Dynamic variables

Created:

May 18, 2023

Updated:

April 29, 2024



The use of variables in notification integrations can be done through tokens. Notification integrations contain customizable payloads where you can add, remove and change tokens and text.

The information and tokens in the payload determine what information is populated into your alert or incident. For example:

{alert_name} was triggered at {alert_timestamp}, this populates the alert with the name you have given the alert and the time in UTC when the alert was generated: "404 alert was triggered at 21/04/2023T12:35:36".

The table below details the different variables you can use in a payload.

Alerts

Variable name	Description	Example	Process Type
alert_link	Link to the alert in the Firetail SaaS platform.	https://firetail.app/organisations/2b33ac05-ef3f-4d8d-97ee-986a887cba87/monitor-alerting/27da7c63-c830-4b32-890e-7b28e0ca5184	Alert
alert_uuid	Unique UUID (Universally Unique Identifier) of the alert.	bd65fefc-43d9-4c6c-9719-21ef828afa6c	Alert
alert_name	Name of the alert.	404 alert	Alert
alert_timestamp	Timestamp alert was generated in UTC.	21/04/2023T12:35:36	Alert
alert_operand	Operand of the alert.	"<" ">" ">=" "<=" "=="	Alert
alert_nice_operand	Operand in text form.	less than	Alert
alert_type	Type of alert.	static \|\| anomaly	Alert
alert_static_threshold_condition	Same as alert_operand.	"<" ">" ">=" "<=" "=="	Alert
alert_static_threshold_value	Threshold value for triggering a static alert.	1000	Alert
alert_static_triggered_value	Value that caused the alert to trigger.	1001	Alert
alert_period	Period in time that gets checked for alert breach, in seconds.	900	Alert
alert_throttle_enabled	If enabled the alert won't trigger until it is outside of the threshold period.	true	Alert
alert_throttle_period	Time after alerting that no alerts will be generated, in seconds.	900	Alert
alert_anomaly_sensitivity	Sensitivity of bands for anomaly detection lower is less sensitive.	1.5	Alert
alert_anomaly_max_data_points	How many data points will be checked for breach of anomaly bands.	1	Alert
alert_anomaly_min_data_points	The minimum data points that will be checked for breach of anomaly bands (data points * alert_period).	1	Alert
alert_anomaly_comparison_operator	Operand for checking if alert breaches threshold.	LessThanLowerOrGreaterThanUpperThreshold	Alert
alert_message	The alert message.		Alert
org_uuid	Unique UUID (Universally Unique Identifier) of the Organization.	bd65fefc-43d9-4c6c-9719-21ef828afa6c	Alert

‍

Incidents

Variable name	Description	Example	Process Type
incident_link	Link to the incident in the FireTail SaaS platform.	https://firetail.app/organisations/94520fbd-7863-465b-bc77-70038e014aea/posture-management/incidents/660a1f2f-3c86-4a5a-a07f-c1382294e04b	Incident
incident_uuid	Unique UUID (Universally Unique Identifier) of the incident.	bd65fefc-43d9-4c6c-9719-21ef828afa6c	Incident
Incident_title	The title of the Incident	Incident title	Incident
incident_timestamp	Timestamp incident was generated in UTC.	21/04/2023T12:35:36	Incident
incident_policy_name	The name of the incident policy that triggered the incident.	Incident policy name	Incident
incident_policy_frequency	How frequently the policy is checked.	1 day	Incident
incident_policy_uuid	Unique UUID (Universally Unique Identifier) of the incident policy.	bd65fefc-43d9-4c6c-9719-21ef828afa6c	Incident
incident_policy_link	Link to the incident policy in the FireTail SaaS platform.	https://firetail.app/organisations/00000-74bd-222-3333-111110/posture-management/incidents-policy	Incident
incident_period	Period in time that gets checked for incident breach, in seconds.	900	Incident
incident_message	The incident message.		Incident
findings_info	The number of findings categorized as info severity in the incident.	90	Incident
findings_low	The number of findings categorized as low severity in the incident.	20	Incident
findings_medium	The number of findings categorized as medium severity in the incident.	50	Incident
findings_high	The number of findings categorized as high severity in the incident.	5	Incident
findings_critical	The number of findings categorized as critical severity in the incident.	3	Incident
findings_total	The total number of findings in the incident.	128	Incident
org_uuid	Unique UUID (Universally Unique Identifier) of the Organization.	bd65fefc-43d9-4c6c-9719-21ef828afa6c	Incident

‍

Example incident message for Slack

‍



{
    "blocks": [
        {
            "type": "header",
            "text": {
                "type": "plain_text",
                "text": "Incident Triggered by Policy '{incident_policy_name}'",
                "emoji": true
            }
        },
        {
            "type": "section",
            "fields": [
                {
                    "type": "mrkdwn",
                    "text": "*Name:*\n{incident_title}"
                },
                {
                    "type": "mrkdwn",
                    "text": "*Trigger Time:*\n{incident_timestamp}"
                }
            ]
        },
        {
            "type": "header",
            "text": {
                "type": "plain_text",
                "text": "Findings - {findings_total}",
                "emoji": true
            }
        },
        {
            "type": "section",
            "fields": [
                {
                    "type": "mrkdwn",
                    "text": "*Critical:*\n{findings_critical}"
                },
                {
                    "type": "mrkdwn",
                    "text": "*High:*\n{findings_high}"
                },
                {
                    "type": "mrkdwn",
                    "text": "*Medium:*\n{findings_medium}"
                },
                {
                    "type": "mrkdwn",
                    "text": "*Low:*\n{findings_low}"
                }
            ]
        },
        {
            "type": "section",
            "text": {
                "type": "mrkdwn",
                "text": "<{incident_link}|View Incident>"
            }
        }
    ]
}