Graylog integration with Incident Response

Graylog  is a log management system. You can define conditions, which when met, is stored as an Event and can be used to trigger a notification. Incident Response ensures that the right people are working on these notifications.

What does Lightstep Incident Response offer Graylog users?

Alerts in Graylog trigger alerts in Incident Response.

Incident Response acts as a handler for these alerts and determines the right people to notify based on escalation policies, previously provided points of contact, and on-call schedules. Users are notified based on their notification preferences. Alerts are escalated until they are acknowledged or closed.

Functionality of the integration

When an alert is triggered in Graylog, an alert is created in Incident Response.
Note: The alerts generated from Graylog are not auto-closed in LIR when the corresponding alert closes in Graylog. The alert must be closed manually.