AlertOps Workflows
This is a reference for the workflows integrated with the AlertOps UI integration.
Workflows
The AlertOps integration installs the following workflows:
Outbound Notifications
Workflows which perform outbound notification.
Workflow Name | Engine Name | Description |
|---|---|---|
Situation Integration | Sends an outbound notification to AlertOps to create a new alert. | |
Situation Integration | Sends an outbound notification to AlertOps to close an alert. | |
Situation Integration | Sends an outbound notification to AlertOps to update an alert. | |
Situation Integration | Sends an outbound notification to AlertOps to add a reply to an alert. | |
Situation Integration | Sends an outbound notification to AlertOps to assign an alert. | |
Situation Integration | Sends an outbound notification to AlertOps to add a Recipient Group to an alert. |
Inbound Notifications
Workflows which handle inbound notifications.
Workflow Name | Engine Name | Description |
|---|---|---|
Situation Integration | Updates situations with responses from AlertOps. |
Create AlertOps Incident
Usage: Automated creation of AlertOps Alerts
To enable automated creation of new AlertOps alert when new Situations are created, confirm the “Create AlertOps Incident” outbound notification workflow is enabled.
To trigger the outbound notification, add a workflow to the “Situation Workflows” WFE that includes the “createIncident” action. For example:
Workflow Name: Create AlertOps Incident
Entry filter: 'status' != 'Closed'
First Match Only: Checked
Action Name | Function | Arguments | Forwarding Behavior |
|---|---|---|---|
120 seconds | Delay | 120 seconds | |
Trigger sends to AlertOps | createIncident |
| Stop This Workflow |
Where the instanceName argument matches the Instance Name configured in the AlertOps integration tile.
This sends a request to AlertOps and add a thread entry:
Sending request to open AlertOps alert: <succeeded|failed>
You can adjust the Entry filter in the trigger workflow to control which Situations are forwarded to AlertOps.
The outbound notification uses the AlertOps Integration payload map in the AlertOps integration to send data from the Situation to AlertOps. Add new fields to this map to pass additional custom attributes.
If the payload map is updated, changes are required in AlertOps to the Custom Alert Fields and inbound integration.
Close AlertOps Incident
Usage: Automated closing of AlertOps Alerts
To enable the automated closing of AlertOps alerts when a Situation is resolved, confirm the “Close AlertOps Incident” outbound notification workflow is enabled.
To trigger the outbound notification, add a workflow to the “Situation Workflows” WFE that includes the “closeIncident” action. For example:
Workflow Name: Close AlertOps incidents
Entry filter: 'status' is one of '["Closed","Resolved"]'
First Match Only: Checked
Action Name | Function | Arguments | Forwarding Behavior |
|---|---|---|---|
0 seconds | Delay | 0 seconds | |
Trigger send to AlertOps | closeIncident |
| Stop This Workflow |
Where the instanceName argument should match the Instance Name configured in the AlertOps integration tile.
This sends a request to AlertOps and adds a thread entry:
Sending request to close AlertOps alert: <succeeded|failed>
You can adjust the Entry filter in the trigger workflow to control which situations are forwarded to AlertOps.
The outbound notification uses the AlertOps Integration payload map in the AlertOps integration.
Update AlertOps Incident
Usage: Forwarding updates to AlertOps
To enable forwarding of Situation updates to AlertOps when the CIs in a situation change, confirm the “Update AlertOps Incident” outbound notification workflow is enabled.
To trigger the outbound notification a workflow should be added to the “Situation Delta” WFE that includes the “updateIncident” action.
Workflow Name: Notify CI Change to AlertOps Incident
The “Update AlertOps Incident” outbound notification uses the AlertOps update API to send a generic update to an AlertOps alert. Other trigger conditions can be added to the Situation Delta WFE to call this workflow if required.
The outbound notification uses the AlertOps Update payload map in the AlertOps integration to send data from the situation to AlertOps. Add new fields to this map to pass additional custom attributes.
If the payload map is updated, changes are required in AlertOps to the Custom Alert Fields and inbound integration.
Post to AlertOps Incident
Usage: Forwarding collaboration thread entries to AlertOps
To enable forwarding of situation collaboration thread entries to AlertOps, confirm the “Post to AlertOps Incident” outbound notification workflow is enabled.
To trigger the outbound notification, add a workflow to the “Situation Delta” WFE that includes the “sendThreadEntryToIncident” action. For example:
Workflow Name: Post to AlertOps Incident
Action Name | Function | Arguments | Forwarding Behavior |
|---|---|---|---|
0 seconds | Delay | 0 seconds | |
Check action | sigActionFilter |
| |
Get thread entry | getThreadEntry | - | |
Trigger send to AlertOps | sendThreadEntryToIncident |
|
Where the instanceName argument matches the Instance Name configured in the AlertOps integration tile. The prependText argument is an optional prefix that can be added to the replies. In this case, it is the string “Collaboration post: “.
New collaboration thread entries will appears as replies to the AlertOps alert in the format:
Collaboration post: <Moogsoft Onprem user name>:: <thread entry text>Assign AlertOps Incident
Usage: Automated assignment of AlertOps alerts
To enable notification of situation assignment to AlertOps, confirm the “Assign AlertOps Incident” outbound notification workflows is enabled.
To trigger the outbound notification, add a workflow to the “Situation Delta” WFE that includes the “sendAssignedToIncident” action. For example:
Workflow Name: Assign AlertOps Incident
Action Name | Function | Arguments | Forwarding Behavior |
|---|---|---|---|
0 seconds | Delay | 0 seconds | - |
Situation assigned | sigActionFilter |
| Stop This Workflow |
Trigger send to AlertOps | sendAssignedToIncident |
| Stop This Workflow |
Where the instanceName argument matches the Instance Name configured in the AlertOps integration tile. The moderatorName argument is optional. If omitted, the moderator name is taken from the Situation retrieved by the outbound workflow.
By default, this workflow adds a reply to the AlertOps alert in the format:
Moogsoft situation assigned to moderator <moogsoft username>
The workflows can also automatically assign the AlertOps alert to an AlertOps user if:
The “Assign on Moderator Assignment” option is checked in the AlertOps integration.
The “User” Conversion Map in the AlertOps integration is enabled and updated with mappings from Moogsoft Onprem usernames to AlertOps usernames
If a valid User mapping doesn’t exist for the new situation moderator, the workflow falls back to sending a reply message.
The default behavior in the absence of a match is “exclude”, which means the conversion fails and defaults to sending a reply message instead. Change this default behavior only when the usernames in both systems are identical or if a suitable default user account exists.
Add Teams to AlertOps Incident
Usage: Automated addition of recipient to AlertOps alerts
To enable notification when teams are added to a situation, confirm the “Add Teams to AlertOps Incident” outbound notification workflow is enabled.
To trigger the outbound notification, add a workflow to the “Situation Delta” WFE that includes the “sendTeamsAddedToIncident” action. For example:
Workflow Name: Add Teams to AlertOps Incident
Action Name | Function | Arguments | Forwarding Behavior |
|---|---|---|---|
0 seconds | Delay | 0 seconds | - |
Get Teams added | getTeamsAdded | - | Stop This Workflow |
Trigger sends to AlertOps | sendTeamsAddedToIncident |
| Stop This Workflow |
Where the instanceName argument matches the Instance Name configured in the AlertOps integration tile.
By default, this workflow adds a reply to the AlertOps alert in the format:
Teams added to Moogsoft situation: <csv list of moogsoft team names>
The workflows can also automatically assign the AlertOps alert to an AlertOps user if:
The “Assign on Moderator Assignment” option is checked in the AlertOps integration.
The “User” Conversion Map in the AlertOps integration is enabled and was updated with mappings from Moogsoft Onprem usernames to AlertOps usernames
If a valid User mapping doesn’t exist for the new situation moderator, the workflow falls back to sending a reply message.
In the absence of a match, the default behavior is “exclude”, which means the conversion fails and defaults to sending a reply message instead. Change this default behavior only when the usernames in both systems are identical or if a suitable default user account exists.
Handle AlertOps Response
Usage: Update Situation with AlertOps alert ID
To allow responses from AlertOps to update situations, confirm the “Handle AlertOps Response” workflow is enabled.
AlertOps uses an outbound integration to send the Alert ID back to Moogsoft Onprem in response to a request to create a new alert.
This results in a new thread entry:
Created AlertOps alert <Alert ID>
An update to custom_info.ticketing:
{
"ticketNumber": <Alert ID>
"ticketStatus": "open"
}Usage: Resolve Situation when AlertOps Alert Closes
AlertOps uses an outbound integration to notify Moogsoft Onprem when the AlertOps alert is closed.
This results in a new thread entry:
AlertOps alert <Alert ID> is closed
An update to custom_info.ticketing:
{
"ticketNumber": <Alert ID>
"ticketStatus": "closed"
}And the situation is moved to a resolved state.
Usage: Add thread entry for a reply to an AlertOps alert
AlertOps uses an outbound integration to notify Moogsoft Onprem when a reply is added to an AlertOps alert.
This results in a new thread entry:
AlertOps message: <alertops reply message>
Usage: Acknowledge Situation when AlertOps Alert is Assigned
AlertOps uses an outbound integration to notify Moogsoft Onprem when the AlertOps alert is assigned.
This results in a new thread entry:
Alert in AlertOps assigned to user: <alertops username>
Additionally, if a valid “Integration Username” is supplied in the integration and the situation isn’t already assigned, it is automatically acknowledged and assigned to the Integration user.