events of incident.io incidents as logs to Datadog. For more details, see the incident.io [webhooks][2] documentation. | ||
|
|
||
| 1. Select an existing API key or create a new one by clicking one of the buttons below: <!-- UI Component to be added by Datadog team --> | ||
| 2. Log in to your [incident.io account][3] as org owner. | ||
| 3. Go to **Settings > Webhooks**. | ||
| 4. Click **Add Endpoint**. | ||
| 5. Fill in the webhook URL that you generated in step 1. | ||
| 6. Select the type of incident events that you want to push to Datadog under the **Subscribe to events** section. | ||
| 7. Click **Create**. | ||
|
|
||
| ## Data Collected | ||
|
|
||
| ### Logs | ||
| The incident.io integration ingests the following logs: | ||
| - Public incident event logs | ||
| - Private incident event logs | ||
| - Action and follow up event logs | ||
|
|
||
| ### Metrics | ||
|
|
||
| incident.io does not include any metrics. | ||
|
|
||
| ### Service Checks | ||
|
|
||
| incident.io does not include any service checks. | ||
|
|
||
| ### Events | ||
|
|
||
| incident.io does not include any events. | ||
|
|
||
| ## Support | ||
|
|
||
| Need help? Contact [Datadog support][4]. | ||
|
|
||
| [1]: https://incident.io/ | ||
| [2]: https://api-docs.incident.io/tag/Webhooks/ | ||
| [3]: https://app.incident.io/ | ||
| [4]: https://docs.datadoghq.com/help/ | ||
1,781 changes: 1,781 additions & 0 deletions
1,781
incident_io/assets/dashboards/incident-io_incidents_overview.json
Large diffs are not rendered by default.
Oops, something went wrong.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,184 @@ | ||
| id: incident-io | ||
| metric_id: incident-io | ||
| backend_only: false | ||
| facets: | ||
| - groups: | ||
| - Event | ||
| name: Event Name | ||
| path: evt.name | ||
| source: log | ||
| pipeline: | ||
| type: pipeline | ||
| name: incident.io | ||
| enabled: true | ||
| filter: | ||
| query: "source:incident-io" | ||
| processors: | ||
| - type: attribute-remapper | ||
| name: Map `event_type` to `evt.name` | ||
| enabled: true | ||
| sources: | ||
| - event_type | ||
| sourceType: attribute | ||
| target: evt.name | ||
| targetType: attribute | ||
| preserveSource: false | ||
| overrideOnConflict: false | ||
| - type: attribute-remapper | ||
| name: Map `private_incident.action_created_v1`, `private_incident.action_updated_v1`, `private_incident.follow_up_created_v1`, `private_incident.follow_up_updated_v1`, `private_incident.incident_created_v2`, `private_incident.incident_updated_v2`, `private_incident.membership_granted_v1`, `private_incident.membership_revoked_v1`, `public_incident.action_created_v1`, `public_incident.action_updated_v1`, `public_incident.follow_up_created_v1`, `public_incident.follow_up_updated_v1`, `public_incident.incident_created_v2`, `public_incident.incident_status_updated_v2`, `public_incident.incident_updated_v2` to `data` | ||
| enabled: true | ||
| sources: | ||
| - private_incident.action_created_v1 | ||
| - private_incident.action_updated_v1 | ||
| - private_incident.follow_up_created_v1 | ||
| - private_incident.follow_up_updated_v1 | ||
| - private_incident.incident_created_v2 | ||
| - private_incident.incident_updated_v2 | ||
| - private_incident.membership_granted_v1 | ||
| - private_incident.membership_revoked_v1 | ||
| - public_incident.action_created_v1 | ||
| - public_incident.action_updated_v1 | ||
| - public_incident.follow_up_created_v1 | ||
| - public_incident.follow_up_updated_v1 | ||
| - public_incident.incident_created_v2 | ||
| - public_incident.incident_status_updated_v2 | ||
| - public_incident.incident_updated_v2 | ||
| sourceType: attribute | ||
| target: data | ||
| targetType: attribute | ||
| preserveSource: false | ||
| overrideOnConflict: false | ||
| - type: pipeline | ||
| name: Creation Events | ||
| enabled: true | ||
| filter: | ||
| query: "@evt.name:(public_incident.action_created_v1 OR | ||
| public_incident.follow_up_created_v1)" | ||
| processors: | ||
| - type: date-remapper | ||
| name: Define `data.created_at` as the official date of the log | ||
| enabled: true | ||
| sources: | ||
| - data.created_at | ||
| - type: pipeline | ||
| name: Update Events | ||
| enabled: true | ||
| filter: | ||
| query: "@evt.name:(public_incident.action_updated_v1 OR | ||
| public_incident.follow_up_updated_v1)" | ||
| processors: | ||
| - type: date-remapper | ||
| name: Define `data.updated_at` as the official date of the log | ||
| enabled: true | ||
| sources: | ||
| - data.updated_at | ||
| - type: pipeline | ||
| name: Incident Created Event | ||
| enabled: true | ||
| filter: | ||
| query: "@evt.name:public_incident.incident_created_v2" | ||
| processors: | ||
| - type: date-remapper | ||
| name: Define `data.created_at` as the official date of the log | ||
| enabled: true | ||
| sources: | ||
| - data.created_at | ||
| - type: attribute-remapper | ||
| name: Map `data.id` to `data.incident_id` | ||
| enabled: true | ||
| sources: | ||
| - data.id | ||
| sourceType: attribute | ||
| target: data.incident_id | ||
| targetType: attribute | ||
| preserveSource: false | ||
| overrideOnConflict: false | ||
| - type: pipeline | ||
| name: Incident Updated Event | ||
| enabled: true | ||
| filter: | ||
| query: "@evt.name:public_incident.incident_updated_v2" | ||
| processors: | ||
| - type: date-remapper | ||
| name: Define `data.updated_at` as the official date of the log | ||
| enabled: true | ||
| sources: | ||
| - data.updated_at | ||
| - type: attribute-remapper | ||
| name: Map `data.id` to `data.incident_id` | ||
| enabled: true | ||
| sources: | ||
| - data.id | ||
| sourceType: attribute | ||
| target: data.incident_id | ||
| targetType: attribute | ||
| preserveSource: false | ||
| overrideOnConflict: false | ||
| - type: pipeline | ||
| name: Incident Status Update Event | ||
| enabled: true | ||
| filter: | ||
| query: "@evt.name:public_incident.incident_status_updated_v2" | ||
| processors: | ||
| - type: date-remapper | ||
| name: Define `data.incident.updated_at` as the official date of the log | ||
| enabled: true | ||
| sources: | ||
| - data.incident.updated_at | ||
| - type: attribute-remapper | ||
| name: Map `data.incident.name` to `data.name` | ||
| enabled: true | ||
| sources: | ||
| - data.incident.name | ||
| sourceType: attribute | ||
| target: data.name | ||
| targetType: attribute | ||
| preserveSource: false | ||
| overrideOnConflict: false | ||
| - type: attribute-remapper | ||
| name: Map `data.incident.reference` to `data.reference` | ||
| enabled: true | ||
| sources: | ||
| - data.incident.reference | ||
| sourceType: attribute | ||
| target: data.reference | ||
| targetType: attribute | ||
| preserveSource: false | ||
| overrideOnConflict: false | ||
| - type: attribute-remapper | ||
| name: Map `data.incident.id` to `data.incident_id` | ||
| enabled: true | ||
| sources: | ||
| - data.incident.id | ||
| sourceType: attribute | ||
| target: data.incident_id | ||
| targetType: attribute | ||
| preserveSource: false | ||
| overrideOnConflict: false | ||
| - type: attribute-remapper | ||
| name: Map `data.incident.incident_type.name` to `data.incident_type.name` | ||
| enabled: true | ||
| sources: | ||
| - data.incident.incident_type.name | ||
| sourceType: attribute | ||
| target: data.incident_type.name | ||
| targetType: attribute | ||
| preserveSource: false | ||
| overrideOnConflict: false | ||
| - type: pipeline | ||
| name: Private Incident Events | ||
| enabled: true | ||
| filter: | ||
| query: "@evt.name:(private_incident.incident_created_v2 OR | ||
| private_incident.incident_updated_v2)" | ||
| processors: | ||
| - type: attribute-remapper | ||
| name: Map `data.id` to `data.incident_id` | ||
| enabled: true | ||
| sources: | ||
| - data.id | ||
| sourceType: attribute | ||
| target: data.incident_id | ||
| targetType: attribute | ||
| preserveSource: false | ||
| overrideOnConflict: false |
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure what the backstory is to this placeholder, but do we just want users to generate a Datadog API key here? If so, we can link them to
https://app.datadoghq.com/organization-settings/api-keys.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've actually taken care of this in this task. I updated the configuration tab to match our other webhooks integrations.