OpsGenie v1.1.0

About the connector

OpsGenie is a modern incident management platform that ensures critical incidents are never missed, and actions are taken by the right people in the shortest possible time. OpsGenie receives alerts from your monitoring systems and custom applications and categorizes each alert based on importance and timing.

This document provides information about the OpsGenie Connector, which facilitates automated interactions, with a OpsGenie server using FortiSOAR™ playbooks. Add the OpsGenie Connector as a step in FortiSOAR™ playbooks and perform automated operations with OpsGenie.

Version information

Connector Version: 1.1.0

FortiSOAR™ Version Tested on: 7.4.0-2034

OpsGenie Version Tested on: Cloud Instance

Authored By: Fortinet

Certified: Yes

Release Notes for version 1.1.0

Following enhancements have been made to the OpsGenie Connector in version 1.1.0:

• Added the following new operations and playbooks:
  • Get Attachment
  • Update Alert Description
  • Update Alert Priority
  • Update Alert Message
  • Add Note to Alert
  • Get Request Status

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:

yum install cyops-connector-ops-genie

Prerequisites to configuring the connector

• You must have the URL of OpsGenie server to connect and perform automated operations and credentials to access that server.
• The FortiSOAR™ server should have outbound connectivity to port 443 on the OpsGenie server.

Minimum Permissions Required

• Not Applicable

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, click the OpsGenie connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter	Description
Server URL	URL of the OpsGenie server to connect and perform automated operations.
Genie Key	Genie Key configured for your account that is used to access the OpsGenie server.
Verify SSL	Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set to True.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations:

Function	Description	Annotation and Category
Create Alert	Creates an alert in OpsGenie, based on the message to associate, alert requester's name, and other input parameters you have specified.	create_alert Investigation
Get Alert Action Status	Retrieves the status of an alert action from OpsGenie based on the request ID that you have specified. Alert creation, deletion and action requests are processed asynchronously in OpsGenie; this operation checks for the status of the action request.	get_status Miscellaneous
Get List of Alerts	Retrieves a list of alerts from OpsGenie based on the sort criteria, sort order, and other input parameters that you have specified.	get_alerts Investigation
Get Alert	Retrieves details for a specific alert from OpsGenie based on the alert identifier value and type that you have specified.	get_alert Investigation
Get Alert Attachments	Retrieves a list of attachments associated with a specific alert from OpsGenie based on the alert identifier value and type that you have specified.	get_attachments Investigation
Get Request Status	Get Request Status connector action is used to track the status and alert details (if any) of the request whose identifier is given.	get_request_status Investigation
Assign Alert	Assigns a specific alert to a specific user in OpsGenie based on the alert identifier value, type, and other details that you have specified.	assign_alert Containment
Add Team to Alert	Adds a specific team to a specific alert in OpsGenie based on the alert identifier value, type, and other details that you have specified.	add_team Containment
Add Responder to Alert	Adds a responder to a specific alert in OpsGenie based on the alert identifier value, type, and other details that you have specified.	add_responder Containment
Close Alert	Closes an alert on OpsGenie based on the alert identifier value, type, and other details that you have specified.	close_alert Miscellaneous
Get Attachment	Gets an attachment associated with a specific alert from OpsGenie based on the alert identifier value, type, and other details that you have specified.	get_attachment Investigation
Update Alert Description	Updates an alert description associated with a specific alert from OpsGenie based on the alert identifier value, type, and other details that you have specified.	update_alert_description Investigation
Update Alert Priority	Updates an alert priority associated with a specific alert from OpsGenie based on the alert identifier value, type, and other details that you have specified.	update_alert_priority Investigation
Update Alert Message	Updates an alert message associated with a specific alert from OpsGenie based on the alert identifier value, type, and other details that you have specified.	update_alert_message Investigation
Add Note to Alert	Creates a note on a specific alert from OpsGenie based on the alert identifier value, type, and other details that you have specified.	add_note_to_alert Investigation
Delete Alert	Deletes an alert on OpsGenie based on the alert identifier value and type that you have specified.	delete_alert Miscellaneous

operation: Create Alert

Input parameters

Parameter	Description
Message	Specify the message associated with the alert that you want to create on OpsGenie.
User	(Optional) Specify the display name of the owner who has requested to create this alert on OpsGenie.
Alias	(Optional) Specify the client-defined identifier of the alert that you want to create on OpsGenie. The alias is also a key element of Alert De-Duplication.
Description	(Optional) Specify the description field of the alert that you want to create on OpsGenie. The description is used to provide detailed information about the alert.
Responders	(Optional) Specify the teams, users, escalations, and schedules to route the alert that you want to create on OpsGenie. The created alert will be routed, and notifications will be sent to the responders that you have specified. The type field is mandatory for each item, and where possible values are team, user, escalation, and schedule. If the API Key belongs to a team integration, then this field will be overwritten with the owner team. You should provide either the ID or the name of each responder. Following are some example values: "responders":[ { "id":"4513b7ea-3b91-438f-b7e4-e3e54af9147c", "type":"team" }, { "name":"NOC", "type":"team" }, { "id":"bb4d9938-c3c2-455d-aaab-727aa701c0d8", "type":"user" }, { "username":"trinity@opsgenie.com", "type":"user" }, { "id":"aee8a0de-c80f-4515-a232-501c0bc9d715", "type":"escalation" }, { "name":"Nightwatch Escalation", "type":"escalation" }, { "id":"80564037-1984-4f38-b98e-8a1f662df552", "type":"schedule" }, { "name":"First Responders Schedule", "type":"schedule" } ]
Visible To	(Optional) Specify the teams and users for whom the alert becomes visible without sending any notifications. The type field is mandatory for each item where possible values are team and user. In addition to the type field, either the ID or the name should be given for teams, and either the id or the username should be given for users. Note: Alerts will be visible to the teams that are specified within the teams field by default, so there is no need to specify them again in the visibleTo field. Following are some example values: "visibleTo":[ { "id":"4513b7ea-3b91-438f-b7e4-e3e54af9147c", "type":"team" }, { "name":"rocket_team", "type":"team" }, { "id":"bb4d9938-c3c2-455d-aaab-727aa701c0d8", "type":"user" }, { "username":"trinity@opsgenie.com", "type":"user" } ]
Actions	(Optional) Specify the custom actions that will be available for the alert that you want to create on OpsGenie.
Tags	(Optional) Specify the tags associated with the alert that you want to create on OpsGenie.
Details	(Optional) Specify the dictionary (or map) of key-value pairs for the custom properties of the alert that you want to create on OpsGenie. For example, { "key1": "value1", "key2": "value2" }
Entity	(Optional) Specify the entity field of the alert that you want to create on OpsGenie. Entity is generally used to specify which the domain with which the alert is related.
Source	(Optional) Specify the source of the alert that you want to create on OpsGenie. By default, this is set as IP address of the incoming request.
Priority	(Optional) Specify the level of priority that you want to set for the alert that you want to create on OpsGenie. You can choose from following options: P1 P2 P3 P4 P5 By default, this is set as P3.
Note	(Optional) Specify additional notes to add when creating the alert on OpsGenie.

Output

The output contains the following populated JSON schema:
{
"requestId": "",
"took": "",
"alert_data": "",
"result": ""
}

operation: Get Alert Action Status

Input parameters

Parameter	Description
Request ID	Specify the universally unique identifier of the request whose status you want to check on OpsGenie. NOTE: ID of the request is provided within its response.

Output

The output contains the following populated JSON schema:
{
"requestId": "",
"alert_data": {
"action": "",
"status": "",
"processedAt": "",
"success": "",
"alertId": "",
"integrationId": "",
"isSuccess": "",
"alias": ""
},
"took": ""
}

operation: Get List of Alerts

Input parameters

Parameter	Description
Sort	Specify the sorting criteria to sort the alerts retrieved from OpsGenie. By default, this is set to createdAt. Possible values are: createdAt updatedAt tinyId alias message status acknowledged isSeen snoozed snoozedUntil count lastOccurredAt source owner integration.name integration.type report.ackTime report.closeTime report.acknowledgedBy report.closedBy
Order	Specify the order of the search results. By default, this is set as desc. Possible values are: desc: Sort the result set in the descending order. asc: Sort the result set in the ascending order.
Offset	Specify the start index of the search results. The minimum and the default value is 0.
Limit	Specify the maximum number of alerts that this operation should return. You must specify a positive integer value. The maximum value is 100, i.e., this operation can return a maximum of 100 alerts. By default, this is set to 20.

Output

The output contains the following populated JSON schema:
{
"alert_data": [
{
"createdAt": "",
"lastOccurredAt": "",
"acknowledged": "",
"priority": "",
"snoozed": "",
"owner": "",
"responders": [],
"isSeen": "",
"source": "",
"teams": [],
"updatedAt": "",
"alias": "",
"message": "",
"integration": {
"id": "",
"type": "",
"name": ""
},
"tags": [],
"id": "",
"seen": "",
"count": "",
"tinyId": "",
"status": ""
}
],
"requestId": "",
"paging": {
"last": "",
"first": ""
},
"took": ""
}

operation: Get Alert

Input parameters

Parameter	Description
Identifier Type	Specify the type of the identifier based on which to retrieve details of the alert from OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID Alias By default, this is set to ID.
Identifier Value	Specify the value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert whose details you want to retrieve from OpsGenie.

Output

The output contains the following populated JSON schema:
{
"alert_data": {
"id": "",
"source": "",
"details": {},
"snoozed": "",
"alias": "",
"actions": [],
"lastOccurredAt": "",
"priority": "",
"createdAt": "",
"owner": "",
"entity": "",
"description": "",
"tinyId": "",
"tags": [],
"responders": [],
"count": "",
"isSeen": "",
"teams": [],
"seen": "",
"updatedAt": "",
"integration": {
"type": "",
"id": "",
"name": ""
},
"message": "",
"acknowledged": "",
"status": ""
},
"requestId": "",
"took": ""
}

operation: Get Alert Attachments

Input parameters

Parameter	Description
Identifier Type	Specify the type of the identifier based on which you want to retrieve attachments associated with the alert from OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID Alias By default, this is set to ID.
Identifier Value	Specify the value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert whose associated attachments you want to retrieve from OpsGenie.

Output

The output contains the following populated JSON schema:
{
"data": [],
"took": "",
"requestId": ""
}

operation: Get Request Status

Input parameters

Parameter	Description
Request ID	Specify a universally unique identifier of the request. NOTE: ID of the request is provided within response.

Output

The output contains the following populated JSON schema:
{
"data": {
"success": "",
"action": "",
"processedAt": "",
"integrationId": "",
"isSuccess": "",
"status": "",
"alertId": "",
"alias": ""
},
"took": "",
"requestId": ""
}

operation: Assign Alert

Input parameters

Parameter	Description
Identifier Type	Specify the type of the identifier based on which you want to assign the alert on OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID Alias By default, this is set to ID.
Identifier Value	Specify the value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert that you want to assign on OpsGenie.
User	Specify the username of user ID to whom you want to assign the specified alert. For example, {"id":"4513b7ea-3b91-438f-b7e4-e3e54af9147c"} OR {"username":"trinity@opsgenie.com"}
Note	(Optional) Specify additional notes to add while assigning the alert to the specified user.

Output

The output contains the following populated JSON schema:
{
"result": "",
"took": "",
"requestId": ""
}

operation: Add Team to Alert

Input parameters

Parameter	Description
Identifier Type	Specify the type of the identifier based on which you want to add the team to the alert on OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID Alias By default, this is set to ID.
Identifier Value	Specify the value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert to which you want to add a team on OpsGenie.
Team	Specify the ID or name of the team to which you want to route the specific alert. For example, {"id":"4513b7ea-3b91-438f-b7e4-e3e54af9147c"} or {"name":"operations"}
Note	(Optional) Specify additional notes that you want to add while adding the team to the specified alert.

Output

The output contains the following populated JSON schema:
{
"result": "",
"took": "",
"requestId": ""
}

operation: Add Responder to Alert

Input parameters

Parameter	Description
Identifier Type	Specify the type of the identifier based on which you want to add the responder to the alert on OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID Alias By default, this is set to ID.
Identifier Value	Specify the value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert to which you want to add a responder on OpsGenie.
Responder	Specify the teams or users to whom the alert will be routed. The type field is mandatory for each item where possible values are team and user. In addition to the type field, either the ID or the name should be given for teams, and either the id or the username should be given for users. For example, {"id":"4513b7ea-3b91-438f-b7e4-e3e54af9147c", "type":"team"} OR {"username":"trinity@opsgenie.com", "type":"user"}
Note	(Optional) Specify additional notes to add while adding the responders to the specified alert.

Output

The output contains the following populated JSON schema:
{
"result": "",
"took": "",
"requestId": ""
}

operation: Close Alert

Input parameters

Parameter	Description
Identifier Type	Specify the type of the identifier based on which you want to add the close the alert on OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID Alias By default, this is set to ID.
Identifier Value	Specify the value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert that you want to close on OpsGenie.
Note	(Optional) Specify additional notes that you want to add while adding the closing the specified alert on OpsGenie.

Output

The output contains the following populated JSON schema:
{
"result": "",
"took": "",
"requestId": ""
}

operation: Get Attachment

Input parameters

Parameter	Description
Identifier Type	Specify the type of the identifier based on which you want to retrieve details of the alert attachment from OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID Alias By default, this is set to ID.
Alert Identifier Value	Specify the value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert whose details you want to retrieve from OpsGenie.
Attachment Identifier Value	Specify the value of the attachment identifier which you want to retrieve details of the alert attachment from OpsGenie.

Output

The output contains the following populated JSON schema:
{
"data": {
"name": "",
"url": ""
},
"took": "",
"requestId": "",
"result": ""
}

operation: Update Alert Description

Input parameters

Parameter	Description
Identifier Type	Specify the type of the identifier based on which you want to update alert description. The Identifier type is provided as an inline parameter. Possible values are ID Alias By default, this is set to ID.
Identifier Value	Specify the value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert whose details you want to retrieve from OpsGenie.
Description	Specify the description for the alert which you want to update.

Output

The output contains the following populated JSON schema:
{
"data": [],
"took": "",
"requestId": "",
"result": ""
}

operation: Update Alert Priority

Input parameters

Parameter	Description
Identifier Type	Specify the type of the identifier based on which you want to update alert priority. The Identifier type is provided as an inline parameter. Possible values are ID Alias By default, this is set to ID.
Identifier Value	Specify the value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert whose details you want to retrieve from OpsGenie.
Priority	Specify the priority for the alert to update.

Output

The output contains the following populated JSON schema:
{
"data": [],
"took": "",
"requestId": "",
"result": ""
}

operation: Update Alert Message

Input parameters

Parameter	Description
Identifier Type	Specify the type of the identifier based on which you want to update alert message. The Identifier type is provided as an inline parameter. Possible values are ID Alias By default, this is set to ID.
Identifier Value	Specify the value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert whose details you want to retrieve from OpsGenie.
Message	Specify the message for the alert to update.

Output

The output contains the following populated JSON schema:
{
"data": [],
"took": "",
"requestId": "",
"result": ""
}

operation: Add Note to Alert

Input parameters

Parameter	Description
Identifier Type	Specify the type of the identifier based on which you want to add note to alert. The Identifier type is provided as an inline parameter. Possible values are ID Alias By default, this is set to ID.
Identifier Value	Specify the value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert whose details you want to retrieve from OpsGenie.
Note	Specify the note to add in the alert.
User	(Optional) Specify the username of the user who can access the specified alert.
Source	(Optional) Specify the request source of the alert. E.g. AWS Lambda

Output

The output contains the following populated JSON schema:
{
"data": [],
"took": "",
"requestId": ""
}

operation: Delete Alert

Input parameters

Parameter	Description
Identifier Type	Specify the type of the identifier based on which you want to add the close the alert on OpsGenie. The Identifier type is provided as an inline parameter. Possible values are ID Alias By default, this is set to ID.
Identifier Value	Specify the value of the identifier based on the identifier type you have selected. For example, if you have selected ID, then specify the ID of the alert that you want to delete from OpsGenie.

Output

The output contains the following populated JSON schema:
{
"took": "",
"result": "",
"requestId": ""
}

Included playbooks

The Sample - OpsGenie - 1.1.0 playbook collection comes bundled with the OpsGenie connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the OpsGenie connector.

• Add Note to Alert
• Add Responder to Alert
• Add Team to Alert
• Assign Alert
• Close Alert
• Create Alert
• Delete Alert
• Get Alert
• Get Alert Action Status
• Get Alert Attachments
• Get Attachment
• Get List of Alerts
• Get Request Status
• Update Alert Description
• Update Alert Message
• Update Alert Priority

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.