Splunk On-Call
Last updated 2024-01-31
IMPORTANT
This feature only applies to Next-Gen WAF customers with access to the Next-Gen WAF control panel. Corp integrations (account integrations) are not supported on the Essential platform.
With the VictorOps Alert integration, notifications are sent to Splunk On-Call, formerly known as VictorOps, anytime activity occurs (e.g., agent mode changes).
Adding a VictorOps Alert integration
VictorOps Alert integrations are configured per project.
From the VictorOps web portal, enable integrations and copy the integration Post URL, being sure to change
$routing_keyto the appropriate notification group. The Post URL will be in the format of:https://alert.victorops.com/integrations/generic/XXXXXXXXX/alert/XXXXXXXXXXXXX/$routing_keyFor more information, check out Splunk's integration documentation.
- Log in to the Next-Gen WAF control panel.
- From the Sites menu, select a site if you have more than one site.
From the Manage menu, select Site Integrations.
Click Add site integration.
Select the VictorOps Alert integration.
In the Webhook URL field, enter the copied Post URL.
- Select if you want to be alerted regarding All activity or Specific activity. If you selected Specific activity, then in the Activity menu choose the activity types that you want the integration to create alerts for.
Click Create site integration.
Activity types
| Activity type | Description |
|---|---|
siteDisplayNameChanged | The display name of a site (workspace) was changed |
siteNameChanged | The short name of a site (workspace) was changed |
loggingModeChanged | The agent mode ("Blocking", "Not Blocking", "Off") was changed |
agentAnonModeChanged | The agent IP anonymization mode was changed |
flag | An IP address was flagged |
expireFlag | An IP address flag was manually expired |
createCustomRedaction | A custom redaction was created |
removeCustomRedaction | A custom redaction was removed |
updateCustomRedaction | A custom redaction was updated |
customTagCreated | A custom signal was created |
customTagUpdated | A custom signal was updated |
customTagDeleted | A custom signal was removed |
customAlertCreated | A custom alert was created |
customAlertUpdated | A custom alert was updated |
customAlertDeleted | A custom alert was removed |
detectionCreated | A templated rule was created |
detectionUpdated | A templated rule was updated |
detectionDeleted | A templated rule was removed |
listCreated | A list was created |
listUpdated | A list was updated |
listDeleted | A list was removed |
ruleCreated | A request rule was created |
ruleUpdated | A request rule was updated |
ruleDeleted | A request rule was deleted |
customDashboardCreated | A custom dashboard was created |
customDashboardUpdated | A custom dashboard was updated |
customDashboardReset | A custom dashboard was reset |
customDashboardDeleted | A custom dashboard was removed |
customDashboardWidgetCreated | A custom dashboard card was created |
customDashboardWidgetUpdated | A custom dashboard card was updated |
customDashboardWidgetDeleted | A custom dashboard card was removed |
agentAlert | An agent alert was triggered |
Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
