PagerDuty v2
PagerDuty Pack.#
This Integration is part of theUse the PagerDuty integration to manage schedules and on-call users. This integration was integrated and tested with PagerDuty API v2.
#
Configure PagerDuty v2 on Cortex XSOARNavigate to Settings > Integrations > Servers & Services.
Search for PagerDuty v2.
Click Add instance to create and configure a new integration instance.
Parameter Required API Key True Service Key (for triggering events only) False Trust any certificate (not secure) False Use system proxy settings False Fetch incidents False Incident type False Default Requestor False Initial Fetch Interval (In minutes, used only for the first fetch or after Reset last run) False Click Test to validate the URLs, token, and connection.
#
Fetched Incidents DataBy default, the integration will import PagerDuty incidents data as Cortex XSOAR incidents. All incidents created in the minute prior to the configuration of Fetch Incidents and up to current time will be imported.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- Get all schedules: PagerDuty-get-all-schedules
- Get information for on-call users by time or schedule: PagerDuty-get-users-on-call
- Get information for current on-call users: PagerDuty-get-users-on-call-now
- Get incidents: PagerDuty-incidents
- Create a new event/incident: PagerDuty-submit-event
- Get the contact methods of a user: PagerDuty-get-contact-methods
- Get a user's notification rules: PagerDuty-get-users-notification
- Resolve an event: PagerDuty-resolve-event
- Acknowledge an event: PagerDuty-acknowledge-event
- Get incident information: PagerDuty-get-incident-data
- Get service keys for each configured service: PagerDuty-get-service-keys
- Add responder to an incident: PagerDuty-add-responders
- Run response play to an incident: PagerDuty-run-response-play
#
PagerDuty-get-all-schedulesReceive all schedules from PagerDuty
#
Base CommandPagerDuty-get-all-schedules
#
InputArgument Name | Description | Required |
---|---|---|
query | Show only the schedules whose name matches the query. | Optional |
limit | The limit for the amount of schedules to receive(Default is 25, max value is 100). | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
PagerDuty.Schedules.id | string | The ID of the schedule |
PagerDuty.Schedules.name | string | The name of the schedule |
#
Command Example!PagerDuty-get-all-schedules
#
Context Example#
Human Readable Output#
All Schedules
ID Name Today Time Zone Escalation Policy Escalation Policy ID scheduleid New Schedule #1 2021-03-10 America/Los_Angeles Default someid anotherscheduleid New Schedule #2 2021-03-10 Europe/Athens test policy anotherid
#
PagerDuty-get-users-on-callReturns the names and details of on call users at a certain time or by specific schedule
#
Base CommandPagerDuty-get-users-on-call
#
InputArgument Name | Description | Required |
---|---|---|
scheduleID | (default and mandatory) The unique identifier of the schedule. | Required |
since | The start of the date range Using ISO 8601 Representation. E.g. !PagerDutyGetUsersOnCall since=2011-05-06T17:00Z. | Optional |
until | The end of the date range. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
PagerDutyUser.id | string | User's ID |
PagerDutyUser.Emails | string | Email of user |
PagerDutyUser.Username | string | Username of person |
PagerDutyUser.DisplayName | string | Display name of person |
PagerDutyUser.Role | string | Display role of person |
PagerDutyUser.TimeZone | string | The time zone of the user |
#
Command Example!PagerDuty-get-users-on-call scheduleID=scheduleid
#
Context Example#
Human Readable Output#
Users On Call
ID Name Role User Url Time Zone someid demisto@demisto.com Demisto User owner https://demisto.pagerduty.com/users/someid Europe/Athens anotherid demisto@mail.com Another User user https://demisto.pagerduty.com/users/anotherid Europe/Athens
#
PagerDuty-get-users-on-call-nowReturns the names and details of current on call personnel
#
Base CommandPagerDuty-get-users-on-call-now
#
InputArgument Name | Description | Required |
---|---|---|
limit | The limit for the amount of users to receive(Default is 25, max value is 100). | Optional |
escalation_policy_ids | Filters the results, showing only on-call users for the specified escalation policy IDs. | Optional |
schedule_ids | Filters the results, showing only on-call users for the specified schedule IDs. If the value is null, permanent on-call user are included due to direct user escalation policy targets. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
PagerDutyUser.ID | string | User's ID |
PagerDutyUser.Email | string | Email of user |
PagerDutyUser.Username | string | Username of person |
PagerDutyUser.DisplayName | string | Display name of person |
PagerDutyUser.Role | string | Role of person |
PagerDutyUser.TimeZone | string | The time zone of the user |
#
Command Example!PagerDuty-get-users-on-call-now
#
Context Example#
Human Readable Output#
Users On Call Now
ID Name Role User Url Time Zone someid demisto@demisto.com Demisto User owner https://demisto.pagerduty.com/users/someid Europe/Athens
#
PagerDuty-incidentsShows incidents in PagerDuty. Default status parameters are triggered,acknowledged
#
Base CommandPagerDuty-incidents
#
InputArgument Name | Description | Required |
---|---|---|
status | Returns only the incidents currently in the passed status(es). Valid status options are triggered,acknowledged, and resolved. (Default values are triggered,acknowledged). Possible values are: triggered, acknowledged, resolved. | Optional |
since | Beginning date and time. Using ISO 8601 Representation. E.g. PagerDutyIncidents since=2011-05-06T17:00Z (must be used with until argument). | Optional |
sortBy | Used to specify both the field you wish to sort the results on, as well as the direction (ascending/descending) of the results.See more https://v2.developer.pagerduty.com/v2/page/api-reference#!/Incidents/get_incidents. | Optional |
until | Last date and time. Using ISO 8601 Representation. E.g. PagerDutyIncidents until=2016-05-06T13:00Z. | Optional |
incident_key | Incident de-duplication key,. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
PagerDuty.Incidents.ID | string | Incident ID |
PagerDuty.Incidents.Title | string | The title of the incident |
PagerDuty.Incidents.Status | string | Incident Status |
PagerDuty.Incidents.created_at | date | Time in which the incident was created |
PagerDuty.Incidents.urgency | string | Incident Urgency |
PagerDuty.Incidents.assignee | string | The assignee of the incident |
PagerDuty.Incidents.service_id | string | The id of the impacted service |
PagerDuty.Incidents.service_name | string | The name of the impacted service |
PagerDuty.Incidents.escalation_policy | string | The escalation policy |
PagerDuty.Incidents.last_status_change_at | date | Time in which the last status change occurred |
PagerDuty.Incidents.last_status_change_by | string | Name of the user who done the last status change |
PagerDuty.Incidents.number_of_escalations | number | Number of escalations that took place |
PagerDuty.Incidents.resolved_by | string | Name of the User who resolved the incident |
PagerDuty.Incidents.resolve_reason | string | The reason for resolving the issue |
PagerDuty.Incidents.Description | string | The Description of the incident |
PagerDuty.Incidents.teams.ID | string | The ID of the team assigned for the incident. |
PagerDuty.Incidents.teams.ID | string | The name of the team assigned for the incident. |
PagerDuty.Incidents.assignment.time | date | The time of the assignment to the incident |
PagerDuty.Incidents.assignment.assignee | string | The name of the assignee to the incident |
PagerDuty.Incidents.assignment.assigneeId | string | The ID of the assignee to the incident |
PagerDuty.Incidents.acknowledgement.time | date | The time of the acknowledgement to the incident |
PagerDuty.Incidents.acknowledgement.acknowledger | string | The name of the acknowledger to the incident |
PagerDuty.Incidents.acknowledgement.acknowledgerId | string | The ID of the acknowledger to the incident |
PagerDuty.Incidents.incident_key | String | The incident's de-duplication key |
#
Command Example!PagerDuty-incidents
#
Context Example#
Human Readable Output#
PagerDuty Incidents
ID Title Description Status Created On Urgency Html Url Incident key Assigned To User Service ID Service Name Escalation Policy Last Status Change On Last Status Change By Resolved By User someid [#264] Ticket 01439490 description: No description acknowledged 2021-03-04T08:52:56Z high https://demisto.pagerduty.com/incidents/someid someone P5CX6RZ PD SF Default 2021-03-04T08:53:04Z someone - anotherid [#278] my event description: No description triggered 2021-03-10T07:57:16Z high https://demisto.pagerduty.com/incidents/anotherid somekey someone-else someid API Service Default 2021-03-10T08:37:17Z API Service -
#
PagerDuty-submit-eventCreates a new event/incident in PagerDuty(In order to use this command you have to enter the Service Key in the integration settings)
#
Base CommandPagerDuty-submit-event
#
InputArgument Name | Description | Required |
---|---|---|
source | Specific human-readable unique identifier, such as a hostname, for the system having the problem. | Required |
summary | A high-level, text summary message of the event. Will be used to construct an alert's description. | Required |
severity | The severity of the event. Possible values are: critical, error, warning, info. | Required |
action | The action to be executed. Possible values are: trigger, acknowledge, resolve. | Required |
description | A short description of the problem. | Optional |
group | A cluster or grouping of sources. For example, sources “prod-datapipe-02” and “prod-datapipe-03” might both be part of “prod-datapipe”. Example: "prod-datapipe" "www". | Optional |
event_class | The class/type of the event. Example: "High CPU" "Latency". | Optional |
component | The part or component of the affected system that is broken. Example: "keepalive" "webping". | Optional |
incident_key | Incident key, used to acknowledge/resolve specific event. | Optional |
serviceKey | Service key for the integration. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
PagerDuty.Event.Status | string | Status of the action on the event |
PagerDuty.Event.incident_key | string | Incident key |
#
Command Example!PagerDuty-submit-event action=trigger severity=info source=demisto summary="my new event"
#
Human Readable Output
Incident key Message Status somekey Event processed success
#
PagerDuty-get-contact-methodsGet the contact methods of a given user
#
Base CommandPagerDuty-get-contact-methods
#
InputArgument Name | Description | Required |
---|---|---|
UserID | ID of the wanted user . | Required |
#
Context OutputPath | Type | Description |
---|---|---|
PagerDuty.Contact_methods.phone | string | The phone number of the user |
PagerDuty.Contact_methods.id | string | ID of the contact method |
PagerDuty.Contact_methods.type | string | The type of the current contact method |
PagerDuty.Contact_methods.email | string | The email of the user |
#
Command Example!PagerDuty-get-contact-methods UserID=someid
#
Context Example#
Human Readable Output#
Contact Methods
ID Type Details someotherid demisto@demisto.com someid Phone 0000000 onemoreid SMS 000000
#
PagerDuty-get-users-notificationGet the users notification rules
#
Base CommandPagerDuty-get-users-notification
#
InputArgument Name | Description | Required |
---|---|---|
UserID | ID of the wanted user. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
PagerDuty.Notification_rules.start_delay_in_minutes | string | The delay time for notifying the user |
PagerDuty.Notification_rules.urgency | string | The urgency of the notification |
PagerDuty.Notification_rules.id | string | The id of the notification rule |
#
Command Example!PagerDuty-get-users-notification UserID=someid
#
Context Example#
Human Readable Output#
User notification rules
ID Type Urgency Notification timeout(minutes) someid assignment_notification_rule high 0
#
PagerDuty-resolve-eventResolves an existing event in PagerDuty
#
Base CommandPagerDuty-resolve-event
#
InputArgument Name | Description | Required |
---|---|---|
incident_key | Incident key. | Required |
serviceKey | Service key for the integration. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
PagerDuty.Event.Status | string | Status of the action on the event |
PagerDuty.Event.incident_key | string | Incident key |
#
Command Example!PagerDuty-resolve-event incident_key=somekey serviceKey=servicekey
#
Context Example#
Human Readable Output#
Resolve Event
Incident key Message Status somekey Event processed success
#
PagerDuty-acknowledge-eventAcknowledges an existing event in PagerDuty
#
Base CommandPagerDuty-acknowledge-event
#
InputArgument Name | Description | Required |
---|---|---|
incident_key | Incident key. | Required |
serviceKey | Service key for the integration. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
PagerDuty.Event.Status | string | Status of the action on the event |
PagerDuty.Event.incident_key | string | Incident key |
#
Command Example!PagerDuty-acknowledge-event incident_key=somekey serviceKey=servicekey
#
Context Example#
Human Readable Output#
Acknowledge Event
Incident key Message Status somekey Event processed success
#
PagerDuty-get-incident-dataGet data about a incident from PagerDuty
#
Base CommandPagerDuty-get-incident-data
#
InputArgument Name | Description | Required |
---|---|---|
incident_id | ID of the incident to get information for. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
PagerDuty.Incidents.ID | string | Incident ID |
PagerDuty.Incidents.Title | string | The title of the incident |
PagerDuty.Incidents.Status | string | Incident Status |
PagerDuty.Incidents.created_at | date | Time in which the incident was created |
PagerDuty.Incidents.urgency | string | Incident Urgency |
PagerDuty.Incidents.assignee | string | The assignee of the incident |
PagerDuty.Incidents.service_id | string | The id of the impacted service |
PagerDuty.Incidents.service_name | string | The name of the impacted service |
PagerDuty.Incidents.escalation_policy | string | The escalation policy |
PagerDuty.Incidents.last_status_change_at | date | Time in which the last status change occurred |
PagerDuty.Incidents.last_status_change_by | string | Name of the user who done the last status change |
PagerDuty.Incidents.number_of_escalations | number | Number of escalations that took place |
PagerDuty.Incidents.resolved_by | string | Name of the User who resolved the incident |
PagerDuty.Incidents.resolve_reason | string | The reason for resolving the issue |
PagerDuty.Incidents.Description | string | The Description of the incident |
PagerDuty.Incidents.teams.ID | string | The ID of the team assigned for the incident. |
PagerDuty.Incidents.teams.ID | string | The name of the team assigned for the incident. |
PagerDuty.Incidents.assignment.time | date | The time of the assignment to the incident |
PagerDuty.Incidents.assignment.assignee | string | The name of the assignee to the incident |
PagerDuty.Incidents.assignment.assigneeId | string | The ID of the assignee to the incident |
PagerDuty.Incidents.acknowledgement.time | date | The time of the acknowledgement to the incident |
PagerDuty.Incidents.acknowledgement.acknowledger | string | The name of the acknowledger to the incident |
PagerDuty.Incidents.acknowledgement.acknowledgerId | string | The ID of the acknowledger to the incident |
PagerDuty.Incidents.incident_key | String | The incident's de-duplication key |
#
Command Example!PagerDuty-get-incident-data incident_id=someid
#
Context Example#
Human Readable Output#
PagerDuty Incident
ID Title Status Created On Urgency Html Url Incident key Service ID Service Name Escalation Policy Last Status Change On Last Status Change By Resolved By User someid [#281] my new event acknowledged 2021-03-10T09:31:48Z high https://demisto.pagerduty.com/incidents/someid 8e42eeb6391a4a2abeda5d12e09bddec someid API Service Default 2021-03-10T10:00:50Z API Service -
#
PagerDuty-get-service-keysGet Service keys for each of the services configured in the PagerDuty instance
#
Base CommandPagerDuty-get-service-keys
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
PagerDuty.Service.ID | string | The ID of the service connected to PagerDuty |
PagerDuty.Service.Name | string | The name of the service connected to PagerDuty |
PagerDuty.Service.Status | string | The status of the service connected to PagerDuty |
PagerDuty.Service.CreatedAt | date | The date in which the service connected to PagerDuty was created |
PagerDuty.Service.Integration.Name | string | The name of the integration used with the service |
PagerDuty.Service.Integration.Vendor | string | The name of the vendor for the integration used with the service.(A value of 'Missing Vendor information' will appear once no information could be found) |
PagerDuty.Service.Integration.Key | string | The key used to control events with the integration |
#
Command Example!PagerDuty-get-service-keys
#
Context Example#
Human Readable Output#
Service List
ID Name Status Created At Integration someid API Service critical 2016-03-20T14:00:55+02:00 Name: API Service, Vendor: Missing Vendor information, Key: somekey
#
PagerDuty-add-respondersAdd responders to an incident
#
Base CommandPagerDuty-add-responders
#
InputArgument Name | Description | Required |
---|---|---|
incident_id | PagerDuty Incident ID to add responders to | Required |
requestor_id | UserID sending the request (if blank, uses the default for the integration) | Required |
message | Message to send to responders | Optional |
user_requests | Comma separated list of User IDs to request response from | Optional |
escalation_policy_requests | Comma separated list of Escalation Policy IDs to request response from | Optional |
#
Command Example!PagerDuty-add-responders incident_id=PXP12GZ UserRequests=P09TT3C,PAIXXX Message="Please join zoom meeting"
#
Context OutputPath | Type | Description |
---|---|---|
PagerDuty.ResponderRequests.ResponderID | string | ID of the Responder |
PagerDuty.ResponderRequests.ResponderName | string | Name of the Responder |
#
Context Example#
PagerDuty-run-response-playRun a specified response play on a given incident.
Response Plays are a package of Incident Actions that can be applied during an Incident's life cycle.
#
Base CommandPagerDuty-run-response-play
#
InputArgument Name | Description | Required |
---|---|---|
incident_id | PagerDuty Incident ID targeted to run the response play | Required |
from_email | The email address of a valid user associated with the account making the request. | Required |
response_play_uuid | The response play ID of the response play associated with the request. | required |
#
Command Example!PagerDuty-run-response-play incident_id="Q107XAAAAMBBR" from_email="john.doe@example.com" response_play_uuid="111111-88bb-bb37-181d-11111111110dewsq"
#
Human Readable OutputResponse play successfully run to the incident Q107XAAAAMBBR by john.doe@example.com