Skip to main content

Overview

IncidentFox connects to your existing observability and data platforms to investigate incidents. This section covers how to configure each data source.

Supported Data Sources

Observability Platforms

PlatformStatusCapabilities
CoralogixSupportedLog search, metrics, alerts, Olly integration
DatadogSupportedMetrics, logs, APM traces
GrafanaSupportedPrometheus queries, dashboards, alerts, annotations
PrometheusSupportedPromQL queries, instant queries, alerts
SentrySupportedError tracking, issues, project stats, releases
New RelicSupportedNRQL queries, APM summary
ElasticsearchSupportedLog search, aggregations
SplunkSupportedSPL queries, log search
LokiSupportedLogQL queries

Cloud Providers

PlatformStatusCapabilities
AWSSupportedCloudWatch, EC2, Lambda, RDS, ECS, CodePipeline
AzureSupportedMonitor, VMs, App Services
GCPSupportedCloud Logging, Compute, Cloud Run

Infrastructure

PlatformStatusCapabilities
KubernetesSupportedPod logs, events, deployments, metrics
DockerSupportedContainer logs, exec, stats, events, inspect (15 tools)
TerraformSupportedState inspection, planning

Databases

PlatformStatusCapabilities
SnowflakeSupportedSQL queries, data enrichment
PostgreSQLSupportedQuery execution, schema inspection
MySQLSupportedQuery execution, schema inspection
BigQuerySupportedSQL queries, analytics

Code & CI/CD

PlatformStatusCapabilities
GitHubSupportedCode search, PRs, Actions, commits, webhooks (16 tools)
GitLabSupportedRepositories, merge requests
JenkinsSupportedBuild status, logs

Documentation & Knowledge

PlatformStatusCapabilities
ConfluenceSupportedWiki search, page retrieval
NotionSupportedWorkspace search
Google DocsSupportedRunbook search

Messaging & Streaming

PlatformStatusCapabilities
KafkaSupportedTopic inspection, consumer lag
DebeziumSupportedCDC monitoring
Schema RegistrySupportedSchema management

Data Source Architecture

Credential Management

All credentials should be stored securely using vault references: 
{
  "tools": {
    "coralogix": {
      "api_key": "vault://secrets/coralogix-api-key"
    }
  }
}
Never store credentials in plain text in configuration files.

Vault Reference Format

vault://path/to/secret
IncidentFox supports:
  • AWS Secrets Manager
  • HashiCorp Vault
  • Environment variables (for development)

Quick Setup

1

Choose Your Data Sources

Identify which platforms you want IncidentFox to access
2

Create API Keys

Generate read-only API keys for each platform
3

Store in Vault

Add credentials to your secrets manager
4

Configure in Web UI

Add data source configuration in Team Console
5

Test Connection

Verify IncidentFox can access each data source

Required Permissions

Each data source requires specific permissions. Generally, IncidentFox needs read-only access for investigation.
Data SourceRequired Permissions
CoralogixAPI key with read access
AWSCloudWatch read, EC2 describe, RDS read, Lambda read
KubernetesPod logs, events, describe resources
GitHubRepo read, issues read, PRs read
SnowflakeSELECT on relevant tables
DatadogAPI key + App key with read access
PrometheusQuery access to /api/v1/query endpoint
GrafanaViewer role, API key with read access
SentryProject read, issue read
ElasticsearchRead access to indices
PostgreSQLSELECT on relevant tables
DockerDocker socket access or API access
Principle of least privilege: Only grant permissions that are necessary for investigation. IncidentFox doesn’t need write access unless you enable auto-remediation.

Data Flow

When IncidentFox investigates an incident:
  1. Agent determines which data sources are relevant
  2. Tools are invoked to query each data source
  3. Data is retrieved and processed locally
  4. Results are correlated across sources
  5. Findings are reported back to the user
Data is:
  • Retrieved on-demand (not continuously polled)
  • Processed in-memory (not stored long-term)
  • Filtered by time range (typically last 1-24 hours)

Next Steps

Coralogix

Connect your Coralogix account

Snowflake

Set up data enrichment

AWS

Configure AWS access

Kubernetes

Connect to your clusters