Cut Your Time to Respond With Red Canary + PagerDuty

Brian Beyer

Share this Project

Over the years, our customers have integrated Red Canary detection notifications into a variety of tools. A few of the more common integrations include:

  • Shared incident response email lists
  • Webhooks into JIRA issue tracking systems
  • Syslog into SIEMs
  • Splunk using the Red Canary API

Today, we are excited to announce our newest integration and partnership: PagerDuty. Red Canary customers can now instantly receive threat notifications in a multitude of new ways powered by PagerDuty including their mobile app, SMS messages, and even automated phone calls.

This ensures the right people on your team are notified as quickly as possible about a Red Canary detection. You can cut your time to respond and the attacker’s potential impact.

Why PagerDuty?

Many of our customers need a simple solution to manage their security team’s afterhours “on-call” rotation and ensure the right escalation policies and workflow is established. PagerDuty was the obvious choice given our experience with the solution. We have been a longtime PagerDuty customer and depend on it to notify the right Red Canary support engineer when we are seeing performance hiccups with our platform.

Pagerduty How It Works

We love that PagerDuty shares our belief in the power of open APIs. Integrations are practically unlimited: we can send PagerDuty our AWS Cloudwatch, New Relic performance, Splunk security alerts, Red Canary threat notifications, and our custom system health checks and PagerDuty takes it from there.

Up and running in 2 Minutes

It’s incredibly easy setup the Red Canary and PagerDuty integration.

  1. Go to the Integrations page in your Red Canary portal
  2. Select Integrate with PagerDutypagerduty-integrate
  3. Select which types of notifications should go to PagerDuty pagerduty-integrate2
  4. Run a quick test to make sure everything is working and that the right escalation policies and workflows are live in PagerDuty  pagerduty-test
  5. You’ll see a test notification in the PagerDuty web app and any notification channels you’ve configured including email, SMS, phone, etc. pagerduty-test2

Pages away!

You’re all set! The next time Red Canary detects a threat to your organization, your team will be notified via PagerDuty and their powerful on-call management and escalation policies.

pagerduty-sample-detection

You’ll also see more detailed information that we’ve deemed safe to send to external services, including threat classification, severity, what our engine observed, and a link to the detection in your Red Canary portal.

Want to learn more about what is included in a Red Canary detection? Watch a 3-minute video explaining each section

 

pagerduty-sample-detection-details

Your workflow is what makes your team effective.  At Red Canary, we don’t want to ask you to contort your own well-oiled machine around our processes. This is one of the many valuable integrations we are releasing that help keep your incident response game at top performance.




Request a demo with Red Canary