logo

CALLGOOSE

Fortinet FortiMonitor

Overview

This document provides a detailed guide to integrating Fortinet FortiMonitor with Callgoose SQIBS for real-time Incident Management, Incident Auto Remediation, Event-Driven Automation, and other automation purposes. The integration enables automatic creation, updating, and resolution of incidents in Callgoose SQIBS based on alerts triggered in FortiMonitor. The guide includes steps for setting up alerts in FortiMonitor, configuring webhook notifications, creating API filters in Callgoose SQIBS, and troubleshooting.

1. Obtain API Token and Endpoint Details

To integrate with Callgoose SQIBS, you first need to obtain an API token and find the API endpoint details.

  1. Generate an API Token:
  1. Find the API Endpoint:

2. Debugging and Troubleshooting

You can enable debugging in the API tokens used with FortiMonitor notifications for troubleshooting purposes.

  • Enable Debugging:
  • You can update the debug value when adding or updating an API token.
  • When API tracking is enabled, logs are stored in the API log section for your review. The debugging option will automatically disable after 48 hours.
  • When API tracking is turned off, no logs are saved in the API log.
  • Using API Log for Troubleshooting:
  • The API log provides detailed information on all API calls made to Callgoose SQIBS.
  • You can check the JSON values in each API log entry for troubleshooting purposes.
  • Use the information in the API log to create or refine API filters to ensure incidents are created correctly based on the API payloads received.
  • Callgoose SQIBS creates incidents according to your API filter configuration, giving you full control over how alerts from different services trigger incidents and alerts for your support team or automation processes.

3. Configuring Fortinet FortiMonitor to Send JSON Payloads

To configure Fortinet FortiMonitor to generate the JSON payloads similar to the examples provided, follow the steps outlined below. These steps will guide you through setting up the necessary alerts and webhook notifications within FortiMonitor to ensure that the JSON payloads match those expected by Callgoose SQIBS.

3.1 Setting Up Webhook in Fortinet FortiMonitor

  • Log in to FortiMonitor
  • Go to FortiMonitor Login and sign in with your credentials.
  • Configure Webhook in FortiMonitor
  • Navigate to Teams & Activity.
  • Click on Integrations.
  • Under the Webhook section, click Configure.
  • Webhook Setup
  • Title: Give a meaningful title for the webhook (e.g., "Callgoose SQIBS Integration").
  • Trigger Events: Select the events that should trigger the webhook, such as: Incident Detection, Incident Closure
  • Request Method: Choose POST.
  • Postback URL: Paste the endpoint URL provided by Callgoose SQIBS. Note: The final API endpoint URL might vary based on authentication and additional URL parameters. Find your final API End Point here.
  • Payload Configuration
  • Payload Type: Choose Raw Payload.
  • Content Type: Select JSON.
  • Raw Payload: Paste the following JSON template:
json

{
  "alert_label": "$alert_label",
  "alert_timeline_id": "$alert_timeline_id",
  "incident_duration": "$duration",
  "event_type": "$event",
  "server_fqdn": "$fqdn",
  "item_type": "$item_type",
  "affected_items": "$items",
  "metric_category_name": "$metric_category",
  "server_name": "$name",
  "server_short_name": "$short_name",
  "outage_id": "$outage_id",
  "incident_reasons": "$reasons",
  "resource_affected": "$resource",
  "server_id": "$server_id",
  "server_group": "$server_group",
  "complete_server_group_path": "$complete_server_group",
  "server_resource_id": "$server_resource_id",
  "incident_severity": "$severity",
  "incident_timestamp": "$timestamp",
  "event_trigger_type": "$trigger"
}
  • You can find explanation of all variables in the same page.
  • Click Save.

3.2 Configure Alert Timeline

  • Go to Incidents and select Alert Timelines.
  • You can create a new timeline or edit an existing one. Here, we’ll edit an existing timeline
  • Select the timeline you want to edit.
  • By default, trigger events are sent via email.
  • Click on the Alert event after Incdent detected.
  • Under Integration, select the webhook you created in the previous step.
  • Click Save.

3.3 Assign Alert Timeline to a Monitor

  • Go to the Monitors section and click on Instances.
  • Click Add to create a new instance.
  • Choose an instance type from the dropdown menu.
  • Example: Select Website/Endpoint.
  • Configure the instance's infrastructure details as required
  • Enter the endpoint details.
  • Click Next Step.
  • Configure monitoring options, click on Perform Discovery, and then click Finish Installation.
  • Navigate to Details of the monitor instance.
  • Ensure the correct alert timeline with the configured webhook is selected in the Alert Timeline field. If it is not selected, edit the timeline to assign the webhook-enabled timeline.
  • To customize metrics, click Monitor Config and edit the metrics according to your requirements.

3.4 Finalizing and Testing

  • Validate the Integration:
  • Trigger the alert condition manually if possible to verify that the correct JSON payload is sent to Callgoose SQIBS.
  • Resolve the alert to ensure the resolved state payload is also correctly sent and processed.

4. Configuring Callgoose SQIBS

4.1 Create API Filters in Callgoose SQIBS

To correctly map incidents from the Fortinet FortiMonitor alerts, you need to create API filters based on the JSON payloads received.

4.1.1 Example JSON Payloads from Fortinet FortiMonitor

Alert Triggered (event_trigger_type: "outage")

json

{
"alert_label": "751",
"alert_timeline_id": "631",
"incident_duration": "29.608024",
"event_type": "outage event",
"server_fqdn": "www.httpbin.org",
"item_type": "resource.network_response_time",
"affected_items": "HTTPS response time",
"metric_category_name": "HTTPS",
"server_name": "ChatGPT",
"server_short_name": "ChatGPT",
"outage_id": "-751",
"incident_reasons": "HTTPS response time greater than 0s for more than 1 minute",
"resource_affected": "HTTPS response time",
"server_id": "829",
"server_group": "Default Server Group",
"complete_server_group_path": "Default Server Group",
"server_resource_id": "36307",
"incident_severity": "critical",
"incident_timestamp": "2024-11-05 10:15:16 UTC",
"event_trigger_type": "outage"
}

Alert Resolved (event_trigger_type:: "clear")

json

{
"alert_label": "751",
"alert_timeline_id": "631",
"incident_duration": "-53.0",
"event_type": "clear event",
"server_fqdn": "www.httpbin.org",
"item_type": "resource.network_response_time",
"affected_items": "HTTPS response time",
"metric_category_name": "HTTPS",
"server_name": "ChatGPT",
"server_short_name": "ChatGPT",
"outage_id": "-751",
"incident_reasons": "HTTPS response time greater than 0s for more than 1 minute",
"resource_affected": "HTTPS response time",
"server_id": "829",
"server_group": "Default Server Group",
"complete_server_group_path": "Default Server Group",
"server_resource_id": "36307",
"incident_severity": "critical",
"incident_timestamp": "2024-11-05 10:14:24 UTC",
"event_trigger_type": "clear"
}

4.2 Configuring API Filters

4.2.1 Integration Templates

If you see a Fortinet FortiMonitor integration template in the "Select Integration Template" dropdown in the API filter settings, you can use it to automatically add the necessary Trigger and Resolve filters along with other values. The values added by the template can be modified to customize the integration according to your requirements.

4.2.2 Manually Add/Edit the Filter

There are two filters that you can manually edit: Trigger and Resolve.

  • Trigger Filter (For Creating Incidents):
  • Payload JSON Key: "event_trigger_type"
  • Key Value Contains: [outage]
  • Map Incident With: "alert_label"
  • This corresponds to the unique alert_label from the Fortinet FortiMonitor payload.
  • Incident Title From: "event_type"
  • This will use the event type as the incident title in Callgoose SQIBS.
  • Incident Description From: Leave this empty unless you want to use a specific key-value from the JSON payload. If a key is entered, only the value for that key will be used as the Incident Description instead of the full JSON. By default, the Incident Description will include the full JSON values.
  • Example: If you use the "incident_reasons" key in the Incident Description From field, the incident description will be the value of the "incident_reasons" key. In the example JSON payload provided earlier, this would result in a description like "HTTPS response time greater than 0s for more than 1 minute.".
  • Resolve Filter (For Resolving Incidents):
  • Payload JSON Key: "event_trigger_type"
  • Key Value Contains: [clear]
  • Incident Mapped With: "alert_label"
  • This ensures the incident tied to the alert_label is resolved when the alert status returns to normal.

Refer to the API Filter Instructions and FAQ for more details.

4.3 Finalizing Setup

  • Save the API Filters:
  • Ensure that the filters are correctly configured and saved in Callgoose SQIBS.
  • Double-check that all key mappings, incident titles, and descriptions are correctly aligned with the payload structure sent by Fortinet FortiMonitor.

5. Testing and Validation

5.1 Triggering Alerts

  • Simulate a Monitoring Alert:
  • Create a test condition in Fortinet FortiMonitor to trigger an alert.
  • Ensure that an incident is created in Callgoose SQIBS with the correct information based on the API filters set.

5.2 Resolving Alerts

  • Acknowledge and Resolve the Alert:
  • Once the condition is resolved in Fortinet FortiMonitor, ensure that the incident in Callgoose SQIBS is automatically marked as resolved.

6. Security Considerations

  • API Security: Ensure that the Callgoose SQIBS API endpoint is correctly configured, and that the API token is securely stored and used.
  • Fortinet FortiMonitor Permissions: Confirm that the webhook in Fortinet FortiMonitor has appropriate permissions to send alerts and data to Callgoose SQIBS.

7. Troubleshooting

  • No Incident Created:
  • Verify that the webhook URL in Fortinet FortiMonitor is correct and that the JSON payload structure matches the API filters configured in Callgoose SQIBS.
  • Incident Not Resolved:
  • Ensure that the resolve filter in Callgoose SQIBS is correctly configured and that the JSON payload sent by Fortinet FortiMonitor matches the expected structure.

8. Conclusion

This guide provides a comprehensive overview of how to integrate Fortinet FortiMonitor with Callgoose SQIBS for effective incident management. By following the steps outlined, you can ensure that alerts from Fortinet FortiMonitor are automatically reflected as incidents in Callgoose SQIBS, with proper resolution tracking when the issues are resolved.

For further customization or advanced use cases, refer to the official documentation for both Fortinet FortiMonitor and Callgoose SQIBS:

This documentation will guide you through the integration process, ensuring that your incidents are managed effectively within Callgoose SQIBS based on real-time alerts from Fortinet FortiMonitor.

WE ARE

An Advanced Automation platform with effective On-Call schedule, real-time Incident Management and Incident Response capabilities

MORE
ABOUT US
monitor

CALLGOOSE
SQIBS

Advanced Automation platform with effective On-Call schedule, real-time Incident Management and Incident Response capabilities that keep your organization more resilient, reliable, and always on

Callgoose SQIBS can Integrate with any applications or tools you use. It can be monitoring, ticketing, ITSM, log management, error tracking, ChatOps, collaboration tools or any applications

Callgoose providing the Plans with Unique features and advanced features for every business needs at the most affordable price.


Unique Features

  • 30+ languages supported
  • IVR for Phone call notifications
  • Dedicated caller id
  • Advanced API & Email filter
  • Tag based maintenance mode

Signup for a freemium plan today &
Experience the results.

No credit card required

Start today