Email integration with Incident Response
Integrate Incident Response with any service capable of sending email alerts. Events and alerts from monitoring tools are sent as emails to your desired email address. Incident Response opens and triggers an alert when it receives an email to this integration email address.
Before you begin
Role required: Responder, Manager, or Administrator
- Log in to Incident Response.
On the navigation pane, click Integrations.
- Click the Email integration card.
On the form, fill in the fields.
Field Description Name Name of the integration. Status Status of the integration such as enabled or disabled.Note: You can modify this field only after the webhook is generated. Description Brief summary about the services of the integration. Integration URL URL of the home page of the monitoring tool that sends alerts. Tags Tags that can help users search for the integration. Service Name of the service that you want to associate with the integration.
Click Generate Email.
An email address is generated. Incident Response creates an alert for each email that is sent to the generated email address.For the following items, copy the item and paste it into a safe place because you will need it when configuring email:
The sample payload format is as follows:
- webhook by clicking the copy icon ().
- payload by clicking Copy payload to clipboard.
severity: $SEVERITY description: $DESCRIPTION source: $SOURCE source_id: $SOURCE_ID event_time: $EVENT_TIME resource_name: $RESOURCE_NAME type: $EVENT_TYPE metric_name: $METRIC_NAME state:$STATE other_info: $OTHER_INFO
Send events to the newly generated email address as per the sample
By default, email integration uses the email subject as the alert description. If an email integration is disabled, emails sent to that email address are ignored by Incident Response.