Applicable to ENA v18.0 P04 upwards
To create a 'Send to BigPanda' action
To forward incidents to BigPanda
To create a 'Send to BigPanda' action:
Note, you will only need to create a 'Send to BigPanda' action if you are using Entuity v19.0 and below. From Entuity v20.0 upwards, the 'Send to BigPanda' action is included as out of the box.
- In the Main Menu, click Administration.
- On the Administration page, click Events Administration.
- On the Event Administration page, click the Actions tab.
- Click Add at the bottom of the window. This will open the Add Action window.
- In the Name field, enter: Send to BigPanda
- In Description, enter: Forward incidents/events to Big Panda
- In the Parameters section, click Add. This will open the New Parameter window.
- In the Name field, enter: app_key
- In Description, enter: The app_key configured in BigPanda
- In Default Value, enter: "Insert_app_key_here"
- Note, you must include the quotation marks in the Default Value field.
- Click OK to save the parameter.
- Add another New Parameter.
- In the Name field, enter: bearer_token
- In Description, enter: The bearer token provided by BigPanda
- In Default Value, enter: "Insert_bearer_token_here"
- Note, you must include the quotation marks in the Default Value field.
- Click OK to save the parameter.
- In the Action Steps section, click Add. This will open the Add Action window.
- In the Type dropdown field, select Groovy Script.
- In the Script field, enter the following:
def getEventOrIncidentPrefix = {
return (incident ? "i" : "e")
}
def constructUrl = { sourceDescriptor ->
def url = "";
def classicType = sourceDescriptor?.classicType
def OBJ_TYPE_SYSTEM = com.entuity.events.event.ObjType.OBJ_TYPE_SYSTEM.toInt()
def OBJ_TYPE_VIEW = com.entuity.events.event.ObjType.OBJ_TYPE_VIEW.toInt()
if(classicType != OBJ_TYPE_VIEW) {
def proto = getConfigProperty("server.ssl_enabled") == "true" ? "https" : "http"
def swId = sourceDescriptor.swId;
if (swId != null) {
url = "${proto}://"
def consolidationServerName = getConfigProperty("consolidation_server_name")
def consolidationServerWebPort = getConfigProperty("consolidation_server_web_port")
if (consolidationServerName) {
if (consolidationServerWebPort) {
url += "${consolidationServerName}:${consolidationServerWebPort}"
} else {
url += consolidationServerName
}
} else {
url += shortHostname
}
if (classicType != OBJ_TYPE_SYSTEM) {
url += "/webUI/main.do?url=/webUI/objectSummary.do%3Fserver%3D${sourceDescriptor?.eyeServerId}%26id%3D${swId}"
} else {
url += "/webUI/main.do?url=/webUI/viewEvents.do%3Fserver%3D${sourceDescriptor?.eyeServerId}%26view%3DMy%20Network"
}
}
}
return url.toString()
}
def getType = { sd ->
def type = sd.classicType
switch (type) {
case 1 : return "Port"
case 4 : return "Device"
case 8 : return "VLAN"
case 512 : return "Domain"
case 1024 : return "Application"
case 2048 : return "IP Address"
case 4096 : return "System"
case 8192 : return "View"
case 2147483648 :
case -2147483648 : return "StormWorks"
default : return ""
}
}
def sendRequest = { data ->
logger.info("Forwarding event data to Big Panda");
logger.info("Data to be sent: " + data);
def urlString = "https://api.bigpanda.io/data/v2/alerts"
def url = new URL(urlString);
def connection = url.openConnection();
connection.setRequestMethod("POST");
connection.doOutput = true;
def writer = new OutputStreamWriter(connection.outputStream);
writer.write(data);
writer.flush();
writer.close();
connection.connect();
logger.info("Forward to Big Panda response code: " + connection.getResponseCode());
}
def getSeverity = { sev, state ->
if(incident && !state) //if incident closed
"Ok"
else if(sev == 10 || sev == 8)
"Critical"
else if (sev == 6 || sev == 4 || sev == 2)
"Warning"
else if (sev == 0)
"Ok"
else
"Unknown"
}
def sourceDescriptor = sourceDescriptor
def data = [
app_key : param("app_key"),
status : getSeverity(severity, stateOpen),
host : sourceName,
check : name,
description : reason,
object_type : getType(sourceDescriptor),
entuity_url : constructUrl(sourceDescriptor),
incident_id : getEventOrIncidentPrefix() + id,
timestamp : lastUpdatedMs
]
def jsonBody = groovy.json.JsonOutput.toJson(data);
sendRequest(jsonBody); - Click OK to save the Action.
- Your action will now look like the following:
- Click OK.
To forward incidents to BigPanda:
- In the Main Menu, click Administration.
- On the Administration page, click Events Administration.
- On the Events Administration page, click the Incidents tab.
- Click Edit Global Triggers at the bottom of the browser.
- In the Edit Global Triggers window, click Add. This will open the Create Trigger window.
- Enter the following details in the fields:
- Name: Forward incident to BigPanda
- Description: Trigger to forward incidents to BigPanda
- On transition to: Any Change
- Condition: None
- Delay: None
- Action Steps: click Add to open the Add Action window. Enter the following details in the fields:
- Type: Send to Big Panda
- Parameters: select 'app_key' and click Set to open the Parameter Value window. Enter the app_key you configured in BigPanda. This must be contained in quotes.
- Click OK to save the action step.
- Tick the enabled box in the top right of the Create Trigger window.
- Click OK to save the Trigger.
- Save and deploy the Event Project.
Comments
0 comments
Please sign in to leave a comment.