Follow PagerDuty Best Practices with Resmo
Cyber risk territory is a complex area. It's not just about internal policies and safeguards. In today's growing asset environment with multi-cloud and increasing SaaS adoption, companies need to consider third-party risk, too—the risk that comes from vendors when any configuration or resource fails to meet security best practices. By all odds, incident management and security monitoring solutions should also be monitored.
One such solution is PagerDuty, a powerful IT incident management tool that streamlines alert aggregation and on-call management for DevOps, security, and developer teams. Being a centralized visibility and security solution for cloud and SaaS resources, Resmo can now integrate with PagerDuty to keep cyber assets secure and compliant. Let's dive into what Resmo offers to PagerDuty users.
Good to know: With Resmo, you can also add PagerDuty as a notification channel as you are used to and receive rule violation alerts. We will elaborate on that later on in this article.
PagerDuty Resources on Resmo
There is a bunch of PagerDuty resources you will be able to collect in real-time and query each with Resmo, including:
- Users
- Teams
- Escalation policies
- Business services
- Rulesets
- Schedules
- Event orchestrations
- Maintenance windows
1. Find users without a notification rule
PagerDuty sends out notifications to users who are on-call when an incident is triggered. In order to ensure all responsible team members receive associated incident notifications, it's best to detect users without a notification rule and run necessary checks and configurations.
Related query in Resmo
SELECT name, email, role FROM pagerduty_user WHERE SIZE(notificationRules) <= 0
2. Identify users without a team
On PagerDuty, teams help users group and control user access to specific PagerDuty objects, including schedules, services, and escalations. The platform sets all teams public by default unless they are private. Users outside a private team cannot access or view its objects except Global Admin or Account Owner base roles. That is to say, if a member on your team that should have access to a particular private team but doesn't have one will not be able to;
- See that team's schedules, services, incidents, and escalation policies.
- More importantly, as highlighted by PagerDuty, any user with an Observer or Restricted base access role or who has no team role or object role specified for a private team will not be able to respond to incidents associated with the team.
You can find users on your PagerDuty environment without a team to effectively monitor teams.
Related query in Resmo
SELECT name, email, role FROM pagerduty_user WHERE SIZE(teams) <= 0
3. Identify users with multiple subdomain access
Personalized subdomains allow users to access a PagerDuty account. With Resmo, you'll be able to query if the users on your PagerDuty account have multiple subdomain access.
Related query in Resmo
SELECT name, email, role FROM pagerduty_user WHERE SIZE(subdomains) > 1
4. Find webhooks without events
Webhooks on PagerDuty enable receiving HTTP callbacks triggered when a particular event occurs in your account. For example, it notifies you when an incident escalates or resolves. Then, PagerDuty sends the information on that incident to a specified URL such as Slack.
When we pivot to our main question here, that is "what happens to webhooks without events,"
- The webhook does not operate and trigger properly.
- You might fail to identify and resolve incidents due to an unnoticed misconfigured webhook.
- Since users create their own notification rules or webhooks to get alerted, a webhook failure might lead to serious security vulnerabilities.
Resmo helps uncover your PagerDuty webhooks that have no event attached. You can enter the query below to check:
Related query in Resmo
SELECT id FROM pagerduty_webhook_subscription WHERE SIZE(events) <= 0
5. Detect PagerDuty services without alert grouping
Alert grouping on PagerDuty has three methods: Intelligent alert Grouping, Content-Based Alert Grouping, and Time-Based Alert Grouping. Alert grouping can be considered a best practice considering it enables you to group multiple alerts on the same service into a single incident. This, in return, helps reduce alert noise and enhance data fidelity.
It’s easy as ABC to query your PD services without alert grouping using Resmo. You can find the following SQL query among your predefined queries and spot the services instantly.
Related query in Resmo
SELECT id, name FROM pagerduty_service WHERE alertGroupingParameters.type IS NULL
Make the Most of PagerDuty Monitoring with Resmo
PagerDuty is a practical tool to aggregate alarms and provides an overview of your monitoring alarms and alerts. To take it a step further, Resmo offers PagerDuty users the ability to:
- Collect and monitor all PagerDuty resources in one place
- Set up custom or predefined rules for your cloud and SaaS resources
- Get alerted via PagerDuty when there's a rule violation
- Query all your assets using SQL
Get Resmo notifications through PagerDuty
Resmo streamlines getting notifications when there is a violation of a rule you have set. Notification channels include webhooks, Slack, Opsgenie, email, AND PagerDuty. By mapping severity levels to your PagerDuty severity levels, you can receive near real-time alerts from Resmo and secure your resources.
Additionally, since Resmo integrates with multiple cloud services such as AWS, Azure, Google Cloud Platform, and many other SaaS tools, your team will have more unified visibility of disparate cyber assets than ever!
Read up more on security:
For more information on the latest integrations, sign up for our newsletter or keep an eye on Resmo Documentations.
