You can configure Cisco Panoptica to send event information to Ops Genie, from where you can view it. This includes events such as a workload starting in an environment, or being blocked; connections being established between workloads, or closed.
Configure Ops Genie
Panoptica is configured as a Team in Ops Genie.
- Log in to Ops Genie, and select Teams, in the navigation pane on the left.
- Click Add team.
- Enter a name for the team (for example, Panoptica), and then click Add.
- Select Integrations.
- Click Add integration, and then select API (Rest API HTTPS over JSON.).
- In the Settings section, enter a Name for the integration (for example, Panoptica_API).
- Copy the API Key value.
- Select Read, Create and Update, and Delete Access.
- Click Enabled.
- Leave Tags and Extra Properties unchanged.
- Click Save Integration.
- In the Panoptica console, navigate to the System page, and then select the INTEGRATIONS tab.
- Scroll to the EVENTS FORWARDING section, and click New Events Forwarding.
- Select type Ops Genie.
Enter the following details for Ops Genie:
- the API Key, copied from the setup on Ops Genie, above, as the Token.
Select which events will be sent to Ops Genie:
- Notifications - these are non-critical events, that do not violate any Panoptica policy , such as a workload starting, or a connection established
- Alerts - these are events that violate a Panoptica policy; the action may be blocked, depending on the rules in the policy.
View events on Ops Genie
To view Panoptica events on Ops Genie, select Alerts in the Navigation pane.
Use the search bar (the black box) to query for specific events, or use saved searches.
Click on an event to see more detail for it.
Updated 9 months ago