- 16 Mar 2023
- 2 Minutes to read
- Print
- DarkLight
- PDF
Opsgenie - Create Alert
- Updated on 16 Mar 2023
- 2 Minutes to read
- Print
- DarkLight
- PDF
Opsgenie - Create Alert creates an alert in Opsgenie for all the assets retrieved from the saved query supplied as a trigger (or assets that were selected in the asset table) .
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
- Add description - Add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- A query only returns results for the asset type it was created for.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
- See Actions supported for Vulnerabilities.
- See Actions supported for Software.
- Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
- Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.
Connection Settings
To use this action, you must configure the Integrations API key (see below).
Action Settings
Alert message (up to 130 characters) (required) - Specify the message of the alert, limited to 130 characters.
Add default incident description (required, default: False) - Select whether to send the incident description to ServiceNow.
- If enabled, Axonius will include the default incident description (mentioned below) in the ServiceNow incident.
- If disabled, Axonius will not include the default incident description (mentioned below) in the ServiceNow incident.
Message example:
Alert - "test" for the following query has been triggered: Missing SophosAlert Details
The alert was triggered because: the number of entities is above 0
The number of devices returned by the query:4
The previous number of devices was:4You can view the query and its results here: https://demo-latest.axonius.com/devices?view=Missing Sophos
Priority (required, default: P3) - Priority level of the alert. Possible values are P1, P2, P3, P4 and P5. Default value is P3.
Multiple optional incident related settings (optional, default: empty):
- Tags - Tags of the alert.
- Alias - Client-defined identifier of the alert, that is also the key element of Alert De-Duplication.
- User - Display name of the request owner.
- Description - Description field of the alert that is generally used to provide a detailed information about the alert.
NOTEYou can replace text with params that can assist you in better informing in the Jira Issues.
The following params can be used:
{{HOSTNAME}}, {{USERNAME}}, {{FIRST_NAME}}- Note - Additional note that will be added while creating the alert.
- Source - Source field of the alert. Default value is IP address of the incoming request.
Integrations API key - Insert a key associated with the integration in order to create alerts.
APIs
Axonius uses the Atlassian Opsgenie Alert API.
Also see API Key Management
For more details about other Enforcement Actions available, see Action Library.