Meraki-PagerDuty-SNOW integration

Meraki-PagerDuty-SNOW integration

So we are now getting alerts from Cisco Meraki via the webhook.

This produces an alert and incident in Pagerduty.

Which then assigns it to the right support group and through our API intergration with SNOW creating tickets in our incident management system.

 

Having the Alerts come in near real time, has allowed us to see things we were not aware were going on in the environment!

Comments
PhilipDAth
Kind of a big deal

What is SNOW?

Mikanator
Here to help

SNOW=ServiceNOW

UCcert
Kind of a big deal

@PhilipDAth - fluffy white stuff that falls out of the sky.

Mikanator
Here to help

@UCcert  wish there was a way to SEND a laughing respond to you! HAHAHAHAA!

UCcert
Kind of a big deal

Sorry @Mikanator I have a terrible sense of humour 

PhilipDAth
Kind of a big deal

And here I was thinking they were using cocaine for incident response.

Mikanator
Here to help

who says we are not! 😂🤣😁

Mikanator
Here to help

Hello,

Thought i would save someone some frustrations if they are also working on the integration.

 

Below is the modified transformation code we are using, it is slightly different from the published coded by cisco in the dev portal.

 

You will see an added custom filed "service" we are injecting into the body object for the "Details".

We also "null" out the "shared secret" we are using as a filter for incoming alerts to Pagerduty.

On the SNOW side we are using the field to key off from other services to direct what ingest script to run.

 

some of the documentation says to use the field 'title' but we found this did not work, but kept it in the code in case things change but its commented out.

 

 

// Consume Meraki Alert via Webhook
var body = PD.inputRequest.body;
// Set Alert Severity
var severity = "warning";
// critical
// error
// warning
// info
// unknown

if(body.alertType == "Settings changed") {severity = "info";}
if(body.alertType == "Motion detected") {severity = "info";}
if(body.alertType == "Network usage alert") {severity = "warning";}
if(body.alertType == "APs went down") {severity = "critical";}
if(body.alertType == "Uplink status changed" && !body.alertData.uplink) {severity = "critical";}


var event_type = "PD.Trigger";
//PD.Trigger - use this event type to trigger a new event
//PD.Resolve - use this event type to resolve a triggered incident
//PD.Acknowledge - use this event type to acknowledge a triggered incident

//if (body.alertType == "APs came up") {event_type="PD.Resolve";}

//var title = body.alertType+": "+body.networkName;

var description = body.alertType+": "+body.networkName;
var service = "Meraki Alert";

//add custom field of service to body object
body.service = service;


//var custom_details = body+"/:/"+service;

// Format payload
var cef_event = {
event_type: event_type,
//title: title,
description: description,
severity: severity,
source_origin: body.networkId,
dedup_key: body.alertId,
service_group: body.organizationId,
event_action: PD.Trigger,
details: body
}

// Check secret and store event
const SECRET = "secret123";

if(body.sharedSecret == SECRET){
body.sharedSecret = null
PD.emitCEFEvents([cef_event]);
}