- Notify on-call responders based on vulnerabilities within Nucleus.
- Create high and low urgency incidents based on the severity of the vulnerability and the notification rules configured in Nucleus.
- Nucleus, in conjunction with PagerDuty, automates time-consuming manual tasks associated with vulnerability management such as vulnerability analysis, prioritization, notification and remediation.
- In Nucleus, you can create rules that will trigger PagerDuty incidents when vulnerability data meets rule criteria. This means that you can define granular scenarios to task incidents to a specific service. This allows you to automate workflow around vulnerability management via connection to PagerDuty.
- When vulnerability data meets notification rule criteria in Nucleus, events will be sent to PagerDuty, creating incidents that will notify responders.
- Once the incident in PagerDuty has been resolved, it will automatically update the event in Nucleus and the status will appear as ‘Mitigated’.
- PagerDuty integrations require an Admin base role for account authorization. If you do not have this role, please reach out to an Admin or Account Owner within your organization to configure the integration.
- From the Configuration menu, select Services.
- If you are adding your integration to an existing service, click the name of the service you want to add the integration to. Then select the Integrations tab and click the New Extension button.
If you are creating a new service for your integration, please read our documentation in section Configuring Services and Integrations and follow the steps outlined in the Create a New Service section, selecting Don't Use an integration as the Integration Type in step 4. Continue with step 3 (below) once you have finished these steps.
- On the newly created service, select the Integrations tab and click + New Extension.
- Select Generic V2 Webhook as the Extension Type and enter a Name for the extension. In the Details field, you will enter the URL to your Nucleus instance with /public/index.php/webhook/pagerduty appended. (Example:
https://Nucleus-trial1.nucleussec.com/nucleus/public/index.php/webhook/pagerduty) .Click Save.
- Once you have added the extension, navigate to the Configuration menu, select API Access, then click + Create New API Key.
- Enter a description for the key, and click Create Key.
- Copy and paste the API key into a safe place before closing the dialogue box.
- In the Issue Trackers section, click the PagerDuty icon.
- On the Setup PagerDuty Connector pop-up screen, enter the API Key and click Save Changes at the bottom of the screen. If a success message appears, click Retrieve Data. If you do not receive a success message, please ensure you have entered the API Key correctly and try again.
- Select the PagerDuty Service and Default Requester from their respective dropdowns and click Save Changes.
Optional: Select the Default Escalation Policy or Default Assignee.
- Once saved, click Verify Connection to ensure everything is working properly. Once the connection is verified, a 'Success!" status will appear at the top of the pop-up screen. If you do not receive a success message, please ensure you have entered the API Key correctly, make sure your service is enabled, and try again.
Can I create a PagerDuty incident within Nucleus?
Yes, you can create an incident within Nucleus and it will automatically be created in PagerDuty. This will allow your security analysts and vulnerability managers to disperse incidents to the relevant team/individuals to be fixed without leaving the Nucleus app.
Is this integration supported bidirectionally?
Currently, changes to Nucleus-generated incidents can only be made in PagerDuty. Bidirectional functionality is on the roadmap but has not been developed yet.
What types of security threats/alarms/events will create an incident in PagerDuty?
Incidents created in PagerDuty will be related specifically to vulnerability findings. This means that when new vulnerability scans are uploaded to Nucleus, findings that meet certain criteria will automatically create incidents in PagerDuty. Users also have the option of manually creating incidents from vulnerability findings within Nucleus.
How does Nucleus know what types of incidents to create in PagerDuty?
In Nucleus, you can create rules that will trigger PagerDuty incidents when vulnerability data meets rule criteria. This means that you can define granular scenarios to task incidents to a specific service. This allows you to automate workflow around vulnerability management via connection to PagerDuty.
Can I assign specific vulnerability findings to different escalation policies within the Nucleus UI?
Yes, every time you create a PagerDuty incident within the Nucleus UI, you can select the escalation policy to which that incident will be assigned. You can also set a default escalation policy for easier manual assignment. Finally, for each notification rule, you can define under what circumstances different vulnerability findings are assigned to different escalation policies.