Browse Guides

Loading list...
X
Supplier Import - CSV/XLS/Spreadsheet Method
Generating Agreement References
Introduction to Halo Guides
Ticket/Action Import - CSV/XLS/Spreadsheet Method
Client, Sites & Users Import - CSV/XLS/Spreadsheet Method
Pre-Pay V2
Deferring Project Revenue
Contents of Knowledge Base Guides
Iru Integration (Kandji)
Remote Support
Coralogix Integration
Start to Finish: Self-Service Portal
Grouping Tickets by Ticket Type in a Column Profile
Specifying Decimal Format in PDFs
Using Dollar Variables in Actions
Process Street Integration
SQL Imports - Licences and Subscriptions
HTML for 'Today's Date'
Runbook: Append a Recurring Invoice from Sales Order lines
Automated New Starter Requests into Microsoft Entra
Group Invoice Lines by Product Group
Managing a Recurring Invoice's Lines Quantity, Price and Cost for Subscriptions
Parent and Child Projects from Sales Orders
Project Task Creation Rules Based on a Multi-Select Field
Custom SQL Query for Licence/Subscription Count on Recurring Invoice Lines
Example Pay As You Go Client
Example Pre-Pay Client
Example All You Can Eat Agreement Client
Example Combination Client
Performing Ticket Approvals via API
Automated Tickets - Next Call Date
Linking one Appointment to a Ticket to Link all Appointments in the Same Series
Using QR Codes on PDF Templates
Annotating Images in Actions
Azure Actions
Custom Table Examples
Worked Example - Receiving & Delivering Stock with Assets Created at The Point of Consignment
How to change the colour of 'How can we help you today?' on the Portal
Ticket Category Defaults and Overrides
IronPDF Errors
3CX Integration
Email General Settings
Billing Templates
Asset Fields
Pax8 Integration
Agents
Importing Data
Asset Statuses
Asset Relationships
Syncing Exchange Calendars using the Microsoft Graph API
Using your Knowledge Base
Customer Types
CSV Templates
PDF Templates
Accounts Codes
Asset Types
Expenses
Actions
Google Mail Setup (Setting up Google Application)
Datto RMM Integration
Ticket Area Breakdown
Sites
Tax Rates
Using Category Group as Ticket Rule Criteria
Users
User Roles
Purchase Orders
Charge Types
Quotations General Settings
Approval Processes
TeamViewer Integration
Email Rules
A Step-by-Step Guide to Make a Bulk Change in the Halo Database Through the API Using JSON in Postman
Okta Integration
Open AI Integration
Active Directory Integration (LDAP)
Departments and Teams
Adding a Mailbox Without The Use of Azure or Google
Create Knowledge Base Articles using files/documents
GitHub Integration
Mail Processing FAQs
Populating Invoice Lines from $-Variables
Menu Buttons
PDF Templates
Notification Templates
Drag and Drop Tickets Onto a Calendar to Create Appointments
Email Threading
Agents
Holiday Management
ManageEngine Endpoint Central Integration
Canned Text
Chat Profiles
Organisational Chart
How To Bulk Update Tickets, Drag and Drop Tickets Into Different Queues, An Explanation of Ticket Symbols
Sales Mailboxes
Access Restrictions on Suppliers
Document Management
Automating Procurement
Custom Tables
Suppliers
An Introduction to Halo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Using and Configuring Halo
Using and Configuring Halo
Integrations
Integrations
Configuration Settings Guides
Configuration Settings Guides
On-Premises Guides
On-Premises Guides
About Halo
About Halo
Datadog Integration
Reading mode
Copy Link
Link Copied!
Print
Feedback
This guide has multiple versions available:
<style>p { margin: 0; }span.fr-emoticon.fr-emoticon-img { background-repeat: no-repeat !important; font-size: inherit; height: 1em; width: 1em; min-height: 20px; min-width: 20px; display: inline-block; margin: -0.1em 0.1em 0.1em; line-height: 1; vertical-align: middle; } span.fr-emoticon { font-weight: normal; font-family: "Apple Color Emoji", "Segoe UI Emoji", "NotoColorEmoji", "Segoe UI Symbol", "Android Emoji", "EmojiSymbols"; display: inline; line-height: 0; } blockquote { border-left: solid 2px #5e35b1; color: #5e35b1; margin-left:0; padding-left:5px;}blockquote blockquote{ border-color: #00bcd4; color: #00bcd4;}blockquote blockquote blockquote{ border-color: #43a047; color: #43a047;} table.grid{ border-collapse: collapse;} table.grid td, table.grid th { border: 1px solid #ddd;} .fr-fic.fr-dib{ display: block; margin: 5px auto;}.fr-fic.fr-dib.fr-fir{ text-align: right; margin: 5px 0 5px auto;}.fr-fic.fr-dib.fr-fil{ text-align: left; margin: 5px auto 5px 0;}.fr-fic.fr-dii{ float: none; margin: 5px auto;}.fr-fic.fr-dii.fr-fil{ float: left; margin: 5px auto;}.fr-fic.fr-dii.fr-fir{ float: right; margin: 5px auto;}img.fr-dib.fr-fir { margin-right: 0; text-align: right;}img.fr-dib.fr-fil { margin-left: 0; text-align: left;}img.fr-dib { margin: 5px auto; display: block; float: none;}img.fr-bordered { box-sizing: content-box; border: solid 5px #CCC;}img.fr-shadow { box-shadow: 10px 10px 5px 0px #cccccc;}img.fr-rounded { border-radius: 10px; -moz-border-radius: 10px; -webkit-border-radius: 10px; -moz-background-clip: padding; -webkit-background-clip: padding-box; background-clip: padding-box;}</style><p><span style="font-size: 14px;"><strong>In this guide we will cover:</strong></span></p><p><span style="font-size: 14px;"><strong>- What is the Datadog Integration?</strong></span></p><p><span style="font-size: 14px;"><strong>- Connecting to Datadog</strong></span></p><p><span style="font-size: 14px;"><strong>- Creating an Authorisation Application</strong></span></p><p><span style="font-size: 14px;"><strong>- Additional Configuration for Security Alerts</strong></span></p><p><span style="font-size: 14px;"><strong>- Default Ticket Type and End User</strong></span></p><p><span style="font-size: 14px;"><strong>- Creating the Webhooks</strong></span></p><p><span style="font-size: 14px;"><strong>- Triggering Webhooks for Monitoring Alerts</strong></span></p><p><span style="font-size: 14px;"><strong>- Triggering Webhooks for Security Alerts</strong></span></p><p><span style="font-size: 14px;"><strong>- Customise the Created Alert Ticket</strong></span></p><p><br></p><p><br></p><p><span style="font-size: 14pt;"><strong>What is the Datadog Integration?<br></strong></span></p><p><span style="font-size: 14px;">The Datadog integration is used to process alerts from Datadog into tickets in Halo. This allows you to monitor alerts within Halo and archive security alerts.&nbsp;</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 18px;"><strong>Connecting to Datadog</strong></span></p><p><span style="font-size: 14px;">Head to Configuration &gt; Integrations, here there will be a module for Datadog, enable the module by selecting the &#39;+&#39; icon.&nbsp;</span></p><p><span style="font-size: 14px;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjE1NzBlNTA4LTRkNDYtNGNhNC05YWQ0LTQ4MDgzZTZhM2JmNiJ9.AVoL0SJCFdMlOYgAY8UQ38Yyhpq8Ixuk3rzOtps4E2s" class="fr-fic fr-fil fr-dib" width="381" style="width: 383px; height: 180.281px;" height="180"></span></p><p><span style="font-size: 10pt;"><strong>Fig 1. Enable Module.</strong></span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Now open up the module, to connect you will need to enter the URL of your Datadog site and your API key. The site URL can be obtained from your browser when you have logged into Datadog, this will follow the forma</span>t &#39;<a data-fr-linked="true" href="https://app.datadoghq.HOSTEDREGION" id="isPasted">https://app.datadoghq.HOSTEDREGION</a>&#39;<span style="font-size: 14px;">. Once obtained paste this into the &#39;Datadog Site&#39; field in Halo.&nbsp;</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">To obtain your API key you will need to open the Datadog &#39;Agent Manager&#39; application on your device. Under &#39;settings&#39; you will see your API key, see figure 2 for reference.&nbsp;</span></p><p><br></p><p><span style="font-size: 14px;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjA2YzZiNjAzLTg2NzAtNDhjNy05OWE2LTNkNTk2YjdkMmQ0NCJ9._J_nUf3QhPw6hv9F6iZdOLCtXSrKt65cr0ZkFJ0Snik" class="fr-fic fr-fil fr-dib" width="1208" style="width: 1210px; height: 602.246px;" height="602"></span></p><p><span style="font-size: 10pt;"><strong>Fig 2. API key in Datadog Agent Manager.</strong></span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Copy the API key and paste this into the &#39;API Key&#39; field in Halo.&nbsp;</span></p><p><br></p><p><span style="font-size: 14px;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImRhMWEwZjE5LTk3ZmUtNDUxZS05MTc5LTBhMDIyODY3MTk2MCJ9.2_727HHWuNzpBEmYJ2IQmJABNb-wWpWVsl_FI6IKShM" class="fr-fic fr-fil fr-dib" width="973" style="width: 975px; height: 336.563px;" height="337"></span></p><p><span style="font-size: 10pt;"><strong>Fig 3. Fields to paste site URL and API key into.</strong></span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14pt;"><strong>Creating an Authorization Application</strong></span></p><p><span style="font-size: 14px;">Before we create the webhooks in Datadog, we need to create an authorization method for the webhook in Halo. Head to Configuration &gt; Integrations &gt; Halo API &gt; View Applications &gt; New. Here, name the application something like &#39;Datadog authentication&#39;. Set the Authentication Method to be &#39;Client ID and Secret&#39;. Set the login type to be &#39;Agent&#39; and the &#39;Agent to log in as&#39; to be an agent with admin permissions. This may be an admin agent in your instance or you may have a specific API agent you would like to use.&nbsp;</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Now head to the permissions tab, you will need to give the application the following permissions:</span></p><ul><li style="font-size: 14px;">all:teams</li><li style="font-size: 14px;">read:tickets</li><li style="font-size: 14px;">edit:tickets</li></ul><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Before saving, head back to the details tab and copy both the client ID and the Client secret for the application.&nbsp;</span></p><p><br></p><p><span style="font-size: 14px;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImM0NjMzNzMxLTRiYjEtNDdmNi04NzU2LWJkMWI5NjQ2YTBkNCJ9._Tu68kmNxKqcluoZfWf6bZrdhi1vs4_hUmsN10n5fbo" class="fr-fic fr-fil fr-dib" width="1033" style="width: 1035px; height: 636.483px;" height="636"></span><br></p><p><span style="font-size: 10pt;"><strong>Fig 4. Client ID and secret for API application.</strong></span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Save the application, now head into Datadog.&nbsp;</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Once in Datadog head to the &#39;integrations&#39; area and open &#39;webhooks&#39;, if you do not have webhooks installed already you will need to install this.&nbsp;</span></p><p><br></p><p><span style="font-size: 14px;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjcxZmZjZWUxLTE2MjAtNDI0YS04YTcxLWRiMTYwMjQ2YmU0OSJ9.Gik0e7nxMiETq8u1_un6vOKjrj8MRk2oCJe6RhExUjc" class="fr-fic fr-fil fr-dib" width="1205" style="width: 1207px; height: 646.105px;" height="646"></span></p><p><span style="font-size: 10pt;"><strong>Fig 5. Webhooks in Datadog.</strong></span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Open the webhook integration area and go to the &#39;Auth Methods&#39; tab, create new Auth Method, Call this something sensible like &#39;Halo Authentication&#39; and set the protocol as &#39;OAuth 2.0 Client Credentials&#39;.&nbsp;</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">In the &#39;Access token URL field enter YOURHALODOMAIN/auth/token?tenant=TENANTNAME, your tenant name can be found by going to Configuration &gt; Halo API, here you can see your tenant name under the &#39;Tenant&#39; field.&nbsp;</span></p><p><br></p><p><span style="font-size: 14px;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjgzNjk1ZDQwLTg2NDUtNGVkYi1hY2QzLTkxYzIyMGY0MTQ5ZSJ9.ruhWUcFiZtQcFgzoQsX1hYGj1u5tXEHnudW8726GIks" class="fr-fic fr-fil fr-dib" width="1195" style="width: 1197px; height: 395.443px;" height="395"></span></p><p><span style="font-size: 10pt;"><strong>Fig 6. Tenant Name.</strong></span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">In the &#39;Client ID&#39; and &#39;Client Secret&#39; fields paste the ID and secret from the application you set up in Halo.&nbsp;</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">In the &#39;Scope&#39; field enter the following: &#39;read:tickets edit:tickets&#39;&nbsp;</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Save this auth method. See figure 7 for an example on how the auth method should appear.</span></p><p><br></p><p><span style="font-size: 14px;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImVjNmJiMTQ3LTY0NjUtNGZkMS1hZDg3LTc2YmQ1YWY1NzUzNiJ9.KvCiEM1HIGP45EBSxYUFWGw2Byah_2MZc1oXRzHD1P0" class="fr-fic fr-fil fr-dib" width="1210" style="width: 1212px; height: 1123.27px;" height="1123"></span></p><p><span style="font-size: 10pt;"><strong>Fig 7. Auth method in Datadog.</strong></span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14pt;"><strong>Additional Configuration for Security Alerts</strong></span></p><p><span style="font-size: 14px;">For security alerts only, you will need to generate an application key, this will allow you to change the status of the alert in Datadog when closing the associated ticket in Halo.&nbsp;</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">To generate an application key head to personal settings &gt; my organisation &gt; application keys &gt; new key, give the key a sensible name and generate it. Copy the key from Datadog and paste it into the integration setup page in Halo. It is the key itself (not the Key ID) that you will need to copy.</span></p><p><br></p><p><span style="font-size: 14px;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImNjYWQ3M2RhLWY3OTItNDdmMC1iNzQ1LWE1OGU0ZjJkNzU1YyJ9.kclLZr7UoIaCU5nB4DkCiEM8nM5l7OkT6WsrwA3M7DY" class="fr-fic fr-fil fr-dib" width="1220" style="width: 1222px; height: 351.166px;" height="351"></span></p><p><span style="font-size: 10pt;"><strong>Fig 8. Application Key in Datadog.</strong></span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14pt;"><strong>Default Ticket Type and End User</strong></span></p><p><span style="font-size: 14px;">Before creating webhooks ensure you have set the ticket type and end user that the alerts will be logged under when they come in. If you need the ticket type/end user to vary depending on the alert this can be changed using the payload for the webhook, but these fields still need to be set. You may want to create a new ticket type for these alerts.</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14pt;"><strong>Creating the Webhooks</strong></span></p><p><span style="font-size: 14px;">There are at least two webhooks that need to be created, one to process monitoring alerts, one to process security alerts. However, you can create as many webhooks as you like, if you would like the ticket information/ticket type/user to vary depending on the alert you will need to create a different webhooks for each of these.&nbsp;</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">With the webhook integration area still open in Datadog, head to the Configuration tab, create a new webhook. Call the webhook something sensible like &#39;Alerts-Halo&#39;.&nbsp;</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">In the &#39;URL&#39; field enter the following &#39;YOURHALODOMAIN/api/notify/datadog&#39;.</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">In the &#39;Auth Method&#39; field select the auth method we set up earlier.&nbsp;</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">To get the payload head back to Halo, Configuration &gt; Integrations &gt; Datadog &gt; Webhook, here is an example payload you can use for the webhook. This will create a ticket in Halo, populating the summary of the ticket to be the title of the event and setting the priority of the ticket to P1. This example payload can also be seen below:</span></p><p><span style="font-size: 14px;"><br></span></p><p id="isPasted"><span style="font-size: 14px;">{</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &quot;datadog_id&quot;: &quot;$ID&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &quot;security_signal_id&quot;: &quot;$SECURITY_SIGNAL_ID&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &quot;summary&quot;: &quot;$EVENT_TITLE&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &quot;priority_id&quot;: &quot;1&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &quot;details&quot;: &quot;$EVENT_MSG&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &quot;new_external_link&quot;: {</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &nbsp; &nbsp;&quot;table_id&quot;: &quot;1&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &nbsp; &nbsp;&quot;module_id&quot;: &quot;391&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &nbsp; &nbsp;&quot;third_party_id&quot;: &quot;$ID&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &nbsp; &nbsp;&quot;third_party_url&quot;: &quot;$LINK&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &nbsp; &nbsp;&quot;third_party_desc&quot;: &quot;$SECURITY_SIGNAL_ID&quot;}</span></p><p><span style="font-size: 14px;">}</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Enter your payload into the payload field and save the webhook.&nbsp;</span></p><p><br></p><p><span style="font-size: 14px;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImIwODM1MDZhLWZkYWItNDU2Yi04ZjQ2LWZiY2MxOWE4MjMzZCJ9.si9toew0vZqcFr0DPOBvwgJvEoxft0gZlLKtzE8K8Jc" class="fr-fic fr-fil fr-dib" width="911" style="width: 913px; height: 713.304px;" height="713"></span></p><p><span style="font-size: 10pt;"><strong>Fig 9. Webhook setup in Datadog.</strong></span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Now we can have this webhook trigger when a particular alert takes place. The setup for the webhook trigger differs slightly for monitoring and security alerts</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 18px;"><strong>Triggering Webhooks for Monitoring Alerts</strong></span></p><p><br></p><p><span style="font-size: 14px;">To do this, navigate to the &#39;Monitors&#39; module and select &#39;New Monitor&#39;;</span></p><p><br></p><p><span style="font-size: 14px;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjVlOTBkNDcwLWViOWItNDdiZC1hY2QzLTFlNDBiOGJiMWRiMyJ9.Il1uXvuWSM240CWlV8u-RiVwqfCR7U24nSnIeyKoiMg" class="fr-fic fr-fil fr-dib" width="632" height="673"></span></p><p><br></p><p>Select a Monitor Type;</p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImE1MTkxYzNjLTRjM2ItNGRlNi1hZDM0LTZjNjVlNTA2MDdhYiJ9.M8l0d02y5lIODKUkJt8HM9VQY1BvGpmvZOex1Vh9RtA" class="fr-fic fr-fil fr-dib" width="605" height="816"></p><p><br></p><p><span style="font-size: 14px;" id="isPasted">Configure your monitoring alert, at stage 4 &#39;Configure notifications and automations&#39; enter the following into the event message:</span></p><p><br></p><p id="isPasted"><span style="font-size: 14px;">&lt;!--StartFragment--&gt;</span></p><p><span style="font-size: 14px;">@webhook-NAMEOFWEBHOOK</span></p><p><span style="font-size: 14px;">&lt;!--EndFragment--&gt;</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Now save the alert. You can test the webhook using the &#39;Test Notifications&#39; button on the alert page.</span></p><p><br></p><p><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjAyYjZmZTk2LTYxNTEtNDFhYy1hZDk2LWU0YmQyYjhmY2M0NSJ9.MBbUW7jyaBBATKpkcAloinDXDOhmxygs661LNtmoqjY" class="fr-fic fr-fil fr-dib" width="1169" height="862"></p><p id="isPasted"><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjYwYThjOGI2LTZhZjAtNGU4OC05NjRhLTE2OGYwODdlNGIxOCJ9.57HA_qus1gpfsbAEe8vG24NEHUBguFlV7i6pDsL1P9U" class="fr-fic fr-fil fr-dib" width="1216" style="width: 1218px; height: 666.011px;" height="666"></span></p><p><span style="font-size: 10pt;"><strong>Fig 10. Monitoring Alert setup page with webhook trigger.</strong></span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Once you test the notifications the tickets relating to the alert will be created in Halo almost instantly. If the test is successful, each time the alert is triggered a ticket will be created in Halo. See figure 11 to reference how the ticket will look in Halo using the example payload. Note the agent who &#39;opened&#39; the ticket is the agent you set to log in as in the authentication application.&nbsp;</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Ijk0NjI4Yjk5LTA3N2ItNDEyNi05MDE4LTdiODFlNWY4NjAzMCJ9.nztWdQJdqegVDsZNTu5CZ1VTF4X7yyt30FK1tqCdEPw" class="fr-fic fr-fil fr-dib" width="1191" style="width: 1193px; height: 688.299px;" height="688"></span></p><p><span style="font-size: 10pt;"><strong>Fig 11. Ticket created from alert.</strong></span></p><p><span style="font-size: 14px;"><br></span></p><p id="isPasted"><span style="font-size: 18px;"><strong>Triggering Webhooks for Security Alerts</strong></span></p><p><span style="font-size: 14px;">Open the detection rule in Datadog that is used to trigger a security alert. At stage 3 of the rule &#39;Set rule cases&#39; enter &#39;@webhook-NAMEOFWEBHOOK&#39; into the notify field, shown in figure 12.</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjM3NjM3YjZmLWM0ZGEtNGI0OS05MjllLWI2NzQwNDc1MmYwNCJ9.kVkohbfki6gfeBddcdQlB_I8MKuiXTPPNM2tUaLTEHE" class="fr-fic fr-fil fr-dib" width="1213" style="width: 1215px; height: 156.096px;" height="156"></span></p><p><span style="font-size: 10pt;"><strong>Fig 12. Security Alert setup page with webhook trigger.</strong></span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Unlike monitoring alerts, you cannot &#39;test&#39; security alerts/detection rules so once you have added the webhook trigger you will need to trigger the alert to test the webhook is successful.&nbsp;</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Once a security alert has triggered a ticket being logged in Halo, closing the ticket will change the status of the alert in Datadog to &#39;archived&#39;.&nbsp;</span></p><p><br></p><p><span style="font-size: 18px;"><strong>Customise the Created Alert Ticket</strong></span></p><p><span style="font-size: 14px;">You can adjust the example payload to control what information is pulled into the ticket in Halo, as well as change the details/ticket type/user of the ticket.&nbsp;</span></p><p><br></p><p><span style="font-size: 12pt;"><strong>Custom Fields<br></strong></span></p><p><span style="font-size: 14px;">To have custom fields on the ticket be populated with data from the Datadog alert, first ensure the custom fields are set against the ticket type the alert is going to create. For example, if you would like the Hostname that the alert is in regards to appear in the ticket details, create a custom field for this (it will need to be a text field) and add this to the ticket type.&nbsp;</span></p><p><br></p><p><span style="font-size: 14px;"><img src="https://halo.haloservicedesk.com/api/attachment/image?token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjFmZmUwOTE1LWFkNjgtNDc5NS1hOGUzLWFkZWM2ZjA2NGYxOSJ9.AkTXrNDegrzq3pheTI8k0HWwQSAbFH0UspFzR_XBeP4" class="fr-fic fr-fil fr-dib" width="1215" style="width: 1217px; height: 539.197px;" height="539"></span></p><p><span style="font-size: 10pt;"><strong>Fig 13. Adding custom field to ticket type.</strong></span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Now the custom field is on the ticket type you can adjust the payload. Add the following into the payload:</span></p><p><span style="font-size: 14px;"><br></span></p><p id="isPasted"><span style="font-size: 14px;">&quot;customfields&quot;: [</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; {&quot;id&quot;: &quot;239&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &quot;value&quot;: &quot;$HOSTNAME&quot;},</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp;]</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Let&#39;s break this down. The ID we are calling on is the ID of the custom field we want to populate. You can obtain the ID by heading to Configuration &gt; Custom Objects &gt; Custom Fields &gt; select your custom field, once open the ID of the field will appear in the URL after &#39;id=&#39;</span></p><p><br></p><p><span style="font-size: 14px;">The value is the value that we would like to populate the field with. We can either assign a set value here, such as a set number/text, or use a variable to pull the data from Datadog. The variable in the above example will pull through the name of the host that triggered the alert. For a list of the variables Datadog uses see their guide <a data-fr-linked="true" href="https://docs.datadoghq.com/integrations/webhooks/" id="isPasted" target="_blank" rel="noopener noreferrer">here</a>.</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">See below for how the payload should look once custom fields are included:</span></p><p><span style="font-size: 14px;"><br></span></p><p id="isPasted"><span style="font-size: 14px;">{</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &quot;datadog_id&quot;: &quot;$ID&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &quot;security_signal_id&quot;: &quot;$SECURITY_SIGNAL_ID&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &quot;summary&quot;: &quot;$EVENT_TITLE&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &quot;priority_id&quot;: &quot;1&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &quot;customfields&quot;: [</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; {&quot;id&quot;: &quot;239&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &quot;value&quot;: &quot;$HOSTNAME&quot;}],</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &quot;new_external_link&quot;: {</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &nbsp; &nbsp;&quot;table_id&quot;: &quot;1&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &nbsp; &nbsp;&quot;module_id&quot;: &quot;391&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &nbsp; &nbsp;&quot;third_party_id&quot;: &quot;$ID&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &nbsp; &nbsp;&quot;third_party_url&quot;: &quot;$LINK&quot;,</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp; &nbsp; &nbsp;&quot;third_party_desc&quot;: &quot;$SECURITY_SIGNAL_ID&quot;}</span></p><p><span style="font-size: 14px;">&nbsp; &nbsp;</span></p><p><span style="font-size: 14px;">}</span></p><p><br></p><p><span style="font-size: 12pt;"><strong>Changing ticket type/end user</strong></span></p><p><span style="font-size: 14px;">To change the user that the ticket is logged under following the alert, adjust the payload for the webhook the alert is triggering. In the payload you will need to add the following:</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">&quot;user_id&quot;: &quot;X&quot;&nbsp;</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Where X is the id of the user that you would like the ticket to be logged under. To get the ID of a user head to the user&#39;s profile in Halo, the ID will appear in the URL following &#39;userid=&#39;.</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">To change the ticket type of the ticket that is logged following the alert, add the following to the webhook payload:</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">&quot;tickettype_id&quot;: &quot;X&quot;&nbsp;</span></p><p><span style="font-size: 14px;"><br></span></p><p><span style="font-size: 14px;">Where X is the ID of the ticket type you would like the ticket to be logged as. The ID of a ticket type can be obtained by heading to the Configuration &gt; Tickets &gt; Ticket Types &gt; select the required ticket type, here the ID of the ticket type can be found in the URL following &#39;id=&#39;.&nbsp;</span></p><p><span style="font-size: 14px;"><br></span></p><p><br></p>
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Platform
Platform Capabilities >
Use Cases
View all Use Cases >
Resources
Halo
Subscribe to Halo for latest news

By submitting, you are agreeing to our privacy policy.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Follow
© 2026 Halo Service Solutions. All Rights Reserved.
Terms & ConditionsPrivacy PolicySecurityTrust CentreGDPRAccessibilityModern Slavery StatementService Status