Zabbix

To configure an integration into Zabbix, the following steps need to be performed:

Preparing Zabbix: usually, this task is performed by the Zabbix Administrator. In this task, an action is configured to send messages to an integration user for new and updated Zabbix Problems. This user also allows Clip to update Zabbix Problems with messages, or acknowledge or close it in response to ticket changes.
Configure a CLIP target of type Zabbix: usually, this task is performed by the CLIP Administrator.

Supported Versions

Please assure that the system you intend to integrate meets the version requirements outlined in the table below.

Product	Supported Version
Zabbix	???

System Preparation

For Clip to access the QRadar instance, an integration user is created.

Creating a Zabbix Media Type “Clip Integration”

As an administrative Zabbix user, choose "Administration" -> "Media Types" and click "Create media type" to create a media type with the settings:

In the "Media type" Tab: Name "Clip Integration", Type "Script", Script Name "ClipIntegrationScript.sh" and click the "Enabled" checkbox. Script Parameters:
- 1: http://ClipServerHostName:9090 ( or https://ClipServerHostName:9443 )
- 2: {ALERT.SUBJECT}
- 3: {ALERT.MESSAGE}
In the "Options" Tab: Concurrent sessions "One", Attempts "3", Attempt Interval "10s"

The Script must be copied from the Clip system to the Zabbix directory for Alertscripts:

Source ( Clip ): [Clip]\apache-tomcat\webapps\Clip\modules\Zabbix\ClipIntegrationScript.sh

Destination ( Zabbix System ): /usr/lib/zabbix/alertscripts/ClipIntegrationScript.sh

Creating a Zabbix User Group and Integration User

As an administrative Zabbix user, choose "Administration" -> "User Groups" and click "Create user group" to create an enabled user group with Group Name "Clip Integration Platform", Frontend access "Disabled" and "Read" permissions for "All groups":

Choose "Administration" -> "Users" and click "Create users" to create a user with Alias "ServiceNow" ( or "Jira", "Remedy" etc.), Name "Clip", Surname "Integration", Groups "Clip Integration Platform":

In the "media" Tab, add Media Type "Clip Integration" and a Media profile which is always active:

In the „Permissions" Tab, select user type "Zabbix User":

Creating the Zabbix Action

As an administrative Zabbix user, choose "Configuration" -> "Actions" and "Create Action" and create an action with the name "Create and Sync Incident via Clip Integration Platform":

The content for the "default message" textbox for the following three tabs ( "Operations", Recovery operations" and "Update operations") can be copied from the file:

[Clip]\apache-tomcat\webapps\Clip\modules\Zabbix\ZabbixActionPayloads.txt

In the „Operations" Tab, configure an operation of type "Send message to user groups" using the settings according to the screenshot:

In the „Recovery operations" and "Update operations" Tab, configure an operation of type "Send message to user groups" using the settings according to the screenshots:

Clip Target Configuration

To enable a target of type "Zabbix" on the Clip server, please move the following two files into the right place – they are part of the current Clip distribution and may be changed in future releases. They are copied in their "working directories" where they can be customized but will not be overwritten once a Clip patch, upgrade or new release is installed with updated versions:

Copy the example Clip configuration file with example integrations for Zabbix

from:
[Clip]/apache-tomcat/webapps/Clip/modules/Zabbix/ClipConfig_New_Zabbix.xml
to:
[Clip]/conf/ClipConfig.xml

Copy the Clip module for Zabbix

from:
[Clip]/apache-tomcat/webapps/Clip/modules/Zabbix/Zabbix.groovy
to:
[Clip]/modules/Zabbix/Zabbix.groovy

On the Clip Server edit the configuration file [Clip]/conf/ClipConfig.xml – for the Zabbix integration, the file contains the example target "Zabbix" and an integration "" which can be used as a template:

    <integration status="active" name="Zabbix_ServiceNow_ZAction">
			<target targetRef="Zabbix" />
			<target targetRef="ServiceNowMS" />
	</integration>

XML

This integration references the Zabbix example target:

        <apiTarget name="Zabbix"
                   url="https://zabbix.applink.de"
                   user="ServiceNow"
                   passwd="$-3mw5oxC8YvfO3YBdHPv+dIb90Eqojaw==-$"
                   scriptPath="modules/Zabbix"
                   scriptName="Zabbix.groovy"
                   
                   incidentPollingForNew="false"
                   incidentPollingIntervalSecsNew="60">

XML

The following attributes have to be set in the Zabbix target definition:

"name" attribute of the target tag. For a standard integration, leave the default value "Zabbix" unchanged.
"url" attribute: type in the URL of your Zabbix instance. Please note that for HTTPS connections to Zabbix, you have to import the Zabbix certificate into Clip's certificate store "cacerts", otherwise you will see an error message in the Clip Web UIs status page ("unable to find valid certification path to requested target")
"user" attribute: the user name for the Zabbix integration user configured in the step 5.10.1.2 – use the "Alias" for the Zabbix user here.
"passwd" attribute: the password can be entered encrypted by using the encryption feature in the "Configuration" tab in the Clip Web UI.
"scriptPath" attribute: the path, relative from the Clip installation directory to the directory that contains the script for the module
"scriptName" attribute: the name of the script for the module