OpsGenie provides alert management service.
This document provides information about the OpsGenie connector, which facilitates automated interactions, with an OpsGenie server using FortiSOAR™ playbooks. Add the OpsGenie connector as a step in FortiSOAR™ playbooks and perform automated operations, such as creating or updating an alert on OpsGenie or adding a team or responder to an alert on OpsGenie.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-ops-genie
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here
In FortiSOAR™, on the connectors page, select the OpsGenie connector, and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | URL of the OpsGenie server to which you will connect and perform automated operations. |
Genie Key | Genie Key configured for your account that is used to access the OpsGenie server to which you will connect and perform automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Alert | Create an alert in OpsGenie, based on the input parameters you have specified. | create_alert Investigation |
Get Alert Action Status | Retrieves the status of an alert action from OpsGenie. Alert creation, deletion and action requests are processed asynchronously in OpsGenie; this operation checks for the status of the action request. |
get_status Miscellaneous |
Get List of Alerts | Retrieves a list of all alerts or specific alerts from OpsGenie, based on the input parameters you have specified. | get_alerts Investigation |
Get Alert | Retrieves details for a specific alert from OpsGenie, based on the alert identifier value and type you have specified. | get_alert Investigation |
Get Alert Attachments | Retrieves a list of attachments associated with a specific alert from OpsGenie, based on the alert identifier value and type you have specified. | get_attachments Investigation |
Assign Alert | Assigns a specific alert to a specific user in OpsGenie, based on the alert identifier value and type, and the user identifier or name, you have specified. | assign_alert Containment |
Add Team to Alert | Adds a specific team to a specific alert in OpsGenie, based on the alert identifier value and type, and the team identifier or name, you have specified. | add_team Containment |
Add Responder to Alert | Adds a responder to a specific alert in OpsGenie, based on the alert identifier value and type, and responder (user or team) identifier or name, you have specified. | add_responder Containment |
Close Alert | Closes an alert on OpsGenie, based on the alert identifier value and type you have specified. | close_alert Miscellaneous |
Delete Alert | Deletes an alert on OpsGenie, based on the alert identifier value and type you have specified. | delete_alert Miscellaneous |
Parameter | Description |
---|---|
Message | Message associated with the alert that you want to create on OpsGenie. |
User | (Optional) Display name of the owner who has requested to create this alert on OpsGenie. |
Alias | (Optional) Client-defined identifier of the alert that you want to create on OpsGenie. The alias is also a key element of Alert De-Duplication. |
Description | (Optional) Description field of the alert that you want to create on OpsGenie. The description is used to provide detailed information about the alert. |
Responders | (Optional) Teams, users, escalations, and schedules to route the alert that you want to create on OpsGenie. The created alert will be routed, and notifications will be sent to the responders that you have specified. The type field is mandatory for each item, and where possible values are team, user, escalation, and schedule. If the API Key belongs to a team integration, then this field will be overwritten with the owner team. You should provide either the ID or the name of each responder. Following are some example values: "responders":[ |
Visible To | (Optional) Teams and users that the alert will become visible to without sending any notification. The type field is mandatory for each item where possible values are team and user. In addition to the type field, either the ID or the name should be given for teams, and either the id or the username should be given for users. Note: Alerts will be visible to the teams that are specified within the teams field by default, so there is no need to specify them again in the visibleTo field.Following are some example values: "visibleTo":[ |
Actions | (Optional) Custom actions that will be available for the alert that you want to create on OpsGenie. |
Tags | (Optional) Tags associated with the alert that you want to create on OpsGenie. |
Details | (Optional) Dictionary (or map) of key-value pairs for the custom properties of the alert that you want to create on OpsGenie. For example, {"key1":"value1","key2":"value2"} |
Entity | (Optional) Entity field of the alert that you want to create on OpsGenie. Entity is generally used to specify which the domain with which the alert is related. |
Source | (Optional) Source of the alert that you want to create on OpsGenie. By default, this is set as IP address of the incoming request. |
Priority | (Optional) Level of priority that you want to set for the alert that you want to create on OpsGenie. Possible values are P1, P2, P3, P4, and P5. By default, this is set as P3. |
Note | (Optional) Additional notes that will be added while creating the alert on OpsGenie. |
The output contains the following populated JSON schema:
{
"alert_data": "",
"requestId": "",
"result": "",
"took": ""
}
Parameter | Description |
---|---|
Request ID | Universally unique identifier of the request whose status you want to check on OpsGenie. Note: ID of the request is provided within its response. |
The output contains the following populated JSON schema:
{
"alert_data": {
"alertId": "",
"success": "",
"alias": "",
"action": "",
"integrationId": "",
"status": "",
"processedAt": "",
"isSuccess": ""
},
"requestId": "",
"took": ""
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
Sort | Sort the alerts that are retrieved from OpsGenie based on the field that you specify in this parameter. By default, this is set as createdAt. Possible values are:
|
Order | Order the search results by this filter criteria. By default, this is set as desc. Possible values are:
|
Offset | Start index of the result set (to apply pagination). The minimum value (and also the default value) is 0. |
Limit | Maximum number of alerts that this operation should return. You must specify a positive integer value. The maximum value is 100, i.e., this operation can return a maximum of 100 alerts. By default, this is set as 20. |
The output contains the following populated JSON schema:
{
"alert_data": [
{
"count": "",
"snoozed": "",
"owner": "",
"alias": "",
"seen": "",
"integration": {
"type": "",
"name": "",
"id": ""
},
"priority": "",
"isSeen": "",
"createdAt": "",
"tags": [],
"source": "",
"acknowledged": "",
"lastOccurredAt": "",
"id": "",
"message": "",
"updatedAt": "",
"tinyId": "",
"responders": [],
"status": "",
"teams": []
}
],
"requestId": "",
"took": "",
"paging": {
"last": "",
"first": ""
}
}
Parameter | Description |
---|---|
Identifier Type | Type of the identifier based on which you want to retrieve details of the alert from OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID or Alias. By default, this is set as ID. |
Identifier Value | Value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert whose details you want to retrieve from OpsGenie. |
The output contains the following populated JSON schema:
{
"alert_data": {
"count": "",
"snoozed": "",
"owner": "",
"status": "",
"createdAt": "",
"source": "",
"acknowledged": "",
"id": "",
"message": "",
"description": "",
"teams": [],
"entity": "",
"actions": [],
"lastOccurredAt": "",
"tinyId": "",
"integration": {
"type": "",
"name": "",
"id": ""
},
"priority": "",
"isSeen": "",
"tags": [],
"details": {},
"alias": "",
"updatedAt": "",
"seen": "",
"responders": []
},
"requestId": "",
"took": ""
}
Parameter | Description |
---|---|
Identifier Type | Type of the identifier based on which you want to retrieve attachments associated with the alert from OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID or Alias. By default, this is set as ID. |
Identifier Value | Value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert whose associated attachments you want to retrieve from OpsGenie. |
The output contains the following populated JSON schema:
{
"data": [],
"requestId": "",
"took": ""
}
Parameter | Description |
---|---|
Identifier Type | Type of the identifier based on which you want to assign the alert on OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID or Alias. By default, this is set as ID. |
Identifier Value | Value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert that you want to assign on OpsGenie. |
User | Username of user ID to whom you want to assign the specified alert. For example, {"id":"4513b7ea-3b91-438f-b7e4-e3e54af9147c"} OR {"username":"trinity@opsgenie.com"} |
Note | (Optional) Additional notes that you want to add while assigning the alert to the specified user. |
The output contains the following populated JSON schema:
{
"requestId": "",
"result": "",
"took": ""
}
Parameter | Description |
---|---|
Identifier Type | Type of the identifier based on which you want to add the team to the alert on OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID or Alias. By default, this is set as ID. |
Identifier Value | Value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert to which you want to add a team on OpsGenie. |
Team | ID or name of the team to which you want to route the specific alert. For example, {"id":"4513b7ea-3b91-438f-b7e4-e3e54af9147c"} OR {"name":"operations"} |
Note | (Optional) Additional notes that you want to add while adding the team to the specified alert. |
The output contains the following populated JSON schema:
{
"requestId": "",
"result": "",
"took": ""
}
Parameter | Description |
---|---|
Identifier Type | Type of the identifier based on which you want to add the responder to the alert on OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID or Alias. By default, this is set as ID. |
Identifier Value | Value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert to which you want to add a responder on OpsGenie. |
Responder | Teams or users to whom the alert will be routed. The type field is mandatory for each item where possible values are team and user. In addition to the type field, either the ID or the name should be given for teams, and either the id or the username should be given for users. For example, {"id":"4513b7ea-3b91-438f-b7e4-e3e54af9147c", "type":"team"} OR {"username":"trinity@opsgenie.com", "type":"user"} |
Note | (Optional) Additional notes that you want to add while adding the responders to the specified alert. |
The output contains the following populated JSON schema:
{
"requestId": "",
"result": "",
"took": ""
}
Parameter | Description |
---|---|
Identifier Type | Type of the identifier based on which you want to add the close the alert on OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID or Alias. By default, this is set as ID. |
Identifier Value | Value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert that you want to close on OpsGenie. |
Note | (Optional) Additional notes that you want to add while adding the closing the specified alert on OpsGenie. |
The output contains the following populated JSON schema:
{
"requestId": "",
"result": "",
"took": ""
}
Parameter | Description |
---|---|
Identifier Type | Type of the identifier based on which you want to add the close the alert on OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID or Alias. By default, this is set as ID. |
Identifier Value | Value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert that you want to delete from OpsGenie. |
The output contains the following populated JSON schema:
{
"requestId": "",
"result": "",
"took": ""
}
The Sample - OpsGenie - 1.0.0
playbook collection comes bundled with the OpsGenie connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the OpsGenie connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
OpsGenie provides alert management service.
This document provides information about the OpsGenie connector, which facilitates automated interactions, with an OpsGenie server using FortiSOAR™ playbooks. Add the OpsGenie connector as a step in FortiSOAR™ playbooks and perform automated operations, such as creating or updating an alert on OpsGenie or adding a team or responder to an alert on OpsGenie.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
Authored By: Fortinet
Certified: Yes
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-ops-genie
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here
In FortiSOAR™, on the connectors page, select the OpsGenie connector, and click Configure to configure the following parameters:
Parameter | Description |
---|---|
Server URL | URL of the OpsGenie server to which you will connect and perform automated operations. |
Genie Key | Genie Key configured for your account that is used to access the OpsGenie server to which you will connect and perform automated operations. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
Create Alert | Create an alert in OpsGenie, based on the input parameters you have specified. | create_alert Investigation |
Get Alert Action Status | Retrieves the status of an alert action from OpsGenie. Alert creation, deletion and action requests are processed asynchronously in OpsGenie; this operation checks for the status of the action request. |
get_status Miscellaneous |
Get List of Alerts | Retrieves a list of all alerts or specific alerts from OpsGenie, based on the input parameters you have specified. | get_alerts Investigation |
Get Alert | Retrieves details for a specific alert from OpsGenie, based on the alert identifier value and type you have specified. | get_alert Investigation |
Get Alert Attachments | Retrieves a list of attachments associated with a specific alert from OpsGenie, based on the alert identifier value and type you have specified. | get_attachments Investigation |
Assign Alert | Assigns a specific alert to a specific user in OpsGenie, based on the alert identifier value and type, and the user identifier or name, you have specified. | assign_alert Containment |
Add Team to Alert | Adds a specific team to a specific alert in OpsGenie, based on the alert identifier value and type, and the team identifier or name, you have specified. | add_team Containment |
Add Responder to Alert | Adds a responder to a specific alert in OpsGenie, based on the alert identifier value and type, and responder (user or team) identifier or name, you have specified. | add_responder Containment |
Close Alert | Closes an alert on OpsGenie, based on the alert identifier value and type you have specified. | close_alert Miscellaneous |
Delete Alert | Deletes an alert on OpsGenie, based on the alert identifier value and type you have specified. | delete_alert Miscellaneous |
Parameter | Description |
---|---|
Message | Message associated with the alert that you want to create on OpsGenie. |
User | (Optional) Display name of the owner who has requested to create this alert on OpsGenie. |
Alias | (Optional) Client-defined identifier of the alert that you want to create on OpsGenie. The alias is also a key element of Alert De-Duplication. |
Description | (Optional) Description field of the alert that you want to create on OpsGenie. The description is used to provide detailed information about the alert. |
Responders | (Optional) Teams, users, escalations, and schedules to route the alert that you want to create on OpsGenie. The created alert will be routed, and notifications will be sent to the responders that you have specified. The type field is mandatory for each item, and where possible values are team, user, escalation, and schedule. If the API Key belongs to a team integration, then this field will be overwritten with the owner team. You should provide either the ID or the name of each responder. Following are some example values: "responders":[ |
Visible To | (Optional) Teams and users that the alert will become visible to without sending any notification. The type field is mandatory for each item where possible values are team and user. In addition to the type field, either the ID or the name should be given for teams, and either the id or the username should be given for users. Note: Alerts will be visible to the teams that are specified within the teams field by default, so there is no need to specify them again in the visibleTo field.Following are some example values: "visibleTo":[ |
Actions | (Optional) Custom actions that will be available for the alert that you want to create on OpsGenie. |
Tags | (Optional) Tags associated with the alert that you want to create on OpsGenie. |
Details | (Optional) Dictionary (or map) of key-value pairs for the custom properties of the alert that you want to create on OpsGenie. For example, {"key1":"value1","key2":"value2"} |
Entity | (Optional) Entity field of the alert that you want to create on OpsGenie. Entity is generally used to specify which the domain with which the alert is related. |
Source | (Optional) Source of the alert that you want to create on OpsGenie. By default, this is set as IP address of the incoming request. |
Priority | (Optional) Level of priority that you want to set for the alert that you want to create on OpsGenie. Possible values are P1, P2, P3, P4, and P5. By default, this is set as P3. |
Note | (Optional) Additional notes that will be added while creating the alert on OpsGenie. |
The output contains the following populated JSON schema:
{
"alert_data": "",
"requestId": "",
"result": "",
"took": ""
}
Parameter | Description |
---|---|
Request ID | Universally unique identifier of the request whose status you want to check on OpsGenie. Note: ID of the request is provided within its response. |
The output contains the following populated JSON schema:
{
"alert_data": {
"alertId": "",
"success": "",
"alias": "",
"action": "",
"integrationId": "",
"status": "",
"processedAt": "",
"isSuccess": ""
},
"requestId": "",
"took": ""
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criteria is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
Sort | Sort the alerts that are retrieved from OpsGenie based on the field that you specify in this parameter. By default, this is set as createdAt. Possible values are:
|
Order | Order the search results by this filter criteria. By default, this is set as desc. Possible values are:
|
Offset | Start index of the result set (to apply pagination). The minimum value (and also the default value) is 0. |
Limit | Maximum number of alerts that this operation should return. You must specify a positive integer value. The maximum value is 100, i.e., this operation can return a maximum of 100 alerts. By default, this is set as 20. |
The output contains the following populated JSON schema:
{
"alert_data": [
{
"count": "",
"snoozed": "",
"owner": "",
"alias": "",
"seen": "",
"integration": {
"type": "",
"name": "",
"id": ""
},
"priority": "",
"isSeen": "",
"createdAt": "",
"tags": [],
"source": "",
"acknowledged": "",
"lastOccurredAt": "",
"id": "",
"message": "",
"updatedAt": "",
"tinyId": "",
"responders": [],
"status": "",
"teams": []
}
],
"requestId": "",
"took": "",
"paging": {
"last": "",
"first": ""
}
}
Parameter | Description |
---|---|
Identifier Type | Type of the identifier based on which you want to retrieve details of the alert from OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID or Alias. By default, this is set as ID. |
Identifier Value | Value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert whose details you want to retrieve from OpsGenie. |
The output contains the following populated JSON schema:
{
"alert_data": {
"count": "",
"snoozed": "",
"owner": "",
"status": "",
"createdAt": "",
"source": "",
"acknowledged": "",
"id": "",
"message": "",
"description": "",
"teams": [],
"entity": "",
"actions": [],
"lastOccurredAt": "",
"tinyId": "",
"integration": {
"type": "",
"name": "",
"id": ""
},
"priority": "",
"isSeen": "",
"tags": [],
"details": {},
"alias": "",
"updatedAt": "",
"seen": "",
"responders": []
},
"requestId": "",
"took": ""
}
Parameter | Description |
---|---|
Identifier Type | Type of the identifier based on which you want to retrieve attachments associated with the alert from OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID or Alias. By default, this is set as ID. |
Identifier Value | Value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert whose associated attachments you want to retrieve from OpsGenie. |
The output contains the following populated JSON schema:
{
"data": [],
"requestId": "",
"took": ""
}
Parameter | Description |
---|---|
Identifier Type | Type of the identifier based on which you want to assign the alert on OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID or Alias. By default, this is set as ID. |
Identifier Value | Value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert that you want to assign on OpsGenie. |
User | Username of user ID to whom you want to assign the specified alert. For example, {"id":"4513b7ea-3b91-438f-b7e4-e3e54af9147c"} OR {"username":"trinity@opsgenie.com"} |
Note | (Optional) Additional notes that you want to add while assigning the alert to the specified user. |
The output contains the following populated JSON schema:
{
"requestId": "",
"result": "",
"took": ""
}
Parameter | Description |
---|---|
Identifier Type | Type of the identifier based on which you want to add the team to the alert on OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID or Alias. By default, this is set as ID. |
Identifier Value | Value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert to which you want to add a team on OpsGenie. |
Team | ID or name of the team to which you want to route the specific alert. For example, {"id":"4513b7ea-3b91-438f-b7e4-e3e54af9147c"} OR {"name":"operations"} |
Note | (Optional) Additional notes that you want to add while adding the team to the specified alert. |
The output contains the following populated JSON schema:
{
"requestId": "",
"result": "",
"took": ""
}
Parameter | Description |
---|---|
Identifier Type | Type of the identifier based on which you want to add the responder to the alert on OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID or Alias. By default, this is set as ID. |
Identifier Value | Value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert to which you want to add a responder on OpsGenie. |
Responder | Teams or users to whom the alert will be routed. The type field is mandatory for each item where possible values are team and user. In addition to the type field, either the ID or the name should be given for teams, and either the id or the username should be given for users. For example, {"id":"4513b7ea-3b91-438f-b7e4-e3e54af9147c", "type":"team"} OR {"username":"trinity@opsgenie.com", "type":"user"} |
Note | (Optional) Additional notes that you want to add while adding the responders to the specified alert. |
The output contains the following populated JSON schema:
{
"requestId": "",
"result": "",
"took": ""
}
Parameter | Description |
---|---|
Identifier Type | Type of the identifier based on which you want to add the close the alert on OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID or Alias. By default, this is set as ID. |
Identifier Value | Value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert that you want to close on OpsGenie. |
Note | (Optional) Additional notes that you want to add while adding the closing the specified alert on OpsGenie. |
The output contains the following populated JSON schema:
{
"requestId": "",
"result": "",
"took": ""
}
Parameter | Description |
---|---|
Identifier Type | Type of the identifier based on which you want to add the close the alert on OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID or Alias. By default, this is set as ID. |
Identifier Value | Value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert that you want to delete from OpsGenie. |
The output contains the following populated JSON schema:
{
"requestId": "",
"result": "",
"took": ""
}
The Sample - OpsGenie - 1.0.0
playbook collection comes bundled with the OpsGenie connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the OpsGenie connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.