Aurora integrates with leading observability and CI/CD platforms to automatically detect and investigate incidents in real-time.
Grafana Alert webhooks from Grafana Cloud or self-hosted instances
PagerDuty Incident webhooks with runbook integration
Datadog Event stream webhooks for monitors and alerts
Netdata Real-time health monitoring alerts
Dynatrace Problem webhooks with Davis AI insights
Splunk Search-based alerts and log anomalies
Jenkins Build failure detection with RCA
CloudBees CloudBees CI build/deployment failures
Integration Architecture Webhook Ingestion Each platform sends alerts to Aurora via webhook:
Platform → POST /api/webhooks/{platform} → Aurora Backend ↓ Create Incident ↓ Launch Background RCA ↓ Stream Thoughts to UI
Common Webhook Flow
Alert triggered in platform
Grafana/PagerDuty/Datadog monitor detects an issue
Platform sends webhook
POST request to Aurora’s webhook endpoint with alert payload
Aurora validates & stores
Webhook handler validates payload and stores in platform-specific table (e.g., grafana_alerts)
Incident creation
Alert is converted to an incident in the incidents table
Correlation check
Aurora checks if this alert correlates with existing incidents
RCA initiated
If new incident, Aurora launches background investigation via Celery task
Grafana
Datadog
Netdata
Dynatrace
Splunk
Jenkins / CloudBees
Setup
Create a Contact Point in Grafana:
Type: Webhook
URL: https://your-aurora.com/api/webhooks/grafana
Method: POST
Attach contact point to alert rules
Webhook Payload { "receiver" : "aurora" , "status" : "firing" , "alerts" : [{ "status" : "firing" , "labels" : { "alertname" : "HighErrorRate" , "severity" : "critical" , "service" : "api" }, "annotations" : { "summary" : "Error rate above 5%" , "description" : "API service is experiencing high error rates" }, "startsAt" : "2026-03-03T10:30:00Z" , "fingerprint" : "a1b2c3d4" }] }
Features
Alert fingerprint used as unique ID for correlation
Supports alert grouping by labels
Auto-resolves incidents when alert status changes to resolved
Setup
Go to Integrations → Webhooks in Datadog
Create new webhook:
Name: Aurora
URL: https://your-aurora.com/api/webhooks/datadog
Add webhook to monitor notification list: @webhook-aurora
Webhook Payload { "id" : "1234567890" , "title" : "[Triggered] CPU usage above 90%" , "text" : "CPU usage has been above 90% for 5 minutes" , "priority" : "normal" , "tags" : [ "env:production" , "service:api" ], "alert_type" : "error" , "alert_transition" : "Triggered" , "date" : 1709467800 , "org" : { "id" : 123 , "name" : "My Org" }, "link" : "https://app.datadoghq.com/monitors/12345" }
Features
Tag-based correlation (match alerts with same service tag)
Priority mapping: normal → medium, high → high, low → low
Auto-linking to Datadog monitor dashboard
Setup
In Netdata Cloud, go to Spaces → Notification Settings
Add Aurora webhook: https://your-aurora.com/api/webhooks/netdata
Select alert types to forward
Webhook Payload { "alarm" : "cpu_usage" , "status" : "CRITICAL" , "hostname" : "prod-server-01" , "chart" : "system.cpu" , "family" : "cpu" , "value" : 95.2 , "units" : "%" , "when" : 1709467800 , "info" : "CPU usage is critically high" }
Features
Real-time metric alerts
Host-based correlation (group alerts by hostname)
Chart data embedded in incident context
Setup
Go to Settings → Integration → Problem notifications
Add custom integration:
Type: Custom webhook
URL: https://your-aurora.com/api/webhooks/dynatrace
Webhook Payload { "ProblemID" : "12345" , "State" : "OPEN" , "ProblemTitle" : "High response time detected" , "ImpactedEntity" : "SERVICE-A1B2C3D4" , "Tags" : "Environment:Production,Service:API" , "ProblemDetailsJSON" : { "displayName" : "API Service" , "impactLevel" : "SERVICE" , "severityLevel" : "ERROR" } }
Features
Davis AI root cause insights included in incident context
Entity-based correlation (group by impacted service)
Automatic severity mapping from Dynatrace severity levels
Setup
Create a Webhook Alert Action in Splunk:
URL: https://your-aurora.com/api/webhooks/splunk
Method: POST
Add webhook to alert actions in Search
Webhook Payload { "sid" : "scheduler__admin__search__RMD123" , "search_name" : "Error Rate Alert" , "result" : { "error_count" : "150" , "service" : "api" , "severity" : "high" }, "results_link" : "https://splunk.example.com/app/search/..." }
Features
Search results embedded in incident context
Link back to Splunk search results
Custom field extraction from search results
Setup
Install Generic Webhook Trigger plugin in Jenkins
Add post-build action:
URL: https://your-aurora.com/api/webhooks/jenkins (or /cloudbees)
Trigger on: Build failure
Webhook Payload { "build" : { "number" : 42 , "status" : "FAILURE" , "url" : "https://jenkins.example.com/job/api-build/42/" , "full_url" : "https://jenkins.example.com/job/api-build/42/" , "scm" : { "commit" : "a1b2c3d4" , "branch" : "main" } }, "name" : "api-build" , "url" : "job/api-build/" }
Features
RCA for Build Failures : Optional setting to trigger RCA only for failures (not all builds)Build log extraction for investigation context
Commit SHA and branch tracking
Link back to Jenkins build console
Enable RCA for Jenkins/CloudBees via the Connectors page. When disabled, build events are logged but don’t create incidents.
Alert Correlation Aurora uses multiple strategies to correlate related alerts:
1. Service-Based Correlation Alerts affecting the same service are grouped:
# Check if alert matches existing incident by service if alert_service == incident.alert_service: correlation_score = 0.9 correlation_strategy = "service_match"
2. Time-Based Clustering Alerts within a 5-minute window may be related:
time_diff = abs (alert_timestamp - incident.started_at) if time_diff < timedelta( minutes = 5 ): correlation_score = 0.7 correlation_strategy = "time_cluster"
3. Semantic Similarity Using Weaviate vector search for alert description similarity:
# server/chat/backend/agent/weaviate_client.py results = weaviate_client.query( collection = "Incidents" , query_vector = embed(alert_description), limit = 5 , distance_threshold = 0.3 # High similarity ) if results: correlation_score = 1.0 - results[ 0 ].distance correlation_strategy = "semantic_similarity"
Correlated alerts are added to the incident_alerts table and displayed in the Correlated Alerts section of the incident detail page.
User Workflows Configuring Webhooks
Navigate to Connectors page in Aurora
Click “Configure” next to the observability platform
Copy the webhook URL for your platform
Follow platform-specific setup instructions
Send test webhook to verify connectivity
Webhook configuration with unique URL per platform
Alert fires in Grafana/PagerDuty/etc.
Webhook received by Aurora (within 1-2 seconds)
Incident appears on Incidents page with status investigating
Click incident to view:
Raw Alert : Original payload from platformThoughts : AI investigation progressSuggestions : Diagnostic commands and fixesSource Link : Deep link back to alerting platform
Manual Incident Creation For platforms without native webhooks, manually create incidents via API:
curl -X POST https://your-aurora.com/api/incidents \ -H "Content-Type: application/json" \ -d '{ "source_type": "custom", "alert_title": "Manual incident", "alert_service": "api", "severity": "high", "alert_metadata": { "description": "User-reported issue" } }'
Incident Lifecycle From alert to resolution:
Status Transitions From Status To Status Trigger - investigatingAlert webhook received, RCA started investigatinganalyzedRCA completed, waiting for user action analyzedresolvedUser marks incident as resolved investigatingmergedAlert merged into another incident resolvedresolvedPostmortem generated
Real-Time Updates The Incidents page uses Server-Sent Events (SSE) for real-time updates:
// client/src/app/incidents/page.tsx useEffect (() => { const eventSource = new EventSource ( '/api/incidents/stream' ); eventSource . onmessage = ( event ) => { const data = JSON . parse ( event . data ); if ( data . type === 'incident_update' ) { refreshIncidents ( true ); // Silent refresh } }; return () => eventSource . close (); }, []);
Backend sends SSE events when:
New incident created
Incident status changes
RCA completes
Suggestions added
API Reference Webhook Endpoints Grafana
PagerDuty
Datadog
Netdata
Dynatrace
Splunk
Jenkins
CloudBees
POST /api/webhooks/grafana
All webhook endpoints:
Accept JSON payloads
Return 202 Accepted on success
Validate payload structure
Rate-limited per platform
GET /api/{platform}/status
Returns connection status and configuration:
{ "connected" : true , "base_url" : "https://app.datadoghq.com" , "webhook_url" : "https://aurora.example.com/api/webhooks/datadog" , "last_webhook_received" : "2026-03-03T10:30:00Z" }
Incident Investigation Automatic root cause analysis for incoming alerts
Cloud Integrations Execute diagnostic commands during RCA investigations
Webhook configuration with unique URL per platform