Fortinet white logo
Fortinet white logo

User Guide

24.4.0

Zendesk

Zendesk

FortiMonitor's Zendesk integration allows you to automatically create Zendesk tickets when an incident is detected by FortiMonitor. When the incident resolves, the Zendesk ticket will also be updated with the appropriate state. You can customize the close state while configuring the integration.

Installation

The integration can be setup via the Integrations page.

  1. From the navigation menu, select Teams & Activity > Integrations.

  2. Look for the Zendesk card then select Configure.

  3. Enter the following information:

Field

Description

Title

A name for the Zendesk integration.

Zendesk Instance Name

The part after https:// and before .zendesk.com.

Username

The username/email address you use to log in to Zendesk.

Note: You must include /token after your email address.

Token

Zendesk API token

Close state

When the incident resolves in FortiMonitor, you can choose which state to set the ticket to in Zendesk.

  • Closed (Default)

  • Pending

  • Hold

  • Solved

JSON Payload

The customizable JSON payload sent to Zendesk API.

JSON payload

The following JSON payload is sent to Zendesk whenever an incident is detected. See Parameters for details on how to customize the payload.

{
"ticket": {
"subject":  "$severity incident on $name",
"type":"incident",
"tags":"$tags",
"comment":  { "html_body": "<strong>Instance: </strong>$name </br><strong>Reason: </strong> $reasons </br> <strong>Control Panel Link: </strong><a href='https://my.panopta.com/outage/IncidentDetails?incident_id=$outage_id'>my.panopta.com/outage/IncidentDetails?incident_id=$outage_id</a></br><strong>Start Time: </strong> $timestamp" },
"priority": "urgent"
}
}

Payload example

{
"ticket": {
"subject":  "critical incident on SQL01",
"type":"incident",
"tags":"IIS,activedirectory,dfs,exchange,sql,sqlserver,windows",
"comment":  { "html_body": "<strong>Instance: </strong>SQL01 </br><strong>Reason: </strong> Memory: % Used greater than 75% for more than 5 minutes </br> <strong>Control Panel Link: </strong><a href='https://my.panopta.com/outage/IncidentDetails?incident_id=-126783267'>my.panopta.com/outage/IncidentDetails?incident_id=-126783267</a></br><strong>Start Time: </strong> 2020-10-05 04:49:36 UTC" },
"priority": "urgent"
}
}

Parameters

Parameter

Description

$trigger

The type of event that triggered this payload (outage, ack, broadcast, clear)

$fqdn

The Fully qualified domain name of the server experiencing the incident/clear.

$name

Name of the server experiencing the incident/clear.

$timestamp

UTC timestamp of when the incident/clear occurred.

$event

The type of event, either incident event or clear event.

$outage_id

The ID number of the associated incident.

$services

For service incident: services experiencing the incident/clear.

$compound_service_id

The ID number of the compound metric affected.

$network_service_id

The ID number of the network service affected.

$resource

For resource anomalies: resources experiencing the anomaly/clear.

$server_resource_id

The ID number corresponding to the resource affected.

$items

Services experiencing the incident/clear or resources experiencing the anomaly/clear.

$reasons

The reasons for network service incidents or the details for anomalies.

$duration

The duration of incidents/anomalies which will be filled in on-clear.

$tags

The tags for the server.

$server_key

The server key for the server.

$server_id

The ID number of the server experiencing the incident/clear.

$partner_server_id

The partner server id for the server.

$item_type

The service type textkeys of the services experiencing the incident/clear, or plugin_textkey/resource_textkey combinations of the resources the experiencing the anomaly/clear, or the OID name of SNMP resources experiencing the outage/clear.

$custom_attribute

You can pass custom server attributes that are set on your servers. Use the attribute type as the key.

$alert_label

Alert label of the incident/anomaly.

$severity

The severity of the outage/anomaly, either critical or warning.

$metric_tags

The tags for all of the metrics involved in the outage.

$location

A comma-separated list of the primary monitoring probe names for all network services affected.

$message

For ack and broadcast payloads, the message that was sent.

Zendesk

Zendesk

FortiMonitor's Zendesk integration allows you to automatically create Zendesk tickets when an incident is detected by FortiMonitor. When the incident resolves, the Zendesk ticket will also be updated with the appropriate state. You can customize the close state while configuring the integration.

Installation

The integration can be setup via the Integrations page.

  1. From the navigation menu, select Teams & Activity > Integrations.

  2. Look for the Zendesk card then select Configure.

  3. Enter the following information:

Field

Description

Title

A name for the Zendesk integration.

Zendesk Instance Name

The part after https:// and before .zendesk.com.

Username

The username/email address you use to log in to Zendesk.

Note: You must include /token after your email address.

Token

Zendesk API token

Close state

When the incident resolves in FortiMonitor, you can choose which state to set the ticket to in Zendesk.

  • Closed (Default)

  • Pending

  • Hold

  • Solved

JSON Payload

The customizable JSON payload sent to Zendesk API.

JSON payload

The following JSON payload is sent to Zendesk whenever an incident is detected. See Parameters for details on how to customize the payload.

{
"ticket": {
"subject":  "$severity incident on $name",
"type":"incident",
"tags":"$tags",
"comment":  { "html_body": "<strong>Instance: </strong>$name </br><strong>Reason: </strong> $reasons </br> <strong>Control Panel Link: </strong><a href='https://my.panopta.com/outage/IncidentDetails?incident_id=$outage_id'>my.panopta.com/outage/IncidentDetails?incident_id=$outage_id</a></br><strong>Start Time: </strong> $timestamp" },
"priority": "urgent"
}
}

Payload example

{
"ticket": {
"subject":  "critical incident on SQL01",
"type":"incident",
"tags":"IIS,activedirectory,dfs,exchange,sql,sqlserver,windows",
"comment":  { "html_body": "<strong>Instance: </strong>SQL01 </br><strong>Reason: </strong> Memory: % Used greater than 75% for more than 5 minutes </br> <strong>Control Panel Link: </strong><a href='https://my.panopta.com/outage/IncidentDetails?incident_id=-126783267'>my.panopta.com/outage/IncidentDetails?incident_id=-126783267</a></br><strong>Start Time: </strong> 2020-10-05 04:49:36 UTC" },
"priority": "urgent"
}
}

Parameters

Parameter

Description

$trigger

The type of event that triggered this payload (outage, ack, broadcast, clear)

$fqdn

The Fully qualified domain name of the server experiencing the incident/clear.

$name

Name of the server experiencing the incident/clear.

$timestamp

UTC timestamp of when the incident/clear occurred.

$event

The type of event, either incident event or clear event.

$outage_id

The ID number of the associated incident.

$services

For service incident: services experiencing the incident/clear.

$compound_service_id

The ID number of the compound metric affected.

$network_service_id

The ID number of the network service affected.

$resource

For resource anomalies: resources experiencing the anomaly/clear.

$server_resource_id

The ID number corresponding to the resource affected.

$items

Services experiencing the incident/clear or resources experiencing the anomaly/clear.

$reasons

The reasons for network service incidents or the details for anomalies.

$duration

The duration of incidents/anomalies which will be filled in on-clear.

$tags

The tags for the server.

$server_key

The server key for the server.

$server_id

The ID number of the server experiencing the incident/clear.

$partner_server_id

The partner server id for the server.

$item_type

The service type textkeys of the services experiencing the incident/clear, or plugin_textkey/resource_textkey combinations of the resources the experiencing the anomaly/clear, or the OID name of SNMP resources experiencing the outage/clear.

$custom_attribute

You can pass custom server attributes that are set on your servers. Use the attribute type as the key.

$alert_label

Alert label of the incident/anomaly.

$severity

The severity of the outage/anomaly, either critical or warning.

$metric_tags

The tags for all of the metrics involved in the outage.

$location

A comma-separated list of the primary monitoring probe names for all network services affected.

$message

For ack and broadcast payloads, the message that was sent.