Skip to main content

Incident.io

The Prequel plugin for Incident.io gives you the ability to ingest Prequel detections as alerts. From there, alerts can be routed appropriately based on your preferred rules and on-call schedule.

It provides:

  • an alert source

Prerequisites

  • An existing Incident.io subscription

Add a Prequel event source (via HTTP Alert Events)

Since Prequel provides out-of-the-box support for Incident.io, you can easily use the HTTP Alert Events integration.

Get your Incident.io webhook URL

First, you need to grab your unique webhook URL.

Log into Incident.io and click on your organization name at the top left of the screen.

Then, click on settings.

incidentio screenshot

Scroll down and select Alerts from the menu on the left. This will bring up a list of data sources.

incidentio screenshot

Click the + sign to bring up the "Create Alert Source" page and start configuring your data source.

Enter http in the search bar to find the HTTP source and click the toggle button.

incidentio screenshot

This will expand the configuration panel so that you can configure the data source.

Name the source Prequel Detections. Leave Type of HTTP source as Default. Click continue.

incidentio screenshot

On the next screen, click the "Query Authentication" toggle.

incidentio screenshot

Select the copy icon to copy the URL to the clipboard.

Click continue.

You may see a warning about not receiving test alerts. You can disregard that since we aren't sending any.

incidentio screenshot

This will bring up additional configuration details.

incidentio screenshot

note

Scroll down and adjust how priority is assigned for these alerts. Select A dynamic value to set priority based on alert payload data.

incidentio screenshot

When you're done, click Save and finish to finish creating your data source.

incidentio screenshot

Turn on the integration in Prequel

Submit a Prequel support ticket by sending an email to support@prequel.dev. Please include the following in your request:

  • Incident.io webhook URL
  • The minimum severity (e.g. medium, high, critical) of the detections you want to send to Incident.io
  • Any other filters you wish to apply (e.g. cluster name)

The team will promptly enable your integration.

Once enabled, you'll notice that the data source is receiving alerts.

✅ Congrats! Your Incident.io instance is connected to Prequel. You can create alert routes to start routing these events.