admingit
/
SH-Deployer
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '36646ab7a0'
${ noResults }
SH-Deployer/apps/SA-ITOA/default/alert_actions.conf

249 lines
6.9 KiB
Raw Blame History

# Any added value in this file should be added in EventManagementUtils for localization
[itsi_pagerduty_event]
disabled = 0
is_custom = 1
label = Send to PagerDuty
description = Send events to PagerDuty using events API v2
payload_format = json
python.version = python3
ttl = 600
maxtime = 600
maxresults = 100000
param.pd_account =
# DO NOT change/override param.pd_dedup_key under any circumstances
# ITSI sends episode id as dedup key as episode is unique
param.pd_dedup_key = $result.itsi_group_id$
param.pd_event_action =
param.pd_source =
param.pd_summary =
param.pd_severity =
param.pd_link_text =
param.pd_link_href =
param.pd_class =
param.pd_component =
param.pd_group =
param.pd_timestamp =
[itsi_event_generator]
is_custom = 1
label = ITSI Alert Generator
description = Send an ITSI alert to the summary index.
payload_format = json
param.index = itsi_tracked_alerts
param.sourcetype = itsi_notable:event
param.http_token_name = Auto Generated ITSI Event Management Token
param.event_identifier_fields = source
param.search_type = custom
param.is_use_event_time = 0
param.batch_size = 5000
param.event_field_max_length = 10000
param.editor = advance_correlation_builder_editor
param.title =
param.description =
param.owner = unassigned
param.status = 1
param.severity = 1
param.itsi_instruction =
param.drilldown_search_title =
param.drilldown_search_search =
param.drilldown_search_latest_offset = 300
param.drilldown_search_earliest_offset = -300
param.drilldown_title =
param.drilldown_uri =
param.service_ids =
param.entity_lookup_field =
param.meta_data =
param.is_ad_at =
ttl = 600
maxtime = 600
maxresults = 10000
python.version = python3
[itsi_sample_event_action_ping]
is_custom = 1
label = Ping host
description = Given one or more ITSI episodes, ping the `host` in it.
payload_format = json
param.host_to_ping = %orig_host%
ttl = 600
maxtime = 600
maxresults = 10000
python.version = python3
[itsi_event_action_link_ticket]
is_custom = 1
label = Link Ticket
description = Given an ITSI episode, link a ticket of your ticketing system of choice.
payload_format = json
param.ticket_system =
param.ticket_id =
param.ticket_url =
param.operation =
param.kwargs =
ttl = 600
maxtime = 600
maxresults = 10000
python.version = python3
[itsi_event_action_link_url]
is_custom = 1
label = Add reference link
description = Link an episode to an external URL.
payload_format = json
param.url =
param.url_description =
param.operation =
param.kwargs =
ttl = 600
maxtime = 600
maxresults = 10000
python.version = python3
[itsi_event_action_webhook]
is_custom = 1
label = Webhook
description = Given an ITSI episode, send the episode data to the provided URL.
payload_format = json
param.webhook_name =
param.webhook_uri =
ttl = 600
maxtime = 600
maxresults = 10000
python.version = python3
[itsi_event_action_snow_wrapper]
is_custom = 1
label = Create ServiceNow incident
description = Given an ITSI episode, create a ServiceNow incident and link it to the episode.
payload_format = json
param.account =
param.state =
param.configuration_item =
param.contact_type =
param.assignment_group =
param.category =
param.subcategory =
param.impact =
param.urgency =
param.priority =
param.short_description =
param.correlation_id =
param.splunk_url =
param.custom_fields =
ttl = 600
maxtime = 600
maxresults = 10000
python.version = python3
[itsi_event_action_jira_wrapper]
is_custom = 1
label = Jira Cloud Issue Integration
description = Given an ITSI episode, create a Jira Issue and link it to the episode.
payload_format = json
param.api_token =
param.project_key =
param.issue_type =
param.summary =
param.priority =
param.custom_fields =
param.component =
param.label =
param.jira_key = $result.jira_ticket_id$
param.description =
param.correlation_id =
ttl = 600
maxtime = 600
maxresults = 10000
python.version = python3
[itsi_event_action_clear_sim_incidents]
is_custom = 1
label = Clear Splunk Infrastructure Monitoring incidents
description = Given an ITSI episode, clear the Splunk Infrastructure Monitoring incidents within it.
payload_format = json
ttl = 600
maxtime = 600
maxresults = 10000
python.version = python3
[itsi_import_objects]
is_custom = 1
label = ITSI Import Objects
description = Import ITSI entities and service data.
command = itsiimportobjects \
backfillEnabled="$action.itsi_import_objects.param.backfill_enabled$" \
entityDescriptionFields="$action.itsi_import_objects.param.entity_description_fields$" \
entityFieldMapping="$action.itsi_import_objects.param.entity_field_mapping$" \
entityIdentifierFields="$action.itsi_import_objects.param.entity_identifier_fields$" \
entityInformationalFields="$action.itsi_import_objects.param.entity_informational_fields$" \
entityMergeField="$action.itsi_import_objects.param.entity_merge_field$" \
entityMergeFqdn="$action.itsi_import_objects.param.entity_merge_fqdn$" \
entityTitleField="$action.itsi_import_objects.param.entity_title_field$" \
entityTypeField="$action.itsi_import_objects.param.entity_type_field$" \
entityStatusTracking="$action.itsi_import_objects.param.entity_status_tracking$" \
fieldLevelUpdateType="$action.itsi_import_objects.param.field_level_update_type$" \
serviceDependentsFields="$action.itsi_import_objects.param.service_dependents_fields$" \
serviceDescriptionFields="$action.itsi_import_objects.param.service_description_fields$" \
serviceTagsFields="$action.itsi_import_objects.param.service_tags_field$" \
serviceEnabled="$action.itsi_import_objects.param.service_enabled$" \
serviceTeam="$action.itsi_import_objects.param.service_team$" \
serviceTemplatesConfig="$action.itsi_import_objects.param.service_templates_config$" \
serviceTemplateField="$action.itsi_import_objects.param.service_template_field$" \
serviceTitleField="$action.itsi_import_objects.param.service_title_field$" \
updateType="$action.itsi_import_objects.param.update_type$" \
recurringImportName="$name$"
param.backfill_enabled =
param.entity_description_fields =
param.entity_field_mapping =
param.entity_identifier_fields =
param.entity_informational_fields =
param.entity_merge_field =
param.entity_merge_fqdn =
param.entity_title_field =
param.entity_type_field =
param.field_level_update_type =
param.entity_status_tracking =
param.service_dependents_fields =
param.service_description_fields =
param.service_enabled =
param.service_tags_field =
param.service_team =
param.service_templates_config =
param.service_template_field =
param.service_title_field =
param.update_type =
ttl = 120
[itsi_summary_metrics_collect]
label = ITSI Metrics Summary Index Collector
description = Converts events into metrics data points and adds them to the ITSI metrics summary index.
is_custom = 1
command = `mcollect_into_summary_index`
[itsi_event_action_send_to_phantom]
disabled = 0
is_custom = 1
label = Send to Splunk SOAR
description = Send Episode to Splunk SOAR
payload_format = json
ttl = 600
maxtime = 600
maxresults = 100000
python.version = python3
Reference in new issue View Git Blame Copy Permalink