AlienVault Integration Guide

From AlienVault’s USM Anywhere, you can send an alarm or event notification to your PagerDuty incident management console so that team members receive alerts. This facilitates communication and collaboration within the same messaging tool that your organization uses for incident response. When you have this integration configured in USM Anywhere, you can create orchestration rules to automatically send these notifications when an event or alarm matches the rule criteria.

In PagerDuty

  1. Click Services on the navigation bar.
  2. On the Services page:
    • If you are creating a new service for your integration, click + New Service. Follow the steps to configure, and then search and select this integration in step 4.
    • If you are adding your integration to an existing service, search for the service you want to add the integration to and click into the service. Then click the Integrations tab and click Add a new Integration.
  3. Search and select this integration.
  4. Click the Create Service or Add Integration button to save your new integration. You will be redirected to the Integrations page for your service.
  5. Copy the Integration Key for your new integration.

In AlienVault

      1. From your AlienVault USM Anywhere account, go to Settings → Notifications.
      2. Select PagerDuty from he left sidebar, enter your integration key from Step 6 above, and click Save Credentials.
      3. From the top menu, go to either Activity → Alarms, or Activity → Events. (note that below screenshots use the Alarms page.)
      4. Click the name of an alarm or event to open the details. Click Create Rule.
      5. Enter the Rule Name and set the matching conditions you want for the rule, and then click Next.
    Note: The Create Rule dialog displays property values for the selected alarm or event that you can use to specify the match conditions. For more information, see Orchestration Rules.
  2. Under Select an Action, choose to Send a Notification. For Notification Method, choose the PagerDuty option. Then click Save.

FAQ

Will AlienVault automatically resolve incidents?

No. AlienVault only triggers alerts and incidents and does not resolve them. Likewise, if an incident is resolved in PagerDuty, you will need to resolve it in AlienVault.

How do you configure AlienVault to trigger incidents on different services in PagerDuty?

At this time, AlienVault can only be integrated with a single PagerDuty service. If you would like to integrate with multiple services, you can submit a feature request to their team.

Start Using PagerDuty Today

Try PagerDuty free for 14 days — no credit card required.

SIGN UP