Notifier Plugin for Ticket Orchestrator
Notifier Plugin for Ticket Orchestrator
This document explains how to configure the Notifier integration with the Cloud Ticket Orchestrator module of the Netskope Cloud Exchange platform.
Prerequisites
To complete this configuration, you need:
- A Netskope tenant (or multiple, for example, production and development/test instances) that is already configured in Cloud Exchange.
- A Netskope Cloud Exchange tenant with the Ticket Orchestrator module already configured.
- An account in the appropriate Notifier platform(s), like Slack, PagerDuty, etc., and for Gmail, you need access to smtp.gmail.com and its port 465.
Workflow
- Configure the Notifier plugin.
- Configure Ticket Orchestrator Business Rules for Notifier.
- Configure Ticket Orchestrator Queues for Notifier.
- Validate the Notifier Plugin.
Click play to watch a video.
If you already have a slack application, jump to step 3.
- To get a slack webhook URL, first sign in to your Slack account and then navigate to https://api.slack.com/messaging/webhooks and click on Create your Slack app button.
- Select From Scratch.
- Enter the name of your application for App Name, and select the workspace in which you want to create the application. Click Create App.
- Under Add Features and Functionality, click the Incoming Webhooks tile.
- Toggle the switch on top right corner (if not already On) to activate incoming webhooks in your application.
- Click Add New Webhook to Workspace.
- Select the channel in which you want your application to post the notifications, and then click Allow.
- Click Copy to copy the newly generated webhook URL. This will be used while creating the Notifier plugin.
- Log in to Cloud Exchange
- Go to Settings > Plugins.
- Search for and click on the Notifier plugin tile.
- Enter and select the Basic Information on the first page:
- Configuration Name: Unique name for the configuration.
- Sync Interval: Leave Default.
- Use System Proxy: Enable if proxy is required for communication.
- Click Next.
- For Platform Name, select Slack (Webhooks) from the dropdown list.
- Click Next.
- Enter the Configuration Parameters on the third page:
- Webhook URL: Webhook URL obtained previously.
- Icon URLURL: Leave Default
- Icon Emoji: Leave Default
- Username: Leave Default
- Channel: Leave Default
- Unfurl Links: Leave Default
- Click Save.
- Go to Ticket Orchestrator > Business Rule and click Create New Rule.
- Add the rule name, and select your query for the business rule.
- Click Save.
- Go to Ticket Orchestrator > Queues and click Add Queue Configuration.
- Enter and select these values:
- Business Rule: Select the Business Rule created previously.Configuration: Select the Notifier Configuration created previously.Queues: For the Slack Notifier plugin, it should be a Notification queue.Map Fields: Add/Map appropriate values between alerts and notifications under the Map Field section. Alert’s attributes can be accessed via “$” in the custom message field.Click on the Add button to add more field mappings.
- Click Save.
- Based on the business rule(s), notifications for incoming alerts will be sent automatically to the configured Slack channel.
To create notifications for historical alerts, click Sync on the configured queue and enter the Time period (in days), and then click Fetch. It’ll show the number of alerts that are eligible for sending notifications.
- Click on the Sync button to send the notification(s).
- Log in to Cloud Exchange.
- Go to Settings > Plugins.
- Search for and click on the Notifier plugin tile.
- Enter and select the Basic Information on the first page:
- Configuration Name: Unique name for the configuration.
- Sync Interval: Select a value to fetch alerts data from the source Netskope Ticket Orchestrator (ITSM) plugin.Use System Proxy: Enable if proxy is required for communication.
- Click Next.
- For Platform Name, select Email (SMTP) or Gmail from the dropdown list.
- Click Next.
- Enter the Configuration Parameters on the third page:
- To: One or more comma-separated email addresses.
- From: The from address to use when sending email notifications. Host: FQDN or IP address of the SMTP server. In case of Gmail, use the value smtp.gmail.com. Port: Select port number to use.Username: Type username if relevant. Password: Type password if relevant.Tls: Select if TLS is required.Ssl: Select if SSL is required.Html: Select if email should be parsed as an HTML file. Login: Select to Trigger login to server.
Note
If your SMTP Server or Gmail service is configured with MFA, then you will need to generate an Application Specific Password to use with the plugin.
- Click Save.
- Go to Ticket Orchestrator > Business Rule and click Create New Rule.
- Enter a rule name and build the appropriate filter query condition on fields(s) for the business rule. You can also type the query manually by clicking Filter Query.
- Click Save.
- To create Mute Rule(s) and/or Deduplication Rule(s) for this business rule, click on the Business Rule you created.
- Click on the round + icon to create a new Mute Rule/Deduplication Rule.
- Enter a Rule Name and build the appropriate condition, and then click Save.
- Similarly, Deduplication Rule(s) can be created.
- To test the newly created business rule, click on the refresh icon, enter a Time period ( in days), and then click Fetch. This shows the number of alerts that are eligible for incident/ticket creation.
- Go to Ticket Orchestrator > Queues and click Add Queue Configuration.
- Enter and select these values:
- Business Rule: Select the Business Rule created previously.Configuration: Select the Notifier Configuration created previously, Notifier in this case.Queues: For the Email n(SMTP) or Gmail Notifier plugin, it should be Notification.Map Fields: Add/Map appropriate values between alerts and notification under the Map Field section. Alert’s attributes can be accessed via “$” in the custom message field. For the Email Notifier Plugin, these options are available:
- Message: Message of the email. You can also use HTML tags to format email content for notifications.
- Subject: Subject of the email.
- To: Comma separated email addresses, a default set to $user field from alerts.
- Business Rule: Select the Business Rule created previously.Configuration: Select the Notifier Configuration created previously, Notifier in this case.Queues: For the Email n(SMTP) or Gmail Notifier plugin, it should be Notification.Map Fields: Add/Map appropriate values between alerts and notification under the Map Field section. Alert’s attributes can be accessed via “$” in the custom message field. For the Email Notifier Plugin, these options are available:
- Click Save. Based on the business rule(s), Notifications for incoming alerts will be sent automatically to the To email address configured in the Notifier plugin as well as the user identified in the Alert.
To create notifications for historical alerts, click the refresh icon for the configured queue and enter the Time period (in days), and then click Fetch. It’ll show the number of alerts that are eligible for sending notifications.
- Click on the Sync button to send the notification(s).
In order to validate the workflow, you must have Netskope Alerts.
- Go to Ticket Orchestrator > Alerts.
- Confirm the delivery of the email notifications to either the “To” email address configured in the Notifier, plugin, or the user email address that has triggered the alert.
- If notifications are not being sent to Slack, Gmail, or Email, you can look at the audit logs in Cloud Exchange. Go to Logging and look through the logs for errors.
To view the message(s) sent to Slack, navigate to your configured Slack channel.
