Google Cloud Monitor Integration

Google Cloud Monitoring (formerly Stackdriver) lets you set up alerting policies on metrics and logs across your GCP infrastructure. When a condition is met, it fires a webhook notification to any endpoint you configure — including ITOC360.

This integration receives those webhook notifications and turns them into incidents in your on-call workflow. When the alert resolves in Google Cloud, the incident is automatically resolved in itoc360 as well.

How It Works

Google Cloud Monitoring sends a webhook payload to ITOC360 every time an alerting policy condition is triggered or resolved. The payload always contains an incident_id that stays the same for both the open and close events — ITOC360 uses this to match them together automatically.

When state is OPEN → a new alert is created in ITOC360
When state is CLOSED → the existing alert is resolved

Prerequisites

A Google Cloud project with Cloud Monitoring enabled
An alerting policy (or you will create one during setup)
An ITOC360 source configured for Google Cloud Monitoring

Step 1 — Copy Your Webhook URL

In ITOC360, navigate to your source settings and copy the webhook URL generated for your Google Cloud Monitoring source. You will paste this into Google Cloud in the next step.

Step 2 — Add a Webhook Notification Channel

Open the Google Cloud Console and navigate to Monitoring from the left sidebar.On the Monitoring page, go to Alerting.

Click the "Edit Notification Channels" button in the top right corner of the Alerting page.

On the Notification Channels page, scroll down to the Webhooks section and click "Add New".

Fill in the form:

Display Name — enter a recognizable name, for example itoc360
Endpoint URL — paste the webhook URL you copied from ITOC360, then append your source token as a query parameter at the end

Google Cloud Monitoring does not support custom request headers, so the source token must be passed in the URL itself. The final URL should look like this:

https://<your-project-url>/?token=YOUR_TOKEN

You can find your source token on the source settings page in ITOC360.

Click "Test Connection" to verify that ITOC360 can receive the payload. You should see a success toast at the bottom of the page.

Click Save. The new webhook channel will now appear in the Webhooks list.

Step 3 — Attach the Webhook to an Alerting Policy

Go back to Monitoring > Alerting and open an existing alerting policy, or create a new one by clicking "Create Policy".

In the left sidebar, click "Notifications and name" to jump to the notifications step.

Click "Add Notification Channels".

A panel will open listing all available notification channels. Find the webhook you created under the Webhooks section and select it.

After selecting it, the channel will appear under the Notifications section of the policy.

Give the policy a name in the "Alert policy name" field at the bottom, then click "Create Policy" or "Save" if you are editing an existing one.

The policy will now appear in the Alerting list.

Payload Reference

Below is the payload structure that Google Cloud Monitoring sends to webhook. This is provided for reference — no manual configuration is needed.

{
  "version": "1.2",
  "incident": {
    "incident_id": "0.opqiw61fsv7p",
    "scoping_project_id": "your-project",
    "scoping_project_number": 12345,
    "url": "https://console.cloud.google.com/monitoring/alerting/incidents/...",
    "state": "OPEN",
    "severity": "ERROR",
    "started_at": 1577840461,
    "ended_at": null,
    "policy_name": "projects/your-project/alertPolicies/12345",
    "condition_name": "CPU utilization > 90%",
    "resource_name": "your-project gke-cluster-1-default-pool",
    "resource_display_name": "gke-cluster-1-default-pool",
    "resource_type_display_name": "VM Instance",
    "resource": {
      "type": "gce_instance",
      "labels": {
        "instance_id": "11223344",
        "project_id": "your-project",
        "zone": "us-central1-c"
      }
    },
    "metric": {
      "type": "compute.googleapis.com/instance/cpu/utilization",
      "displayName": "CPU utilization",
      "labels": {
        "instance_name": "my-vm-instance"
      }
    },
    "documentation": {
      "content": "CPU is above the threshold. Check the runbook.",
      "mime_type": "text/markdown"
    },
    "summary": "CPU for gke-cluster-1 is above the threshold of 90%"
  }
}

When the alert resolves, the same payload is sent with state set to "CLOSED" and ended_at filled in. itoc360 matches it to the original alert using incident_id and closes the incident automatically.

Priority Mapping

itoc360 maps the severity field from the incoming payload to its own priority levels. The default mapping is shown below. You can override it per source from the source settings page.

Google Cloud Severity

itoc360 Priority

CRITICAL

Critical

ERROR

High

WARNING

Medium

INFO

Low

no severity

Medium

Note: When an alerting policy does not have a severity level configured, Google Cloud sends "no severity" as the value. ITOC360 treats this as Medium priority by default.

Troubleshooting

Test notification was sent but no event appeared in itoc360 Check that the endpoint URL is correct and that the token query parameter is present and matches your itoc360 source token. Google Cloud Monitoring does not support custom headers, so authentication must be done via the query parameter. Also make sure your itoc360 source is active.

Incidents are not resolving automatically This usually means the alerting policy is not configured to send a notification on resolution. In Google Cloud, make sure the "Notify on incident closure" option is enabled for the notification channel, or that your alerting policy has a closing condition defined.

severity field is missing from the payload Some alerting policies do not set a severity level. In that case, ITOC360 falls back to Medium priority. You can set a default priority override from the source settings if needed.

PreviousGitLab Integration NextGoogle Security Command Center(SCC) Integration

Last updated 27 days ago

Was this helpful?

Good morning

hashtagHow It Works

hashtagPrerequisites

hashtagStep 1 — Copy Your Webhook URL

hashtagStep 2 — Add a Webhook Notification Channel

hashtagStep 3 — Attach the Webhook to an Alerting Policy

hashtagPayload Reference

hashtagPriority Mapping

hashtagTroubleshooting