Skip to main content

Collaboration

Collaboration integrations allow you to share incidents from BigPanda to other systems to create tickets or notify team members.

Shared incidents can include detailed information on the incident including the status, timeline, and information on each active alert in the incident. The share will also include links to the BigPanda incident, and a simplified Incident Preview. Once shared, recipients will be updated as the incident changes status or is acknowledged or snoozed in BigPanda.

BigPanda provides built-in integrations to several types of systems, including:

  • Ticketing systems such as JIRA and ServiceNow. In BigPanda, the incident shows the current status of the ticket in the target system and provides a direct link to it.

  • Messaging services such as Slack. Comments and invitations to the channel can be included as part of the share.

  • Task and incident management tools such as Asana and PagerDuty. Bi-directional sync can allow incident comments and resolution to update both systems simultaneously.

BigPanda has standard solutions for each of the products below. As you configure each integration, you’ll have the option to customize what information is included in each share.

For products without a standard solution, the Notifications Webhook allows you to build a custom integration for the tools you prefer.

Primary Alert Criteria

When multiple alerts are correlated into a single incident, a single alert is chosen as a primary alert. This alert is used in downstream automations and collaboration tools using Dynamic Variables, and it can be added as an incident tag. Every incident must have a primary alert.

Primary alert criteria is made up of selection criteria and filter conditions.

Selection criteria selects a single alert from all correlated alerts in the incident. Selection criteria will apply the first criteria, then the fallback. Only alerts that match all filter conditions will be selected as potential primary alerts.

For example: Latest start time AND Highest severity AND (filter)prod = test will first filter out any alerts that do not have the prod tag = test. Next, it will identify the alert with the latest start time. If there are multiple alerts with the same start time, it will then select the alert with the highest severity from that subset.

By default, the primary alert is the alert with the:

  • Highest severity

  • Earliest time correlated into the incident

  • Not in maintenance

In this section: