This
This SyncPack uses the "AWS Incident Manager Automation" PowerPack and the "AWS Base"SyncPack.
What Can I Do with this SyncPack?
The "AWS Incident Manager" SyncPack lets you configure PowerFlow to automatically synchronize Skylar One events and incidents generated with AWS Incident Manager. The integration is bidirectional between AWS Incident Manager and Skylar One systems.
This SyncPack includes the following PowerFlow applications:
- Send Skylar One Event to AWS Incident Manager. Sends Skylar One event information to the AWS console. The application takes Skylar One event data as input and makes a request to the AWS Incident Manager. Based on the input parameters, the request to the AWS API does one of the following:
- Sends event details to AWS incident manager
- Incident Manager contact channels will be created and send email/message
- All the target actions in AWS services to be validated for each use case
- Bulk Resolve Skylar One Events From AWS. Receives input from a user action in the AWS Console, such as "resolving" an incident, and shares the action being performed, the Skylar One instance information and the Event ID. This application clears the Skylar One event in the specified Skylar One instance based on the resolution on AWS incident manager.
Contents of the SyncPack
This section lists the contents of the "AWS Incident Manager" SyncPack.
PowerFlow Applications
- Bulk Resolve Skylar One Events From AWS. This application collects resolution state data from AWS and resolves corresponding Skylar One events.
- Create Timeline Event In AWS Incident Manager. This application collects acknowledged event data from Skylar One and creates a timeline event in AWS.
- Resolve AWS Incident. This application resolves an AWS incident that was resolved by a corresponding Skylar One event.
- Send Skylar One Event to AWS Incident Manager. This application collects event details from Skylar One and creates an incident in AWS.
For more information about how to configure these applications, see Configuring and Aligning the AWS Incident Manager Applications.
Configuration Object
- AWS Incidents Base Config. This configuration object can be used as a template after the SyncPack is installed on the PowerFlow system. The configuration object includes the following:
- Details for connecting to Skylar One, including the host, username, and password.
- Details for connecting to AWS, including the region name, access key ID, secret access key ID, and service.
- Details for event and incident response including templates, maps, time, external URL population, and response plans.
Steps
The following steps are included in this SyncPack:
- Create Skylar One Payload
- Create Timeline Event In AWS Incident Manager
- Get Event Details From Skylar One Start AWS Incident
- Get Resolved Incidents And Pass To Skylar One
- Post Update To Skylar One
- Resolve Incident In AWS Incident Manager