Integrate with PagerDuty

Integrate StackRox with PagerDuty incident response platform.

If you are using PagerDuty, you can forward alerts from the StackRox Kubernetes Security Platform to PagerDuty. This guide explains how to integrate the StackRox Kubernetes Security Platform with PagerDuty.

To forward alerts from the StackRox Kubernetes Security Platform to PagerDuty:

  1. Add a new API service in PagerDuty and get the integration key. See Configure PagerDuty.
  2. Use the integration key to setup notifications in the StackRox Kubernetes Security Platform. See Configure the StackRox Kubernetes Security Platform.
  3. Identify policies for which you want to send notifications, and update the notification settings for those policies. See Configure policy notifications.

PagerDuty service details
PagerDuty service details

Configure PagerDuty

Start by creating a new service in PagerDuty, and get the integration key.

To add a generic integration in PagerDuty:

  1. Navigate to Configuration > Services.
  2. Select Add Services.
    Add a service in PagerDuty
    Add a service in PagerDuty
  3. Under General Settings, specify Name and Description.
  4. Under Integration Setting, select Use our API Directly with Events v2 API selected for the Integration Type drop-down menu.
  5. Under Incident Settings, select an Escalation Policy, and configure notification settings and incident timeouts.
  6. Accept default settings for Incident Behavior and Alert Grouping (or configure them as required).
  7. Select Add Service.
  8. From the Service Details page, note down the Integration Key.

Configure the StackRox Kubernetes Security Platform

Create a new integration in the StackRox Kubernetes Security Platform by using the integration key.

  1. Navigate to Platform Configuration > Integrations.
  2. Scroll the view and select PagerDuty.
  3. Select the New Integration icon.
  4. Enter a name for Integration Name.
  5. Enter the integration key in the PagerDuty integration key box.
  6. Select Test (checkmark icon) to validate that the integration with PagerDuty is working.
  7. Select Create (save icon) to create the configuration.

Configure policy notifications

  1. Navigate to Platform Configuration > System policies.
  2. Select the check boxes for one or more policies for which you want to send alerts.
  3. Select Enable Notifications or Actions > Enable Notification (depends upon the StackRox Kubernetes Security Platform version you are using).
  4. In the Enable Notifications dialog, select the check box for the PagerDuty notifier (same as the Integration Name). If you haven’t configured any other integrations, you’ll see the message No notifiers configured!.
    Configure policy notifications
    Configure policy notifications
  5. Select Enable.
  • The StackRox Kubernetes Security Platform sends notifications on an opt-in basis. To receive notifications, you must first assign a notifier to the policy.

  • Notifications are only sent once for a given alert. If you have assigned a notifier to a policy, you won’t receive a notification unless a violation generates a new alert. The StackRox Kubernetes Security Platform creates a new alert when:

    • a policy violation occurs for the first time in a deployment, or
    • a runtime-phase policy violation occurs in a deployment after you resolved the previous runtime alert for that policy in that deployment.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.