Sysdig Monitor Alerts

The built-in Sysdig Monitor Alerts trigger initiates a flow when it receives a signal from a Sysdig Monitor alert.

Add the Sysdig Monitor Alerts trigger to the canvas

  1. Go to the Triggers tab in the palette, expand the App Triggers section, and drag the trigger onto the canvas.
  2. Double-click the trigger (or click the pencil icon).
  3. Set the authenticating user, and then copy the URL — you'll use this to set up the webhook in Sysdig. Alternatively, you can create an integration user to use as the authenticating user.

  4. Click the Flood Control tab to edit the trigger's default flood control settings. For more information about these settings, see Trigger Flood Control.
  5. Click Done.
  6. On the flow canvas, connect the steps you want to run when xMatters receives a request to that URL.

You're now ready to configure Sysdig to target the trigger.

Configure Sysdig to send requests to the trigger URL

To have Sysdig send alerts to the flow trigger, you need to configure a webhook and set it to use the trigger URL.

  1. In Sysdig, select the button containing your initials from the left-hand navigation menu, then click Settings.

  2. When the Settings menu opens, select Notification Channels.

  3. Expand the Add Notification Channel drop-down and select Webhook.

  4. Fill in the following fields:
    • Url: Paste the trigger URL you copied from Flow Designer. Add the target names of any recipients you want to notify when the alert fires to the end of the URL.
      • For URL authentication, use an ampersand to attach recipients. For example, if you want to notify Emma Pearson and the on-call members in the group responsible for the Antares service, you'd add &recipients=epearson,antares to the URL.
      • For other authentication types, use a question mark to attach recipients. For example, if you want to notify Barry Gull and the on-call members in the group responsible for the Cassiopeia service, you'd add ?recipients=bgull,cassiopeia to the URL.
      • You must URL-encode any special characters or spaces in the target names.
    • Channel Name: A unique channel name. For example, xMatters.

    Leave the other fields in their default positions.

  5. Click Save.
  6. Use the Sysdig documentation to create a new Sysdig alert. When setting the Notification Channel for the alert, use the channel you just created.
  7. Once the alert is created, ensure it is enabled in Sysdig so it can send alerts to xMatters.

You're ready to use the webhook to trigger automated flows, including steps such as sending alerts and initiating incidents, though we always recommend testing before putting things into use.

 

Outputs

The trigger has the following outputs you can use as inputs to steps further along the flow.

Label

 Description

Recipients

 List of targeted recipients. Recipients are set by adding a recipients query parameter to the trigger URL when you configure the webhook in Sysdig. See the instructions for configuring the webhook for details.
Signal Mode Determines the flow path to follow, based on the value of the Subject and Name parameters.
Alert ID Unique Sysdig ID of the alert.
Alert Description Description of the alert as provided by Sysdig.
Alert Name Name of the alert as provided by Sysdig.
Alert Subject Subject of the alert as provided by Sysdig.
Body Body of the alert message as provided by Sysdig.
Condition Sysdig event condition that triggered the alert.
Event ID Unique ID of the event as provided by Sysdig.
Event URL Direct link to the event in Sysdig.
Severity

Severity of the event in Sysdig. Available options are:

  • High
  • Medium
  • Low
  • Info
Source Source of the event in Sysdig.
State

Current state of the Sysdig event. Available options are: 

  • ACTIVE
  • OK
Time Time when the event triggered the alert.
Raw Request JSON representation of the request. You can parse the raw request if you need additional details beyond the standard outputs.