Overview

The ilert provider facilitates interaction with ilert’s API, allowing for the management of incidents and events. This includes the ability to create, update, and resolve incidents, as well as send custom event notifications. This provider integrates Keep’s system with ilert’s robust alerting and incident management platform.

Authentication

This provider requires authentication.

  • ilert_token: ILert API token (required: True, sensitive: True)
  • ilert_host: ILert API host (required: False, sensitive: False)

Certain scopes may be required to perform specific actions or queries via the provider. Below is a summary of relevant scopes and their use cases:

  • read_permission: Read permission (mandatory)
  • write_permission: Write permission

In workflows

This provider can be used in workflows.

As “step” to query data, example:

steps:
    - name: Query ilert
      provider: ilert
      config: "{{ provider.my_provider_name }}"
      with:
        incident_id: {value}  

As “action” to make changes or update data, example:

actions:
    - name: Query ilert
      provider: ilert
      config: "{{ provider.my_provider_name }}"
      with:
        _type: {value}  # Type of notification ('incident' or 'event') - determines which endpoint is used
        summary: {value}  # A brief summary of the incident (required for new incidents)
        status: {value}  # Current status of the incident (INVESTIGATING, RESOLVED, MONITORING, IDENTIFIED)
        message: {value}  # Detailed message describing the incident (default: empty string)
        affectedServices: {value}  # JSON string of affected services and their statuses (default: "[]")
        id: {value}  # ID of incident to update (use "0" to create a new incident)
        event_type: {value}  # Type of event to post (ALERT, ACCEPT, RESOLVE)
        details: {value}  # Detailed information about the event
        alert_key: {value}  # Unique key for event deduplication
        priority: {value}  # Priority level of the event (HIGH, LOW)
        images: {value}  # List of image URLs to include with the event
        links: {value}  # List of related links to include with the event
        custom_details: {value}  # Custom key-value pairs for additional context

Check the following workflow example:

Connecting with the Provider

To integrate Keep with ilert, follow these steps:

  1. Log in to your ilert account.
  2. Navigate to “Alert Sources” under your account settings.
  3. Create a new alert source specifically for Keep.
  4. Note the ALERT-SOURCE-API-KEY provided for this alert source.

The endpoint to make requests for Keep integration will be: (https://api.ilert.com/api/v1/events/keep/{ALERT-SOURCE-API-KEY})