Skip to main content

OpsGenie

OpsGenie is an alerting and on-call management solution for dev & ops teams. It provides tools needed to design actionable alerts, manage on-call schedules & escalations, and ensure that the right people are notified at the right time, using multiple notification methods.

The OpsGenie-XSOAR integration allows querying specific on-call schedules and determining the right resource of who is currently (or in future time) on call.

To set up OpsGenie to work with Cortex XSOAR:

  1. From main OpsGenie screen, go to the Integrations page, and select to add API (first box).
  2. In the new API integration, do the following:
    • Enter name: Demisto
    • Copy the API Key presented in the page to use for the Demisto set up below.
    • Make sure Enabled checkbox is marked.
    • You can check the Restrict Access and Limit to Read Only check boxes as well (not mandatory)
    • Click on Save Integration

To set up the integration on Cortex XSOAR:

  1. Go to ‚ÄėSettings > Integrations > Servers & Services‚Äô
  2. Locate the OpsGenie integration by searching for it using the search box on the top of the page.
  1. Click ‚ÄėAdd instance‚Äô to create and configure a new integration. You should configure the following settings:
    Name : A textual name for the integration instance.
    Base URL : The base OpsGenie service URL. The default value should be used (https://api.opsgenie.com/v2), unless otherwise instructed by Cortex XSOAR.
    API Key : The API Key acquired from the OpsGenie interface in the previous step.
    Use system proxy configuration : Check this box in case there is a proxy server configures on the platform.
    Cortex XSOAR engine : If relevant, select the engine that acts as a proxy to the server. Engines are used when you need to access a remote network segments and there are network devices such as proxies, firewalls, etc. that prevent the Cortex XSOAR server from accessing the remote networks.

For more information on Cortex XSOAR engines see:
https://demisto.zendesk.com/hc/en-us/articles/226274727-Settings-Integrations-Engines
Require users to enter additional password: Select whether you’d like an additional step where users are required to authenticate themselves with a password.

  1. Press the ‚ÄėTest‚Äô button to validate connection.
    If you are experiencing issues with the service configuration, please contact Cortex XSOAR support at support@demisto.com
  2. After completing the test successfully, press the ‚ÄėDone‚Äô button.

Fetched incidents data:

This integration does not fetch incidents

Use-cases:

  • Assigning an analyst based on the current on-call schedule
    When an incident enters Cortex XSOAR, a playbook task can get the current on-call analyst, based on the on-call schedule.
    This can be done by using the opsgenie-get-on-call command, using the SOC analysts rotation schedule in OpsGenie.
  • Setting handover path based on future on-call rotation
    As part of the incident playbook, the next shift analyst can also be queries for heads-up notification if needed, using the opsgenie-get-on-call command, using the schedule name, and the date to query based upon

Commands:

  • opsgenie-get-on-call <schedule> [<date>] - Get current on-call users of a given Schedule.
    The Schedule name is used to query for the specific on-call. The Date can be provided to check future on-call assignments.
  • opsgenie-get-schedule-timeline <schedule> - Get the schedule timeline information of the given schedule name.
  • opsgenie-get-schedules - Get all schedules listed in the system.
  • opsgenie-get-user <user> - Get user information based on the given user ID (email)

Example of commands:

  • !opsgenie-get-on-call schedule="OnCAll"
  • !opsgenie-get-on-call schedule="OnCAll" date=2018-01-01
  • !opsgenie-get-user email@company.com

Example of commands with outputs:

  • !opsgenie-get-on-call schedule="SOC"

War room output:

OpsGenie On-Call Schedule SOC
Currently on-call for SOC schedule:
John Doe (john@company.com)

Context output:

OnCall:[] 1 item
0:{} 2 items
email:john@company.com
name:John Doe

Raw output:

root:[] 1 item
0:{} 3 items
id:<ID>
name:john@company.com
type:user

  • !opsgenie-get-on-call schedule="SOC"¬† date="2018-01-01"

    War room output:

OpsGenie On-Call Schedule SOC
Currently on-call for SOC schedule:
Jane Doe (jane@company.com)

Context output:

OnCall:[] 1 item
0:{} 2 items
email:jane@company.com
name:Jane Doe

Raw output:

root:[] 1 item
0:{} 3 items
id:<ID>
name:jane@company.com
type:user

  • !opsgenie-get-user userID="john@company.com"

War room output:

OpsGenie      User Info
Key              Value
createdAt      2017-10-08T05:27:28.535Z
fullName       Gilad Shriki
id                 6297fa63-7816-4cd6-93e4-404a9ab6a3cf
locale           en_US
role.id          Owner
role.name     Owner
timeZone      Israel
username     shriki@demisto.com
verified         true

Context output:

None

Raw output:

root:{} 10 items
blocked:false
createdAt:2017-10-08T05:27:28.535Z
fullName:John Doe
id:<ID>
locale:en_US
role:{} 2 items
id:Owner
name:Owner
timeZone:US-E
userAddress:{} 5 items
city:
country:
line:
state:
zipCode:
username:john@company.com
verified:true

Troubleshooting

  • Make sure to have the web-proxy open to the OpsGenie API URL (https://api.opsgenie.com/v2)
  • Make sure API Key is enabled in the OpsGenie interface, and it is copies correctly
  • Make sure API Key is created with a user that has access to the relevant on call schedules.