The use of variables in notification integrations can be done through tokens. Notification integrations contain customizable payloads where you can add, remove and change tokens and text.
The information and tokens in the payload determine what information is populated into your alert or incident. For example:
- {alert_name} was triggered at {alert_timestamp}, this populates the alert with the name you have given the alert and the time in UTC when the alert was generated: "404 alert was triggered at 21/04/2023T12:35:36".
The table below details the different variables you can use in a payload.
Alerts
Variable name
|
Description
|
Example
|
Process Type |
| alert_link |
Link to the alert in the Firetail SaaS platform. |
https://firetail.app/organisations/2b33ac05-ef3f-4d8d-97ee-986a887cba87/monitor-alerting/27da7c63-c830-4b32-890e-7b28e0ca5184 |
Alert |
| alert_uuid |
Unique UUID (Universally Unique Identifier) of the alert. |
bd65fefc-43d9-4c6c-9719-21ef828afa6c |
Alert |
| alert_name |
Name of the alert. |
404 alert |
Alert |
| alert_timestamp |
Timestamp alert was generated in UTC. |
21/04/2023T12:35:36 |
Alert |
| alert_operand |
Operand of the alert. |
"<" ">" ">=" "<=" "==" |
Alert |
| alert_nice_operand |
Operand in text form. |
less than |
Alert |
| alert_type |
Type of alert. |
static || anomaly |
Alert |
| alert_static_threshold_condition |
Same as alert_operand. |
"<" ">" ">=" "<=" "==" |
Alert |
| alert_static_threshold_value |
Threshold value for triggering a static alert. |
1000 |
Alert |
| alert_static_triggered_value |
Value that caused the alert to trigger. |
1001 |
Alert |
| alert_period |
Period in time that gets checked for alert breach, in seconds. |
900 |
Alert |
| alert_throttle_enabled |
If enabled the alert won't trigger until it is outside of the threshold period. |
true |
Alert |
| alert_throttle_period |
Time after alerting that no alerts will be generated, in seconds. |
900 |
Alert |
| alert_anomaly_sensitivity |
Sensitivity of bands for anomaly detection lower is less sensitive. |
1.5 |
Alert |
| alert_anomaly_max_data_points |
How many data points will be checked for breach of anomaly bands. |
1 |
Alert |
| alert_anomaly_min_data_points |
The minimum data points that will be checked for breach of anomaly bands (data points * alert_period). |
1 |
Alert |
| alert_anomaly_comparison_operator |
Operand for checking if alert breaches threshold. |
LessThanLowerOrGreaterThanUpperThreshold |
Alert |
| alert_message |
The alert message. |
|
Alert |
| org_uuid |
Unique UUID (Universally Unique Identifier) of the Organization. |
bd65fefc-43d9-4c6c-9719-21ef828afa6c |
Alert |
Incidents
Variable name
|
Description
|
Example
|
Process Type |
| incident_link |
Link to the incident in the FireTail SaaS platform. |
https://firetail.app/organisations/94520fbd-7863-465b-bc77-70038e014aea/posture-management/incidents/660a1f2f-3c86-4a5a-a07f-c1382294e04b |
Incident |
| incident_uuid |
Unique UUID (Universally Unique Identifier) of the incident. |
bd65fefc-43d9-4c6c-9719-21ef828afa6c |
Incident |
| Incident_title |
The title of the Incident |
Incident title |
Incident |
| incident_timestamp |
Timestamp incident was generated in UTC. |
21/04/2023T12:35:36 |
Incident |
| incident_policy_name |
The name of the incident policy that triggered the incident. |
Incident policy name |
Incident |
| incident_policy_frequency |
How frequently the policy is checked. |
1 day |
Incident |
| incident_policy_uuid |
Unique UUID (Universally Unique Identifier) of the incident policy. |
bd65fefc-43d9-4c6c-9719-21ef828afa6c |
Incident |
| incident_policy_link |
Link to the incident policy in the FireTail SaaS platform. |
https://firetail.app/organisations/00000-74bd-222-3333-111110/posture-management/incidents-policy |
Incident |
| incident_period |
Period in time that gets checked for incident breach, in seconds. |
900 |
Incident |
| incident_message |
The incident message. |
|
Incident |
| incident_findings_info_count |
The number of findings categorized as info severity in the incident. |
90 |
Incident |
| incident_findings_low_count |
The number of findings categorized as low severity in the incident. |
20 |
Incident |
| incident_findings_medium_count |
The number of findings categorized as medium severity in the incident. |
50 |
Incident |
| incident_findings_high_count |
The number of findings categorized as high severity in the incident. |
5 |
Incident |
| incident_findings_critical_count |
The number of findings categorized as critical severity in the incident. |
3 |
Incident |
| incident_findings_total_count |
The total number of findings in the incident. |
128 |
Incident |
| org_uuid |
Unique UUID (Universally Unique Identifier) of the Organization. |
bd65fefc-43d9-4c6c-9719-21ef828afa6c |
Incident |
Example incident message for Slack
{
"blocks": [
{
"type": "header",
"text": {
"type": "plain_text",
"text": "Incident Triggered by Policy '{incident_policy_name}'",
"emoji": true
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Name:*\n{incident_title}"
},
{
"type": "mrkdwn",
"text": "*Trigger Time:*\n{incident_timestamp}"
}
]
},
{
"type": "header",
"text": {
"type": "plain_text",
"text": "Findings - {incident_findings_total_count}"
"emoji": true
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*Critical:*\n{incident_findings_critical_count}"
},
{
"type": "mrkdwn",
"text": "*High:*\n{incident_findings_high_count}"
},
{
"type": "mrkdwn",
"text": "*Medium:*\n{incident_findings_medium_count}"
},
{
"type": "mrkdwn",
"text": "*Low:*\n{incident_findings_low_count}"
}
]
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "<{incident_link}|View Incident>"
}
}
]
}
