Everbridge Signal
Everbridge Signal provides security teams with real-time notifications of events and incidents. Combined with xMatters, you can notify on-call resolvers and give them the information they need to review event information and respond to it.
This workflow lets you send actionable alerts to on-call resources when xMatters gets a signal from Everbridge Signal. Responders can initiate an incident with the press of a button, or you can build on the flow to perform automated resolution tasks.
How it works
When an alert is generated in Signal, it sends a JSON-formatted webhook to xMatters, based on user-defined alert rules. An Everbridge Signal Alerts trigger in xMatters parses the webhook and initiates a flow. The webhook includes essential alert data you can use to enrich notifications to users or when building automated tasks.
Install the workflow
The following instructions describe how to install the workflow through the xMatters one-click installation process.
- Go to the Workflow Templates page and click the Everbridge Signal tile.
- On the Set up the Workflow tab, give the workflow a name that identifies its purpose (this must be unique in your instance), add an optional description, and set the default incident type (if applicable). Any built-in Initiate Incident steps in the workflow will automatically be set to the selected incident type.
- You can edit these later, if needed.
- You can edit these later, if needed.
- Click Next to set up the connection.
- Copy the trigger URL — you’ll use this to configure the webhook in Signal.
- The trigger URL includes the recipients parameter, which specifies who should be notified. By default, this parameter is set to notify you (the logged in user), but you can set it to target any user or group you want.
- The trigger URL includes the recipients parameter, which specifies who should be notified. By default, this parameter is set to notify you (the logged in user), but you can set it to target any user or group you want.
- Send a test signal to the trigger URL to test the connection.
- Click Open Workflow to view and customize the workflow, or Close to return to the Workflows page.
Configure Everbridge Signal to send requests to the trigger URL
To have Signal send alerts to the flow trigger, you must provide the trigger URL to your Everbridge Signal rep. Ensure you include any recipients in the URL, if required. Your Signal rep will configure an Enable xMatters button for all your saved searches.
Here's how to create a new search in Signal:
- Select Search from the left-hand menu, then click Create Advanced Search.
- Fill in the following fields on the Advanced Search window:
- Search title: A unique title for your search that is sent to xMatters when an alert is triggered.
- Add to group (optional): Type the name of a group. If it's listed in your Signal groups, select it.
- Create Alert: Set the alert level. Available options are: None, Low, Medium, and High.
- When you select an Alert level, the Alert Settings window opens. Set the parameters and click Save.
- Mute Alert: Leave the default No selected.
- Status: Leave the default Active selected.
- Click Enable xMatters.
- Click Save.
You're ready to use the Signal alert to trigger automated flows, including steps such as sending xMatters alerts and initiating incidents, though we always recommend testing before putting things into use.
Set recipients in the trigger URL
The trigger expects the recipients in the trigger URL. When you copy the URL from xMatters, it includes the recipients parameter: &recipients=<yourname>. Of course, you don’t want to receive all the alerts.
To change the recipients for alerts from this webhook, swap out your name for the people or groups you want to target. For example, if you want to notify Emma Pearson, Mary McBride, and the on-call members in the Monitor Team responsible for the service, you'd add &recipients=epearson,mmcbride,monitor%20team to the URL. Remember to URL-encode any special characters in your group names.
We recommend using groups so you can take advantage of the xMatters group features — rotations, escalations, and absences — to reach the right on-call people to jump on an issue.
How to use the workflow
When a search you’ve set in Signal fires, it sends a signal to xMatters, which creates an alert and notifies the individual or the on-call members of the groups you set as recipients in the trigger URL.
Notification responses and their actions
The person responding to the notification has the following response options:
- Acknowledge: Acknowledges the notifications and stops escalations.
- Escalate: Immediately escalates the alert to the next on-call resolver in a targeted group.
- Close: Ends the xMatters alert and stops notifying all targeted recipients.
- Initiate Incident: Initiates an incident in xMatters.
Next Steps
Now that you've installed the workflow, you can use it as-is, or customize it to suit your needs better. Here are some examples of things you can add to the workflow to customize it:
- Use Slack, Zoom, and Microsoft Teams steps to add collaboration channels to the flow.
- Change the severity of incidents created when a recipient selects the Initiate Incident response.
- Update the message sent to resolvers to include the information most relevant to your team.
- Use the Everbridge Signal Alerts trigger to build your own custom flows.