PagerDuty As An Incident Response Platform

Author: Ramandeep Bhasin


What is PagerDuty?

PagerDuty is a tool that can report incidents to the assigned person. It can also be used to make phone calls in case of any incident to the assigned person. There are many integrations available in PagerDuty, but in this blog we will use Email Integration. PagerDuty is not available free of cost, but you will get a trial period of 14 days.


(Source: https://www.pagerduty.com/use-cases/security-ops/)
Sign Up for PagerDuty

You need to sign up with your business email address. Follow the following steps to Sign Up for PagerDuty


Step 1: Follow this link for Sign Up page and then fill your Business Email address then click on Get Started button as shown below



Step 2: Now fill your First Name and Last Name and then click on the Next Step button. After that Create a Password and then again click on Next Step button.


Step 3: Create a Subdomain. Enter a name for the one your team is responsible for. Then click on Create Account button



Step 4: Fill the Service Name and then click continue. You can also skip the next steps and do these steps later when you require. After skipping the steps, your account will be created and now you can login to your account.



Add Phone Number and SMS Number

You need to add Phone Number and SMS Number to get a phone call and SMS regarding any incident. Follow the following steps to add Phone Number and SMS Number

Step 1: After login to your account, click on the profile which is available at the top right corner of the screen and then click on My Profile.



Step 2: Now add Phone Number and SMS Number by clicking on the plus icon as shown below. Now the Phone Number and SMS Number have been added.



Create a Service and Attach an Integration to it

Now you need to create a service and attach the created service with an Email Integration to it. You can attach other integration also according to your use cases. Follow the following steps to create a service and attach an Email Integration.


Step 1: Click on the Service tab and then click on the Service Directory. After that, click on the New Service button available on the right side of the window.



Step 2: Now fill the Name of the service and Description (if you want to fill) then click on Next button as shown below.



Step 3: Now choose the “Select an existing Escalation Policy” option and set it as Default. Then click on the Next button.



Step 4: Now you have to choose Alert Grouping. You can choose any of them according to your use cases. I am choosing Recommended options. Then click on the Next button.



Step 5: Now go to the Search Bar and then type Email there. You will find Email integration. Then choose the Email integration. After that, click on Create Service button



Step 6: Now the Service has been created and you will be able to see your Integration Email at the right of the window as shown below.



Attach your Integration Email to the SNS Topic

Now we will attach Integration Email (that we have created above) to the SNS Topic (which can be used to get an email regarding an incident). We can attach this SNS topic to any job in your ELT/ETL tool. As an example, SNS topic named Task-Failure was created. If the Task-Failure topic will send an email, a phone call will be received at the phone number that you have provided above. We can also attach other services with Email Integration to get a phone call. Also, you can choose other Integration Services according to your need. If you want to know how to create an SNS topic then Click here. Follow the following steps to attach Integration Email to the SNS Topic.


Step 1: Open your SNS topic and click on the Create Subscription button as shown below.



Step 2: Now choose Email from the Protocol field by clicking on the drop down button. After that, put the Integration Email address in the Endpoint field as shown below. Click on the Create Subscription button.



Step 3: Now the subscription has been created. But Status of the subscription is still pending. Now you need to approve the subscription by clicking on Incidents Tab on PagerDuty webpage. Then Click on All Incidents as shown below.



Step 4: Now Click on the AWS Notification - Subscription Confirmation Incident. Then you will be able to see an email as shown below. Now click on the Confirm Subscription and your subscription will be confirmed.





Mobile Application

You can also install a mobile app for PagerDuty from the App Store or Google Play Store so that you can also control the incidents from the App itself.



Conclusion

The attachment of Integration Email and SNS topic has been completed. Now if this SNS topic publishes any message by any means such as triggered by an ELT/ETL tool, then a phone call, a SMS and an email will be received.


18 views0 comments

Recent Posts

See All