PagerDuty integration
Page on-call for AI agent incidents.
One PagerDuty incident per correlated AxioRank incident, with a deep link back and acknowledge or resolve that syncs both ways. Map severities to your escalation policies, encrypt the routing key at rest, and verify with one click.
Events API v2 · trigger, acknowledge, resolve · two-way sync · every plan
Exfiltration chain on billing-agent
- Correlated alerts
- 7
- Blast radius
- 2 agents
- dedup_key
- incident:3f0a…
What you get
Incident-grade paging, not alert spam.
AxioRank scores every tool call, correlates the alerts a real attack produces into one incident, and keeps a provable audit trail. The PagerDuty integration pages your on-call on the incident, and keeps both sides in step.
One incident, not a pager storm
A real attack fires many alerts. AxioRank correlates them into one incident and opens exactly one PagerDuty incident, deduplicated on the incident id.
Two-way lifecycle
Acknowledge or resolve in AxioRank and the PagerDuty incident follows. A responder who resolves in PagerDuty closes the AxioRank incident too.
Deep links back
Every PagerDuty incident carries a link straight to the AxioRank incident, with the blast radius and recommended response actions in the details.
Severity that maps
Critical, high, medium, and low map to PagerDuty's critical, error, warning, and info, so your urgency rules and escalation policies just work.
Or page on every alert
Prefer the classic behavior? Switch a channel to page on each high-risk alert instead of correlated incidents, with a per-hour cap and quiet hours.
Routing key encrypted
New channels store the Events API routing key encrypted at rest with AES-256-GCM, bound to your workspace. Older plaintext keys keep working.
The lifecycle
Trigger, acknowledge, resolve, in sync.
One dedup key (incident:<id>) ties the whole lifecycle to a single PagerDuty incident, in both directions.
| Events API action | When it fires |
|---|---|
| trigger | An AxioRank incident opens (its first correlated alert lands). |
| acknowledge | Someone acknowledges the incident in AxioRank, or a responder acknowledges it in PagerDuty. |
| resolve | The incident is resolved in AxioRank (by a person or the auto-resolve sweep), or resolved in PagerDuty. |
Verified inbound
Every inbound webhook is checked with the PagerDuty signing secret before it acts.
Encrypted routing key
The Events API routing key is encrypted at rest, bound to your workspace.
Provable trail
Every transition is written to a tamper-evident audit log you can verify offline.
Setup
Live in about a minute.
Paste one routing key to start paging. Add the inbound webhook when you want responders' actions to flow back.
1. Paste a routing key
In PagerDuty, add an Events API v2 integration to the service you want paged, copy its routing key, and add a PagerDuty channel in AxioRank.
2. Pick what pages
Page on correlated incidents (recommended) or every high-risk alert. AxioRank triggers, acknowledges, and resolves on the Events API for you.
3. Turn on two-way
Optionally register the inbound webhook URL in PagerDuty and paste back its signing secret, so a responder's actions reflect into AxioRank.
Questions
Good to know before you wire it up.
The questions an on-call lead asks first.
How is this different from the old PagerDuty channel?+
The original channel only ever triggered a PagerDuty incident per raw alert and never closed it, so PagerDuty filled with stale incidents. Now AxioRank opens one incident per correlated incident, mirrors acknowledge and resolve in both directions, and adds a deep link plus the recommended actions.
Does resolving in PagerDuty really close it in AxioRank?+
Yes, once you enable two-way sync. You register the inbound webhook URL in PagerDuty and paste back the signing secret PagerDuty shows you. AxioRank verifies every inbound payload with that secret, then reflects an acknowledge or resolve onto the matching incident. The update never echoes back out, so there is no loop.
Will I get paged twice?+
No. A PagerDuty channel pages on correlated incidents by default, so you get one incident per AxioRank incident. If you instead choose to page on every high-risk alert, that mode uses per-alert deduplication and is subject to the channel's severity floor, quiet hours, and hourly cap.
Where is the routing key stored?+
When a credential key is configured on the deployment, the Events API routing key is encrypted at rest with AES-256-GCM, bound to your workspace so a ciphertext cannot be reused elsewhere. Without a key configured, it falls back to the existing storage so the channel still works.
How do I verify it works?+
Use Send test on the channel. It triggers a throwaway PagerDuty incident and immediately resolves it, so you confirm the routing key without leaving an open incident behind.
Which plans include it?+
Every plan. Triggering, the incident lifecycle, two-way sync, and the inbound webhook are all available on Free, Pro, and Team alike.
Bring AI agent incidents into PagerDuty
Add a PagerDuty channel, page on-call on correlated incidents, and keep acknowledge and resolve in sync both ways.