PagerDuty is an alarm aggregation and dispatching service for system administrators and support teams. It collects alerts from your monitoring tools, gives you an overall view of all of your monitoring alarms, and alerts an on duty engineer if there's a problem. This integration adds ClearPass Policy Manager to the list of tools that can deliver proactive alerts to PagerDuty and ensure the right staff are informed of an event happening on your network in realtime - whether that be via email, SMS or push notification.
AH contributor: cam
Specifications
Administration -> External Servers -> Endpoint Context Servers
|
Select Server Type
|
Generic HTTP |
Server Name
|
<Your integration name> |
Server Base URL
|
https://events.pagerduty.com |
Username
|
<Your username> |
Password
|
<Your Password> |
Administration -> Dictionaries -> Context Server Actions
|
Action Tab
|
Server Type
|
Generic HTTP |
Server Name
|
<Select your integration name> |
Action Name
|
<Describe the action> |
HTTP Method
|
POST |
URL
|
/generic/2010-04-15/create_event.json |
Header Tab
|
Header Name/Header Value
|
Content-Type=application/json |
Content Tab
|
Content-Type
|
JSON |
Content
|
{ "service_key": "%{service-key}", "event_type": "trigger", "description": "The following compromised device has attempted to connect to the cp-secure WiFi network:Mac Address: %{Mac-Address} Enrolled User: %{Username} Device Serial: %{Serial Number} Model: %{Model} OS Version: %{OS Version} Location: %{Location}", "client": "ClearPass Policy Manager", "client_url": "https://airheads.cloud.clearpassbeta.com/tips/", "details": { "Mac Address": "%{Mac-Address}", "Enrolled User": "%{Username}", "Device Serial": "%{Serial Number}", "Model": "%{Model}", "OS Version": "%{OS Version}", "Location": "%{Location}" } }
|
Attributes Tab
|
Attribute Name/Attribute Value
|
Mac-Address=%{Connection:Client-Mac-Address}"
Username=%{Authentication:Full-Username}
Serial Number=%{Endpoint:Serial Number}
Model=%{Endpoint:Model}
OS Version=%{Endpoint:OS Version}
Location=%{Radius:Aruba:Aruba-Location-Id}
service-key=<your pagerduty service key>
|
Tips & Tricks
|
|
Make sure to follow these steps and plug the service-key into the attribute value above:
1. In your account, under the Services tab, click "Add New Service".
2. Enter a name for the service and select an escalation policy. Then, select "Generic API" for the Service Type.
3. Click the "Add Service" button.
4. Once the service is created, you'll be taken to the service page. On this page, you'll see the "Service key", which is needed to access the API The Location-ID above is specific to Aruba WLAN controllers and would need to be substituted for a different attribute if using a non-Aruba network infrastructure.
|