Moogsoft Incidents
Flow Designer has a Moogsoft Incidents trigger and built-in Moogsoft steps to help you integrate Moogsoft into your alert management and incident response flows.
Moogsoft Incidents Steps
The following steps are available:
- Add External Incident: Add an external incident record to a Moogsoft Incident.
- Add Comment to Incident: Add a new comment, or update an existing comment for a Moogsoft Incident.
- Get External Incident: Get an external incident associated with the Moogsoft incident using the integration name.
- Update Incident: Update a Moogsoft incident with information from xMatters.
Adding Moogsoft steps to your flow
To add a Moosoft step to your flow:
- Go to the Apps tab of the palette, expand the Moogsoft section, and drag the step onto the canvas.
- For instructions on using the Moogsoft Incidents trigger, see Moogsoft Incidents trigger.
- Connect the step to the previous step in the flow. This gives you access to the alert properties and outputs of previous steps when you configure this step's inputs.
- Double-click the step to edit it, and use the Setup tab to configure the inputs. You can use plain text and input variables (or both). See the following section for detailed information on the inputs, including which are required.
- On the Endpoint tab, configure the step to point to your Moogsoft instance.
- You can select a pre-existing endpoint or configure a new endpoint with the following information:
- Name: Type a name that will identify your endpoint.
- Base URL: Enter https://api.moogsoft.ai.
- Endpoint Type: Select 'Token' (selected by default).
- Header: Select 'Custom'.
- Token Header: Type 'apikey'.
- Token: Enter your organization's Moogsoft API key.
- ID Header: Leave blank.
- ID: Leave blank.
- You can select a pre-existing endpoint or configure a new endpoint with the following information:
Add External Incident
Use the Add External Incident step to add an external incident identifier to Moogsoft incidents through Flow Designer.
Add External Incident inputs and outputs
Inputs
Inputs with an asterisk* are required.
|
Label |
Description |
|---|---|
| Moogsoft Incident ID* | Unique identifier of the Moogsoft incident. |
| Integration ID* | Unique identifier of the external integration to be linked with Moogsoft Incident. |
| External Incident ID* | Unique identifier of the xMatters incident. For example, "INC-123". |
| External Name* | Name used as the External Name for the incident in Moogsoft. |
| External Link* | Direct link to the incident in xMatters. |
| Integration Name* | Unique name of the integration linked with the Moogsoft incident. For example, "xMatters". |
| Integration Type | Type of integration. |
Outputs
This step has no outputs.
Add Comment to Incident
Use the Add Comment to Incident step to add a new comment, or update an existing comment to a Moogsoft incidents through Flow Designer.
Add Comment to Incident inputs and outputs
Inputs
Inputs with an asterisk* are required.
|
Label |
Description |
|---|---|
| Moogsoft Incident ID* | Unique identifier of the Moogsoft incident. |
| Comment* | Comment to add to the Moogsoft Incident. |
| Type* |
Moogsoft comment type. Available values include:
|
| Comment ID | Unique ID of an existing Moogsoft comment. Enter the Comment ID to update an existing comment, or leave blank to create a new comment. |
Outputs
|
Label |
Description |
|---|---|
| Comment ID | Unique ID of the Moogsoft comment. |
Get External Incident
Use the Get External Incident step to get information about a specific external incident linked to a Moogsoft incident through Flow Designer.
Get External Incident inputs and outputs
Inputs
Inputs with an asterisk* are required.
|
Label |
Description |
|---|---|
| Moogsoft Incident ID* | Unique identifier of the Moogsoft incident. |
| Integration Name* | Unique name of the external incident linked with the Moogsoft incident. For example, "xMatters". |
Outputs
|
Label |
Description |
|---|---|
| External ID | Unique identifier of the external incident. For example, "INC-123". |
| External Name | Name used as the External Name for the incident in Moogsoft. |
| External Link | Direct link to the external incident. |
| Integration Name | Unique name of the external incident linked with the Moogsoft incident. For example, "xMatters". |
| Integration Type | Type of integration. |
| Linked Incidents | Parsable JSON string representing an array of external incidents linked with the Moogsoft incident. |
Update Incident
Use the Update Incident step to update the status or assignee of a Moogsoft incident with information from Flow Designer. For ease of use, we recommend creating a custom user property that contains the email address associated with a valid Moogsoft account.
Create a Custom User Property for your Moogsoft User ID
Create a Custom User Property in xMatters to associate the email address of your Moogsoft account with your xMatters account. Once you create the custom user property, any user can add their Moogsoft email address to their xMatters profile.
- Open the xMatters Admin menu and select Custom User Properties.
- On the Custom User Properties window, click Add Property and fill in the following fields:
- Name: Moogsoft User ID
- Type: Select Text from the drop-down menu.
- Click Save.
-
To access your user profile, click on your username at the top-right corner of the xMatters, then select Profile.
- Click Edit Profile.
- Scroll to the bottom of the Edit Profile screen to the new Moogsoft User ID field.
- Enter the email address associated with the Moogsoft account into the Moogsoft User ID field.
- Click Save.
Now that the property is saved in your system, any user can add their Moogsoft email address. Here's how you would add a Moogsoft email address to your profile.
Update Incident inputs and outputs
Inputs
Inputs with an asterisk* are required.
|
Label |
Description |
|---|---|
| Moogsoft Incident ID* | Unique identifier of the Moogsoft incident. |
| Status | Status of the incident in Moogsoft. |
| Assignee | Email address of the Moogsoft user assigned to the incident. |
Outputs
This step has no outputs.
Moogsoft Incidents trigger
The built-in Moogsoft Incidents trigger initiates a flow when it receives a signal from a Moogsoft.
Add the Moogsoft Incidents trigger to the canvas
- Go to the Triggers tab in the palette, expand the App Triggers section, and drag the trigger onto the canvas.
- Double-click the trigger (or click the pencil icon).
- Set the authenticating user, and then copy the URL and Configuration Payload — you'll use these to set up a webhook in Moogsoft. Alternatively, you can create an integration user to use as the authenticating user.
- Click the Flood Control tab to edit the trigger's default flood control settings. For more information about these settings, see Trigger Flood Control.
- Click Done.
- On the flow canvas, connect the steps you want to run when xMatters receives a request to that URL.
You're now ready to configure Moogsoft to target the trigger.
Configure Moogsoft to send requests to the trigger URL
To have Moogsoft send alerts to the flow trigger, you need to configure a webhook and set it to use the trigger URL, and create a custom user property to connect your Moogsoft and xMatters accounts. You can also set the Moogsoft correlation engine to combine similar alerts into Moogsoft incidents.
Configure the webhook
- In Moogsoft, go to Integrations > Outbound Integrations and select Webhook from the menu.
- Click Add a Webhook.
- In the Name and Scope section fill in the following fields:
- Name: Give the webhook a name (for example, xMatters).
- Type: Select Incident from the drop-down menu.
- In the CREATE Operation and HTTP Configuration section fill in the following fields:
- Request Method: Select POST from the drop-down menu.
- URL: Paste the trigger URL you copied from Flow Designer. Add the target names of any recipients you want to notify when the alert fires.
- For URL authentication, use an ampersand to attach recipients. For example, if you want to notify Emma Pearson and the on-call members in the group responsible for the Antares service, you'd add &recipients=epearson,antares to the URL.
- For other authentication types, use a question mark to attach recipients. For example, if you want to notify Barry Gull and the on-call members in the group responsible for the Cassiopeia service, you'd add ?recipients=bgull,cassiopeia to the URL.
- You must URL-encode any special characters or spaces in the target names.
- In the Payload Body for CREATE Operation section, set the payload as: Copy
{
"timestamp": "$created_at",
"location": "$tags.region",
"severity": "$severity",
"id": "$id",
"description": "$description",
"services": $services,
"status": "$status",
"totalalerts": "$total_alerts",
"signalMode": "New",
"assignee": "$assignee",
"correlationDefinition": "$correlation_definition",
"incidentURL": "$incident_url"
} - In the UPDATE notifications section fill in the following fields:
- Turn on the Enable update notifications toggle.
- Request Method: Select POST from the drop-down menu.
- URL: Paste the trigger URL you copied from Flow Designer. Add the target names of any recipients you want to notify when the alert fires.
- For URL authentication, use an ampersand to attach recipients. For example, if you want to notify Emma Pearson and the on-call members in the group responsible for the Antares service, you'd add &recipients=epearson,antares to the URL.
- For other authentication types, use a question mark to attach recipients. For example, if you want to notify Barry Gull and the on-call members in the group responsible for the Cassiopeia service, you'd add ?recipients=bgull,cassiopeia to the URL.
- You must URL-encode any special characters or spaces in the target names.
- Triggers: turn on the toggles for type of updates you'd like to receive notifications for.
- In the Payload Body for UPDATE Operation section, set the payload as: Copy
{
"timestamp": "$created_at",
"location": "$tags.region",
"severity": "$severity",
"id": "$id",
"description": "$description",
"services": $services,
"status": "$status",
"totalalerts": "$total_alerts",
"signalMode": "Update",
"assignee": "$assignee",
"correlationDefinition": "$correlation_definition",
"incidentURL": "$incident_url"
} - Optional: To test the webhook, go to the top of the Outbound Webhook page and click Test.
- Click Save.
You're ready to use the webhook to trigger automated flows, including steps such as sending alerts and initiating incidents, though we always recommend testing before putting things into use. To keep things tidy in Moogsoft, we recommend using the Correlation Engine to combine similar incoming alerts into Moogsoft incidents.
Configure Correlation Engine
- In Moogsoft go to Correlate & Automate > Correlation Engine.
- Click Add Correlation Definition.
- In the Construct Your Incident Description section fill in the following fields:
- Correlation Name: Give the correlation a unique name.
- Incident Description: Set the correlation description. The description displays for all incidents created by this correlation definition.
- In the Definition section, set the Scope of the correlation to match all alerts or only alerts that match the filter parameters, then click Add Field.
- Optional: In the Advanced section you can set duration for the Correlation Time Window and select the minimum number of similar alerts before an incident is created.
- Click Save.
The correlation engine will create Moogsoft incidents from the incoming alerts based on your configuration settings.
Outputs
Moogsoft Incidents trigger outputs
The trigger has the following outputs you can use as inputs to steps further along the flow.
|
Label |
Description |
|---|---|
|
Recipients |
List of targeted recipients. |
| Signal Mode | Determines the flow path to follow, based on the value of the Status parameter. |
| Signal ID | Key or identifier used to terminate or correlate events or signals. |
| Alert Count | Number of Moogsoft alerts included in the incident. |
| Assignee | Email address of the Moogsoft user assigned to the incident. |
| Correlation ID | Unique ID of the correlation definition that created the incident in Moogsoft. |
| Description | Description of theincident generated by Moogsoft. |
| Location | Physical or virtual location where the Moogsoft incident occurred. |
| Moogsoft Incident ID | Unique ID of the incident in Moogsoft. |
| Moogsoft Incident URL | Direct link to the incident in Moogsoft. |
| Operation | Determines the flow path to follow, based on the value of the Signal Mode parameter. |
| Services | List of the Moogsoft services that generated the events included in the incident. |
| Severity | Severity of the incident in Moogsoft. |
| Status |
Status of the incident status in Moogsoft. Available options are:
|
| Timestamp | Timestamp of when the incident was created. |
| xMatters Instance Base URL | Base URL of the xMatters instance. |
| Raw Request | JSON representation of the request that can be parsed separately to get additional context on outputs. |