Zendesk
FortiMonitor's Zendesk integration allows you to automatically create Zendesk tickets when an incident is detected by FortiMonitor. When the incident resolves, the Zendesk ticket will also be updated with the appropriate state. You can customize the close state while configuring the integration.
Installation
The integration can be setup via the Integrations page.
-
From the navigation menu, select Teams & Activity > Integrations.
-
Look for the Zendesk card then select Configure.
-
Enter the following information:
Field |
Description |
---|---|
Title |
A name for the Zendesk integration. |
Zendesk Instance Name |
The part after https:// and before .zendesk.com. |
Username |
The username/email address you use to log in to Zendesk. Note: You must include /token after your email address. |
Token |
Zendesk API token |
Close state |
When the incident resolves in FortiMonitor, you can choose which state to set the ticket to in Zendesk.
|
JSON Payload |
The customizable JSON payload sent to Zendesk API. |
JSON payload
The following JSON payload is sent to Zendesk whenever an incident is detected. See Parameters for details on how to customize the payload.
{
"ticket": {
"subject": "$severity incident on $name",
"type":"incident",
"tags":"$tags",
"comment": { "html_body": "<strong>Instance: </strong>$name </br><strong>Reason: </strong> $reasons </br> <strong>Control Panel Link: </strong><a href='https://my.panopta.com/outage/IncidentDetails?incident_id=$outage_id'>my.panopta.com/outage/IncidentDetails?incident_id=$outage_id</a></br><strong>Start Time: </strong> $timestamp" },
"priority": "urgent"
}
}
Payload example
{
"ticket": {
"subject": "critical incident on SQL01",
"type":"incident",
"tags":"IIS,activedirectory,dfs,exchange,sql,sqlserver,windows",
"comment": { "html_body": "<strong>Instance: </strong>SQL01 </br><strong>Reason: </strong> Memory: % Used greater than 75% for more than 5 minutes </br> <strong>Control Panel Link: </strong><a href='https://my.panopta.com/outage/IncidentDetails?incident_id=-126783267'>my.panopta.com/outage/IncidentDetails?incident_id=-126783267</a></br><strong>Start Time: </strong> 2020-10-05 04:49:36 UTC" },
"priority": "urgent"
}
}
Parameters
Parameter |
Description |
---|---|
$trigger |
The type of event that triggered this payload (outage, ack, broadcast, clear) |
$fqdn |
The Fully qualified domain name of the server experiencing the incident/clear. |
$name |
Name of the server experiencing the incident/clear. |
$timestamp |
UTC timestamp of when the incident/clear occurred. |
$event |
The type of event, either incident event or clear event. |
$outage_id |
The ID number of the associated incident. |
$services |
For service incident: services experiencing the incident/clear. |
$compound_service_id |
The ID number of the compound metric affected. |
$network_service_id |
The ID number of the network service affected. |
$resource |
For resource anomalies: resources experiencing the anomaly/clear. |
$server_resource_id |
The ID number corresponding to the resource affected. |
$items |
Services experiencing the incident/clear or resources experiencing the anomaly/clear. |
$reasons |
The reasons for network service incidents or the details for anomalies. |
$duration |
The duration of incidents/anomalies which will be filled in on-clear. |
$tags |
The tags for the server. |
$server_key |
The server key for the server. |
$server_id |
The ID number of the server experiencing the incident/clear. |
$partner_server_id |
The partner server id for the server. |
$item_type |
The service type textkeys of the services experiencing the incident/clear, or plugin_textkey/resource_textkey combinations of the resources the experiencing the anomaly/clear, or the OID name of SNMP resources experiencing the outage/clear. |
$custom_attribute |
You can pass custom server attributes that are set on your servers. Use the attribute type as the key. |
$alert_label |
Alert label of the incident/anomaly. |
$severity |
The severity of the outage/anomaly, either critical or warning. |
$metric_tags |
The tags for all of the metrics involved in the outage. |
$location |
A comma-separated list of the primary monitoring probe names for all network services affected. |
$message |
For ack and broadcast payloads, the message that was sent. |