Workato

What is Workato?

Workato helps you automate business workflows across cloud and on-premises application. For example, automated quote-to-cash business processes, which may involve transferring data between apps such as Salesforce, Netsuite, Bill.com, and Apttus.

Workato combines an enterprise-grade workflow automation platform with the ease of use expected from consumer apps, enabling both business and IT users to quickly build workflow automations.

Why should you use Workato?

Workato will assist Accedian with automation of the business flows across cloud and on-premise applications. Initially it will be used to send alerts generated from the Accedian platform to ticketing systems used by our customers. This can include Slack, Freshdesk, Jira, Salesforce to name a few.

How are Interceptor alerts pushed to Workato?

Interceptor alerts are pushed to Workato using a service called Alert Export Service. This service runs on the deployments and continuously looks for new alert export service configurations.

For the tenants, we want to push the alerts to Workato, we need to create Alert Export configuration using API call. As soon as the configuration is created the alerts start getting pushed to Workato.

Below is the API collection that should be used to create, update, delete and list alert export configuration.

The Postman collection below references the APIs that are called:

Alert Export Service.postman_collection.json

Some important fields of the configuration are shown below:

• alertexporturl - This is the webhook which will receive the alert inside Workato.

• alertpolicylist - The alert export service will export alerts corresponding to Policy IDs mentioned inside this field to Workato. This is a filter mechanism to limit number of alerts hitting the Workato Webhook. The Policy IDs can be separated by a comma.

Here is a sample payload to create alert export configuration:

{
    "data" : {
        "type" : "alertExports",
        "attributes" : {
            "alertexportenabled": true,
            "alertexportname": "sqa3auto dev1 test",
            "alertexporttype": "webhook",
            "alertexporturl": "https://www.workato.com/webhooks/rest/c91bee62-b3da-4d29-827d-cfe2eac565f4/new_demo_event",
            "alertpolicylist": ["7a65509e-4562-44cc-a9fe-5af7cd783944"]
        }
    }
}

Here is the payload and the response in POSTMAN:

An example of a Workato recipe, where the webhook mentioned in the alert export configuration is used, is shown below:

The list of fields related to Interceptor alerts that are available in Workato and can be used to send customized messages, includes:

• alertState
• captureApplicationId
• captureClientZoneId
• captureLayer
• captureServerZoneId
• destinationIp
• destinationPort
• endTimestamp
• applicationName
• macClient
• macServer
• mitreTactics
• objectId
• policyId
• policyType
• processedTimestamp
• securityJobType
• severity
• source
• sourceIp
• startTimestamp
• tenantId
• tenantName
• timestamp
• uid