Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New SIGNL4 alerting article #3145

Merged
merged 8 commits into from
Oct 3, 2023
Merged

New SIGNL4 alerting article #3145

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
d8ba2bf
Add new article
jpipkin1 Oct 2, 2023
3bd7903
Add sidebar
jpipkin1 Oct 2, 2023
0f61e34
Merge branch 'main' into new-signl4-alerting-article
kimsauce Oct 2, 2023
cc66028
Update docs/alerts/webhook-connections/signl4.md
kimsauce Oct 3, 2023
04367fd
Update docs/alerts/webhook-connections/signl4.md
kimsauce Oct 3, 2023
c65d3f8
Update docs/alerts/webhook-connections/signl4.md
jpipkin1 Oct 3, 2023
d29075f
Update docs/alerts/webhook-connections/signl4.md
jpipkin1 Oct 3, 2023
07f1650
Update docs/alerts/webhook-connections/signl4.md
jpipkin1 Oct 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
94 changes: 94 additions & 0 deletions docs/alerts/webhook-connections/signl4.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
---
id: signl4
title: Webhook Connection for SIGNL4
sidebar_label: SIGNL4
description: Send alerts to SIGNL4 from scheduled searches.
---

import useBaseUrl from '@docusaurus/useBaseUrl';

<img src={useBaseUrl('https://raw.githubusercontent.com/signl4/signl4-logo/main/signl4.png')} alt="Thumbnail icon" width="50"/>


You can set up [webhook connections](/docs/alerts/webhook-connections/set-up-webhook-connections) rely on HTTP endpoints that tell Sumo Logic where to send data.

## Sumo Logic to SIGNL4 Integration

Sumo Logic alerts can send webhook alerts to SIGNL4, a mobile alerting and incident management solution that determines the right people to alert based on your on-call schedule, severity, and topic.

To add a Sumo Logic integration in SIGNL4, do the following:

1. Go to the [SIGNL4 Integration Hub](https://account.signl4.com/manage/IntegrationHub?tabName=installedApps).
1. Select an existing webhook integration or create a new one for the Sumo Logic integration.
1. In the integration tile, copy the URL including integration or team secret.

You'll need the webhook URL for Sumo Logic configuration, which you'll do in the next section.

You can find more information on the [SIGNL4 site](https://www.signl4.com/blog/portfolio_item/sumo_logic_mobile_alerting/).

## Configuration in Sumo Logic

In Sumo Logic, scheduled searches send alerts to other tools via webhook connections. To send alerts from Sumo Logic to SIGNL4:

1. [Create a Webhook Connection](#create-a-webhook-connection).
1. Once you set up the webhook connection, you'll have the option to use it in a [Scheduled Search](/docs/alerts/webhook-connections/schedule-searches-webhook-connections) or [Monitor](/docs/alerts/monitors).

## Create a Webhook Connection

:::note
You need the **Manage connections** [role capability](/docs/manage/users-roles/roles/role-capabilities) to create webhook connections.
:::

This section demonstrates how to create a webhook connection from Sumo Logic to SIGNL4.

To create a webhook:

1. In Sumo Logic, go to **Manage Data > Alerts > Connections**.
1. Click **+ Add** and choose **Webhook** as connection type.
1. For the name, enter **Sumo Logic SIGNL4** and give an optional description to the connection.
1. Paste the SIGNL4 webhook URL (from the step above) into the **URL** field.
1. Enter the following content in the **Alert Payload** field:
```json
kimsauce marked this conversation as resolved.
Show resolved Hide resolved
{
"AlertName": "{{AlertName}}",
"Description": "{{Description}}",
"action": "create",
"AlertURL": "{{AlertResponseURL}}",
"Query": "{{Query}}",
"QueryURL": "{{QueryURL}}",
"TriggerTime": "{{TriggerTime}}",
"TriggerTimeRange": "{{TriggerTimeRange}}",
"TriggerCondition": "{{TriggerCondition}}",
"TriggerValue": "{{TriggerValue}}",
"TriggerType": "{{TriggerType}}",
"ResultsJson": "{{ResultsJSON}}",
"DetectionMethod": "{{DetectionMethod}}",
"MonitorType": "{{MonitorType}}",
"NumQueryResults": "{{NumQueryResults}}",
"SourceURL": "{{SourceURL}}",
"X-S4-ExternalID": "{{IncidentKey}}",
"X-S4-Status": "new",
"X-S4-SourceSystem": "SumoLogic"

}
```
1. Under the **Recovery Payload**:
* This part is optional for closing alerts in SIGNL4 if the incident is recovered in Sumo Logic.
```json
{
"X-S4-ExternalID": "{{IncidentKey}}",
"X-S4-Status": "resolved",
"X-S4-SourceSystem": "SumoLogic"
}
```
:::note
Do not update the `X-S4-...` fields, otherwise recovery notifications will not be generated.
:::
1. To test the connection, click **Test Alert**. If successful, you'll see a `201 OK` response message.
1. Click **Save**.

### Configure a Scheduled Search

Scheduled searches are saved searches that run automatically at specified intervals. When a scheduled search is configured to send an alert, it can be sent to another tool using a webhook connection.

To set up a scheduled search for a webhook connection follow the steps in [Schedule Searches for Webhook Connections](/docs/alerts/webhook-connections/schedule-searches-webhook-connections).
1 change: 1 addition & 0 deletions sidebars.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -878,6 +878,7 @@ module.exports = {
'alerts/webhook-connections/servicenow/set-up-security-incident-webhook',
],
},
'alerts/webhook-connections/signl4',
'alerts/webhook-connections/slack',
'alerts/webhook-connections/schedule-searches-webhook-connections',
'alerts/webhook-connections/audit-index',
Expand Down