Skip to content

Ilert

ilert

Ilert is an incident management platform. This module triggers alerts and manages incidents.

Configuration

Name Type Description
integration_key string The integration key of your ilert alert source
integration_url string URL of the ilert Events API endpoint

Actions

Trigger Alert

Trigger alert to Ilert

Arguments

Name Type Description
alert_uuid string The Unique identifier of the alert
api_key string The Sekoia.io API-Key to read the alert content.
base_url string Base URL of Sekoia.io api (e.g. https://api.sekoia.io/).

Set up

Configuration

Forward Sekoia.io alerts to Ilert via the Trigger Alert action so your on-call teams are notified and security incidents are tracked through to resolution.

In Ilert: Create a Sekoia.io alert source

  1. Go to Alert sources > Alert sources and click Create new alert source.

    Step 1

  2. Search for Sekoia.io in the search field, click the Sekoia.io tile, and then click Next.

    Step 2

  3. Give your alert source a name, optionally assign teams, and click Next. Then select an escalation policy by creating a new one or assigning an existing one.

    Step 3

  4. Select your alert grouping preference and click Continue setup. You may click Do not group alerts for now and change it later.

    Step 4

  5. The next page shows additional settings, such as custom alert templates or notification priority. Click Finish setup for now. On the final page, copy the generated integration key and Sekoia.io URL. You will use both in the next steps.

    Step 5

In Sekoia.io: Connect the Ilert integration

  1. In Sekoia.io, open Integrations from the sidebar.

    Step 6

  2. Search for Ilert and select the Ilert integration from the results.

    Step 7

  3. Click Show accounts, then Connect an account.

    Step 8

  4. Fill in the Add new account form:

    • Give a name to this account: a label of your choice (e.g. ilert account).
    • Integration Key: the integration key from your ilert alert source.
    • Integration Url: https://api.ilert.com/api/v1/events/sekoia.

    Click Add account.

    Step 9

In Sekoia.io: Use the Trigger Alert action in a playbook

  1. Open or create a playbook in Sekoia.io, then add the Trigger Alert action from the Ilert integration. In the Account tab, select the Ilert account you just connected, configure the action input, and save the playbook.

    Step 10

Whenever the playbook runs the Trigger Alert action, a new alert is created on the corresponding Sekoia.io alert source in Ilert.

Note: If a Sekoia.io event is sent with the status key set to resolved or closed, the corresponding Ilert alert is resolved automatically. If the status key is set to acknowledged, the alert is acknowledged automatically.

Extra

Module Ilert v1.0.0