PagerDuty
Introduction
Papertrail can invoke a PagerDuty alert escalation policy, such as to generate text messages.
Read more in a Papertrail blog post.
Papertrail uses the PagerDuty Integration API for this integration.
Setup
Follow the steps in Alerts.
Settings
From PagerDuty's "Services" tab, click "Add New Service." For "Integration Type," choose "Papertrail" from the dropdown menu. See screenshot below.
After adding the new service, click its settings. Obtain its Service key.
On Papertrail's Dashboard, find the Papertrail saved search which will notify this PagerDuty service. Click the Edit icon to edit its settings. Click the "Manage Alerts" tab and provide:
- Description, such as
Pen test attempt
. Freeform. - Incident key, such as
Exploit attempt
.
Grouping related alerts
Use %HOST%
in the incident key to have Papertrail replace it with the name of the related sender. This permits grouping only alerts from the same sender (typically a system), rather than from all senders. See blog post.