PagerDuty Integration

PagerDuty Integration: Real-Time Agent Security Alerts

Route agent security incidents to your on-call team

Connect Rune's webhook alerting to PagerDuty to route agent security incidents to your on-call engineers. Critical threats (prompt injection, data exfiltration) trigger high-urgency incidents, while lower-severity findings create informational alerts. Integrate with your existing escalation policies and incident response workflows.

Add Security in Minutes

Configure in Rune Dashboard → Settings → Notifications

// In Rune dashboard → Settings → Notifications
// Add a webhook channel pointing to PagerDuty Events API v2:

{
  "name": "PagerDuty Critical Alerts",
  "type": "webhook",
  "url": "https://events.pagerduty.com/v2/enqueue",
  "headers": {
    "Content-Type": "application/json"
  },
  "body_template": {
    "routing_key": "YOUR_PAGERDUTY_INTEGRATION_KEY",
    "event_action": "trigger",
    "payload": {
      "summary": "Rune: {{threat_type}} detected on {{agent_id}}",
      "severity": "{{severity}}",
      "source": "rune-adr"
    }
  }
}

Full setup guide in the documentation

Why PagerDuty Agents Need Runtime Security

Agent security incidents need the same response urgency as infrastructure incidents. A prompt injection that exfiltrates customer data at 3 AM needs to wake someone up — not sit in a Slack channel until morning. PagerDuty ensures critical agent threats get the response time they deserve.

Top Threats to PagerDuty Agents

criticalUnattended Critical Alerts

Without PagerDuty integration, critical agent threats may sit unnoticed in email or Slack until someone checks. PagerDuty ensures on-call engineers are paged immediately.

highDelayed Incident Response

Agent security incidents have a narrow response window. Data exfiltration can complete in seconds. PagerDuty's escalation policies ensure someone responds within your SLA.

mediumAlert Fatigue

Routing all alerts to the same channel causes fatigue. PagerDuty lets you route by severity — critical threats page on-call, while low-severity findings go to a dashboard.

What Rune Does for PagerDuty

Webhook Integration

Rune sends HMAC-signed webhook payloads to PagerDuty's Events API v2. Configure via the Rune dashboard — no code changes needed.

Severity Mapping

Map Rune threat severities (critical, high, medium, low) to PagerDuty urgency levels. Critical injection attempts trigger high-urgency incidents.

Rich Alert Context

PagerDuty incidents include agent ID, threat type, risk score, pattern matched, and a direct link to the alert in the Rune dashboard.

Auto-Resolve

When a Rune alert is resolved or marked as false positive, an auto-resolve event is sent to PagerDuty to close the incident.

Common PagerDuty Use Cases

24/7 on-call coverage for production agent security
Severity-based escalation for different threat categories
Integration with existing incident response playbooks
Compliance-ready incident tracking and audit trails

Other Integrations

Datadog

Unified observability for agent security and infrastructure

Splunk

Enterprise SIEM integration for agent security events

Sentry

Track blocked agent actions as Sentry errors

Secure your PagerDuty agents today

Add runtime security to your PagerDuty agents in under 5 minutes. Free tier includes 10,000 events per month.

Start Free — 10K Events/Month Integration Docs