Alert Destination

PagerDuty Integration

Create PagerDuty incidents from database audit alerts with automatic severity mapping, intelligent deduplication, and auto-resolve support for streamlined incident management.

Start Free Trial View Configuration

Incident Creation

Automatically create incidents in PagerDuty for critical database security alerts.

Severity Mapping

Map DB Audit severity levels to PagerDuty severity for proper incident prioritization.

Auto-Resolve

Incidents are automatically resolved when alerts are acknowledged or resolved in DB Audit.

Configuration Reference

1 Connection Settings

Field Type Required Default Description
name string Yes - A unique name for this alert destination (e.g., "pagerduty-oncall")
provider select Yes pagerduty Alert provider - select "PagerDuty"
enabled boolean No true Enable or disable alert delivery
routing_key password Yes - PagerDuty Events API v2 routing key (integration key)

2 PagerDuty Settings

Field Type Required Default Description
severity_mapping object No - Map DB Audit severities to PagerDuty severities (critical, error, warning, info)
auto_resolve boolean No true Automatically resolve incidents when alerts are resolved in DB Audit
dedup_key_template string No - Custom deduplication key template (default: alert_id)
custom_details boolean No true Include full alert details in incident custom_details
group string No - Logical grouping for alerts (e.g., "database-security")
class string No - Class/type of the event (e.g., "policy_violation")

3 Alert Filtering

Field Type Required Default Description
severity_filter multiselect No critical,high Alert severities to send: critical, high, medium, low, info
alert_types multiselect No all Alert types: policy_violation, anomaly_detection, threshold_breach, classification_alert
database_filter array No - Limit to specific databases (empty = all databases)

Recommendation: Only send critical and high severity alerts to PagerDuty to avoid alert fatigue. Use email or Slack for lower severity notifications.

4 Delivery Settings

Field Type Required Default Description
rate_limit number No 60 Maximum alerts per minute (1-100)
retry_attempts number No 3 Number of retry attempts on failure
retry_delay_seconds number No 5 Delay between retry attempts

Severity Mapping

DB Audit severity levels are mapped to PagerDuty severity levels for proper incident prioritization.

          // Default severity mapping
{
  "critical": "critical",  // DB Audit critical → PagerDuty critical
  "high": "error",         // DB Audit high → PagerDuty error
  "medium": "warning",     // DB Audit medium → PagerDuty warning
  "low": "warning",        // DB Audit low → PagerDuty warning
  "info": "info"           // DB Audit info → PagerDuty info
}
Critical

Maps to PagerDuty critical - pages on-call immediately

High

Maps to PagerDuty error - high urgency incident

Medium/Low

Maps to PagerDuty warning - lower urgency

Info

Maps to PagerDuty info - informational only

Setup Instructions

1

Create PagerDuty Integration

Create an Events API v2 integration in PagerDuty to get a routing key.

                # Creating a PagerDuty Integration

1. Log in to your PagerDuty account
2. Go to Services → Service Directory
3. Select the service to receive DB Audit alerts
4. Go to the Integrations tab
5. Click "Add Integration"
6. Search for "Events API v2"
7. Click "Add" to create the integration
8. Copy the "Integration Key" (routing key)
2

Test the Integration Key

Verify the routing key works by sending a test event.

                # Test PagerDuty Events API
curl -X POST https://events.pagerduty.com/v2/enqueue \
  -H "Content-Type: application/json" \
  -d '{
    "routing_key": "YOUR_ROUTING_KEY",
    "event_action": "trigger",
    "dedup_key": "test-dbaudit-123",
    "payload": {
      "summary": "Test alert from DB Audit",
      "severity": "info",
      "source": "dbaudit.ai"
    }
  }'

# Expected response
{
  "status": "success",
  "message": "Event processed",
  "dedup_key": "test-dbaudit-123"
}
3

Configure in DB Audit

Add the PagerDuty destination in the DB Audit dashboard.

  1. Navigate to Settings → Alert Destinations in DB Audit
  2. Click Add Destination
  3. Select PagerDuty as the provider
  4. Enter your routing key
  5. Configure severity mapping if needed
  6. Select which alert types and severities to send
  7. Test the connection and save
4

Configure PagerDuty Service Settings

Optimize your PagerDuty service settings for DB Audit alerts.

  • Set appropriate escalation policies for database security incidents
  • Configure alert grouping by database to reduce noise
  • Set up intelligent deduplication using the dedup_key
  • Create runbooks for common database security incidents

Sample Alert Payload

Alerts are sent using the PagerDuty Events API v2 format.

Trigger Event

          {
  "routing_key": "YOUR_ROUTING_KEY",
  "event_action": "trigger",
  "dedup_key": "dbaudit-alert_abc123xyz",
  "payload": {
    "summary": "Bulk Data Access Detected - production-postgres",
    "severity": "error",
    "source": "dbaudit.ai",
    "timestamp": "2024-01-15T10:30:45.123Z",
    "component": "production-postgres",
    "group": "database-security",
    "class": "policy_violation",
    "custom_details": {
      "alert_id": "alert_abc123xyz",
      "alert_type": "policy_violation",
      "database": "production-postgres",
      "database_type": "postgresql",
      "user": "app_user",
      "client_ip": "10.0.1.50",
      "query_type": "SELECT",
      "object": "public.customers",
      "rows_affected": 15000,
      "policy_name": "Bulk Data Access Policy",
      "description": "User accessed more than 10,000 rows in a single query"
    }
  },
  "links": [
    {
      "href": "https://app.dbaudit.ai/alerts/alert_abc123xyz",
      "text": "View in DB Audit"
    }
  ]
}

Resolve Event (Auto-Resolve)

          {
  "routing_key": "YOUR_ROUTING_KEY",
  "event_action": "resolve",
  "dedup_key": "dbaudit-alert_abc123xyz"
}

Testing Your Integration

Test via Dashboard

  1. Go to Settings → Alert Destinations
  2. Find your PagerDuty destination
  3. Click the Test button
  4. Check PagerDuty for the test incident
  5. Resolve the test incident in PagerDuty

Test via API

            curl -X POST \
  https://api.dbaudit.ai/v1/alerts/test \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"destination_id": "dest_abc123"}'

Troubleshooting

Invalid routing key error

The routing key may be incorrect or the integration may have been deleted.

  • Verify the routing key in PagerDuty service settings
  • Ensure you're using the Integration Key, not the API Key
  • Check that the integration is still active

Incidents not being created

Check if the PagerDuty service is disabled or if on-call is not configured.

  • Verify the service is enabled in PagerDuty
  • Check that an escalation policy is assigned
  • Ensure on-call schedules are configured

Duplicate incidents being created

The deduplication key may not be working as expected.

  • Check the dedup_key_template configuration
  • Verify PagerDuty's alert grouping settings
  • Consider grouping by database or policy

Incidents not auto-resolving

Auto-resolve may be disabled or the dedup key may not match.

  • Ensure auto_resolve is enabled
  • Verify the resolve event uses the same dedup key
  • Check the incident timeline in PagerDuty

Ready to Integrate with PagerDuty?

Start creating incidents from database security alerts in minutes.

Start Free Trial Contact Sales