Integrate PagerDuty with Firewall Analyzer


    PagerDuty is an alarm aggregation and incident response solution, that helps you view the alerts and messages from a firewall management tool in a single console and manage them appropriately so that the security issues are resolved much quicker. Alerts from Firewall Analyzer will be logged as incidents in PagerDuty, where you can customize the mode of communication for each type of incident.

    For example, you can choose to escalate a low severity incident via an email while on the other hand, configure to receive a phone call for a critical incident that posses as serious threat to your network.

    How Firewall Analyzer PagerDuty integration strengthens network security

    Firewall Analyzer generates alarms for security threats and any kind of network issues. By integrating Firewall Analyzer with PagerDuty you can relay the details of the alarms in PagerDuty and configure to receive notifications. PagerDuty allows you to customize the type of notification received based on the severity of the alert. For instance, you can configure to receive critical alerts via a phone call and for other severity receive attention alerts via an SMS or an email.

    This way you can prioritize the issues and resolve them accordingly to ensure that all the security issues are sorted faster and effectively.

    How to integrate Firewall Analyzer with PagerDuty

    Firewall Analyzer PagerDuty integration is implemented via webhooks.

    The integration process involves two parts.

    1. Service Integration configuration in PagerDuty
    2. Webhook configuration in Firewall Analyzer

    Steps to be executed in PagerDuty

    Integration Type: Firewall Analyzer PagerDuty integration is established through Events API V2.

    1. In your PagerDuty instance, go to Services > Service Directory.
    2. Next to the service you wish to integrate with, click More and select View Integrations.
    3. Click on Add Integration, select Events API V2 and click Add.
    4. Copy the Integration Key and the URL for Alert Events from the next window.

    Steps to be executed in Firewall Analyzer

     

     

     

    Webhook PagerDuty Integration

    Stage 1

    Navigate to Notification Template in Firewall Analyzer (Settings > Others > Notification Template > Add Profile).

    Stage 2 (Invoke a webhook)

    Select Invoke a Webhook and add the following details:

    • Method: POST
    • URL: https://events.pagerduty.com/v2/enqueue (The Events URL copied from PagerDuty)
    • Data Type: raw
    • Payload Type: JSON
    • Body content: In this field, the "$message" and "$DeviceField(ipAddress)" are default message variables available in Firewall Analyzer. You can use any of these variables in the body of the message by clicking on the '+' icon next to the Body Content field.

    Stage 3

    1. Once you have configured all these details, click Save.
    2. Before saving it, make sure to use the Test Action option to check if the integration has been configured properly. Note that the message variables used in the body of the request will not have any value when Test Action is performed, and will only send the content as such.
    3. The configuration enables Firewall Analyzer to send alerts to PagerDuty which will be stored as incidents.

    PagerDuty is now integrated with Webhooks in Firewall Analyzer.