Email integration with Incident Response

Integrate Incident Response with any service capable of sending email alerts. Incident Response opens and triggers an alert when it receives an email to this integration email address. Events and alerts from monitoring tools can also be sent as emails after making sure that the payload is mapped correctly.

Before you begin

Role required: Responder, Manager, or Administrator

Procedure

  1. Log in to Incident Response.
  2. On the navigation pane, click Integrations.
    Figure 1. Integrations landing page
    Integrations landing page.
  3. Click the Email integration card.
  4. On the form, fill the fields.
    Field Description
    Name Name of the integration.
    Status Status of the integration such as enabled or disabled.
    Note: You can modify this field only after the webhook is generated.
    Description Brief summary about the services of the integration.
    Integration URL The URL of the home page of the monitoring tool that sends alerts.
    Tags Tags that can help users search for the integration.
    Service Name of the service that you want to associate with the integration.

    A service represents a functional outcome like networking, payments, or HR services, that is owned by one team. You might need multiple tool integrations to monitor each technical service and receive events from those tools.
  5. Click Generate email.

    An email address is generated. Incident Response creates an alert for each email that is sent to the generated email address.

    An email address and payload is generated.
    Copy the following items. You need it when configuring email alerts:
    • webhook by clicking the copy icon (Copy the webhook URL.).
    • payload by clicking Copy payload to clipboard.
    The sample payload format is as follows:
    severity: $SEVERITY
description: $DESCRIPTION
source: $SOURCE
source_id: $SOURCE_ID
event_time: $EVENT_TIME
resource_name: $RESOURCE_NAME
type: $EVENT_TYPE
metric_name: $METRIC_NAME
state:$STATE
other_info: $OTHER_INFO
    Note:
    • You must populate the severity and event_time fields.
    • If incorrect value is provided for severity, then alert will be created with a severity of 4.
    • For event_time, any UNIX epoch value is acceptable.
  6. Click Save.