Sysdig Secure Event to Opsgenie Alert to Slack

arazzo: 1.0.1
info:
  title: Sysdig Secure Event to Opsgenie Alert to Slack
  summary: Pull a Sysdig Secure event, raise an Opsgenie alert, then notify Slack.
  description: >-
    A DevSecOps escalation workflow that lists runtime security events from
    Sysdig Secure, raises an Opsgenie alert to page the on-call responder, and
    posts a Slack notification. Demonstrates chaining a container-security
    provider, an alerting provider, and a chat provider in a single Arazzo
    workflow.
  version: 1.0.0
sourceDescriptions:
  - name: sysdigSecure
    url: https://raw.githubusercontent.com/api-evangelist/sysdig/refs/heads/main/openapi/sysdig-secure-openapi.yml
    type: openapi
  - name: opsgenieAlert
    url: https://raw.githubusercontent.com/api-evangelist/opsgenie/refs/heads/main/openapi/opsgenie-alert-openapi.yml
    type: openapi
  - name: slackChat
    url: https://raw.githubusercontent.com/api-evangelist/slack/refs/heads/main/openapi/slack-chat-openapi.yml
    type: openapi
workflows:
  - workflowId: secure-event-to-opsgenie-to-slack
    summary: List a Sysdig Secure event, raise an Opsgenie alert, and notify Slack.
    description: >-
      Retrieves runtime security events from Sysdig Secure, raises an Opsgenie
      alert for the top event, and posts a Slack message confirming the page.
    inputs:
      type: object
      properties:
        slackChannel:
          type: string
    steps:
      - stepId: list-secure-events
        description: List runtime security events from Sysdig Secure.
        operationId: $sourceDescriptions.sysdigSecure.listSecureEvents
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          eventName: $response.body#/data/0/name
          eventSeverity: $response.body#/data/0/severity
      - stepId: raise-opsgenie-alert
        description: Raise an Opsgenie alert for the security event.
        operationId: $sourceDescriptions.opsgenieAlert.createAlert
        requestBody:
          contentType: application/json
          payload:
            message: $steps.list-secure-events.outputs.eventName
            priority: P1
            tags:
              - sysdig
              - runtime-security
        successCriteria:
          - condition: $statusCode == 202
        outputs:
          requestId: $response.body#/requestId
      - stepId: notify-slack
        description: Notify a Slack channel that an Opsgenie alert was raised.
        operationId: $sourceDescriptions.slackChat.postChatPostmessage
        requestBody:
          contentType: application/json
          payload:
            channel: $inputs.slackChannel
            text: $steps.list-secure-events.outputs.eventName
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          messageTs: $response.body#/ts
    outputs:
      eventName: $steps.list-secure-events.outputs.eventName
      requestId: $steps.raise-opsgenie-alert.outputs.requestId
      messageTs: $steps.notify-slack.outputs.messageTs