In this article:
The PagerDuty integration is available with a paid SecurityScorecard plan. See our plans page for more information about levels of features and access.
Use SecurityScorecard’s PagerDuty integration to automate alerts in the PagerDuty service when important changes occur in your Scorecard, so that your team never misses important events such as a drop in the overall score or a breach.
How it works
After setting up the integration, create rules in SecurityScorecard to trigger alerts and automatically assign them to on-call responders, according to the PagerDuty Escalation Policy.
By default, each alert automatically creates a new incident. PagerDuty also allows alerts to be grouped into an existing incident .
Note: Alert grouping may not be available for all PagerDuty subscription plans. See Pager Duty’s Intelligent Alert Grouping page for more information.
What you need for the integration
Make sure you have the following before you start setting up the integration:
- A PagerDuty admin account for authorization
- A PagerDuty integration key, which you generate by creating a new service or by creating a new integration for an existing service
- Alerts enabled in PagerDuty
- A SecurityScorecard account to access Integrate360°: Marketplace and to create rules
Step 1: Enable the integration in PagerDuty
Setup steps depend on the method you use in PagerDuty to enable the integration:
- Rulesets: This is the default and recommended method because it allows you to route events to specific services based on the payload of the event from SecurityScorecard.
- A PagerDuty service: Integrating directly with a service can be beneficial if you do not need to route alerts from SecurityScorecard to different responders based on the event payload. You can still use service-level event rules to perform actions such as suppressing non-actionable alerts and adjusting the severity.
Integrate with PagerDuty Rulesets (Global Event Routing)
Note: The integration key is automatically available during the installation. You do not need to obtain it.
- In the PagerDuty dashboard, click Automation, and select Event Rules.
- In the Rulesets page, click the Wheel icon, and select View to see that the default Catch-All Rule suppresses all the alerts.
- Click the Wheel dropdown, and select Edit Rule to see that all alerts are suppressed by default.
- In the Do These things panel, select Create an incident on a service.
- In the What would you like to happen? panel, select Route to a service.
- Select your available Service.
- In the Incident Creation section, select Immediately.
- Click Save Rule.
The Catch-All Rule will now route all alerts to your available service. Continue with installing the integration app.
Tip: To learn how to find Rulesets, see PagerDuty's Global Rulesets Knowledge Base page.
Integrate with a PagerDuty service
- In the PagerDuty Services menu, select Service Directory.
- To add your integration to an existing service, click the name of the service.
Then, click Integrations and select Add an integration.
If you are creating a new service for your integration, see Create a New Service in PagerDuty’s Knowledge Base.
- On the Add Integrations page, search for SecurityScorecard.
- Select SecurityScorecard and click Add.
SecurityScorecard appears in the Integration list.
- Expand caret icon to display your Integration key, and click the Copy icon. You will need the key when configuring the SecurityScorecard portion of the integration.
Step 2: Install the integration app
- Select Marketplace from the top menu in the SecurityScorecard platform.
- On the Marketplace page, start typing PagerDuty in the search box and then select PagerDuty App to go to the installation page.
- On the PagerDuty page, click Install.
- During the installation, enter your PagerDuty credentials.
- If you integrated with rulesets in PagerDuty, select an available ruleset on the confirmation page, and click Confirm. You are then returned to the PagerDuty page, and the installation is complete.
If you integrated with a PagerDuty service, click Enter integration key on the confirmation page, paste the key that you copied when you integrated the service, and click Confirm. You are then returned to the PagerDuty page, and the installation is complete.
Tip: To uninstall the app, click Uninstall on the PagerDuty app installation in Marketplace. The process completes in a few seconds with a confirmation message.
Step 3: Set up alert rules in SecurityScorecard
- On the PagerDuty app installation page, select Create my own rule.
Tip: You also can go to the Rules page by clicking your avatar in the upper-right corner of the platform, selecting My Settings from the drop-down list, and then clicking Rules in the Settings panel.
- On the Rules page, click Create rule.
- On the rule form provide the following settings:
- Name the rule.
- Select an event to trigger the rule, such as a grade or score change.
- In the FOR drop-down list, select a Scorecard or portfolio that the rule applies to.
- Select Send alert in the Action list.
- Select a criticality level.
- Review the rule and click Save.
When a Scorecard event triggers the rule, an incident alert appears in the PagerDuty dashboard.
Glossary for this integration
An alert is a notification of an event sent by a third-party monitoring tool, prompting a PagerDuty user to resolve the event. By consolidating alerts into a single incident, you can provide a central incident for your team to respond to and resolve.
Notifications are not sent to users based on alerts, which means that you can have one or more alerts under a single incident. That incident will be assigned to users, teams, or schedules on the escalation policy for the service.
Alerts are only created from services through a third-party monitoring tool integration, email integration or through PagerDuty’s generic API integration. They cannot be manually created in PagerDuty.
See PagerDuty’s instructions for enabling alerts.
With an Alerts table, you can organize and view alerts according to your preferences. The Alerts table only shows alerts from services that you have access to. The visible alerts may be restricted by your Base Role, Team Role or Object Role. With Global Event Rules, if you suppress alerts and do not route them to a service, those alerts will only be visible to administrators.
This is the default rule for the Default Global Ruleset. By default, it is set to suppress all alerts. So, if you Integrate with PagerDuty rulesets (Global Event Routing) without setting up the catch-all rule, all your alerts would be visible in the Alerts table with the Suppressed status.
For more information about alert statuses, see the PagerDuty support page.
Global Ruleset (Default Global Ruleset)
When a new integration event stream has more than one service destination, you can use global event rules and a global Integration key to ingest and route your events to the right service. If your existing service integrations have the same event stream integrated into multiple services, consider migrating those integrations to a global ruleset and use routing rules to direct events to the correct services. Global rulesets support event rules for email integrations, but do not support Custom Event Transformers.
An incident represents a problem or an issue that needs to be addressed and resolved. Incidents trigger on a service, which prompts notifications to go out to on-call responders according to the service's escalation policy.
This key allows SecurityScorecard to properly communicate with PagerDuty and send events matching the Ruleset in SecurityScorecard Rules page.
When you select a Ruleset and send it to SecurityScorecard, you are sending an Integration Key, which is unique to each Ruleset.
An integration key is an unique identifier that is required for integration between applications. Each Integration must have one unique key. There are two types:
- Specific is used for integrations through services.
- Global is used for a ruleset and is called ruleset, because each ruleset also has an unique integration key.
A Ruleset allows you to route events to an endpoint and create collections of event rules, which define sets of actions to take based on event content. PagerDuty accounts with Free, Starter (legacy), Team (legacy), and Professional plans have access to a single global ruleset, while Business and Digital Operations plans now provide the ability to create multiple, unlimited global rulesets. For these higher-tier plans, each ruleset has an individual endpoint and they can be associated with specific teams, giving team managers editing access to their rules.
A Ruleset is a PagerDuty global setting that has an integration key with which an administrator can use PagerDuty sophisticated rules to route events to specific services.
See PagerDuty’s global assets documentation.
A service represents an application, component, or team you want to open incidents against. Services contain integrations and determine the routing and incident settings for events triggered by integrations associated with the service.
For additional information about incidents and alerts, see the following PagerDuty Knowledge Base pages:
Learn more about SecurityScorecard's Rule Builder feature.
If you need help or have questions, submit a Support request.