PagerDuty

Enrich incidents with resource context and dependency graphs. Reduce MTTR by providing responders with full infrastructure context.

Overview

The PagerDuty integration enriches every incident with context from the knowledge graph. When a PagerDuty incident is triggered, Knowledge Tree automatically appends resource details, dependency relationships, recent change history, and relevant runbooks to the incident.

Reduced MTTR

Teams using the PagerDuty integration report 30-50% faster mean time to resolution (MTTR) because responders have full infrastructure context directly in the incident.

Incident enrichment

Each PagerDuty incident is enriched with:

Resource graph -- the affected resource and all its direct dependencies
Change history -- what changed on the resource in the last 24 hours
Blast radius -- how many other resources could be affected
Runbook links -- relevant runbooks for the resource type or incident pattern
Team ownership -- which team owns the resource based on tags or scope
Related incidents -- similar incidents from the past with resolution notes

Auto-acknowledgment

Knowledge Tree can automatically acknowledge PagerDuty incidents when the enrichment data indicates a known pattern or automated remediation has been applied:

Known patterns -- auto-acknowledge incidents matching known issue signatures
Automated remediation -- if an automated fix is applied, acknowledge the incident
Low-severity enrichment -- acknowledge low-severity incidents when graph data shows no blast radius

Custom actions

Custom actions add PagerDuty incident action buttons that let responders trigger Knowledge Tree workflows directly from the incident:

Action	Description
Show blast radius	Open the blast radius analysis for the affected resource
Run runbook	Execute a runbook step directly from the incident
View change history	Display the full change history for the affected resource
Create Jira ticket	Create a follow-up Jira ticket with incident context

Event rules

Event rules control which finding types trigger PagerDuty incidents and at what severity:

# PagerDuty event rules
pagerduty:
  event_rules:
    - finding_type: anomaly
      min_severity: high
      pd_severity: critical
    - finding_type: policy_violation
      min_severity: critical
      pd_severity: critical
    - finding_type: certificate_expiration
      min_severity: warning
      days_until_expiry: 7
      pd_severity: warning
    - finding_type: drift_detected
      min_severity: high
      pd_severity: info}

Configuration

# config.yaml
integrations:
  pagerduty:
    api_key: ${PAGERDUTY_API_KEY}
    service_id: ${PAGERDUTY_SERVICE_ID}
    enrichment:
      enabled: true
      include_dependencies: true
      include_change_history: true
      max_change_hours: 24
      include_runbooks: true
    auto_acknowledge:
      enabled: false
      known_patterns_only: true
    custom_actions:
      - blast_radius
      - runbook_execution
      - jira_ticket