Overview
EasyAlert Automation lets you build visual workflows that respond to incidents automatically. When an incident fires, your workflow can restart services, scale infrastructure, notify teams, create tickets, and more — all without human intervention.Visual Workflow Builder
Drag-and-drop designer with 10 node types for building complex automation logic
On-Premise Agents
Lightweight agents run on your infrastructure — no inbound ports required
Secure Connections
Credentials encrypted with AES-256-GCM, stored only on your agents
Real-Time Monitoring
Track executions live with Server-Sent Events and detailed job timelines
Why Automate Incident Response
Manual incident response is slow, inconsistent, and error-prone. Engineers are paged at 3 AM, follow runbooks from memory, and sometimes make things worse under pressure.Faster Recovery
Automated remediation runs in seconds, not the minutes it takes a human to SSH in and diagnose
Consistent Execution
Every incident gets the same response, regardless of who is on-call or how tired they are
Reduced Toil
Free your engineers from repetitive tasks so they can focus on root cause prevention
How It Works
Trigger fires
An incident is created, a webhook arrives, a cron schedule fires, or someone clicks Execute manually.
Engine traverses the graph
The workflow engine walks through your nodes — checking conditions, branching in parallel, waiting for approvals, or iterating over collections.
Jobs dispatched to agents
Action nodes create jobs that are dispatched to agents on your infrastructure. The engine selects the healthiest agent from the assigned pool.
Agents execute actions
Agents combine the connection config (from SaaS) with credentials (from their encrypted local vault) and execute the action — SSH commands, Kubernetes operations, Slack messages, Jira tickets, and more.
Core Concepts
Workflows
Visual DAGs of nodes and edges. Build them in the drag-and-drop designer, publish versioned snapshots, and activate them to respond to events.
Agents
Lightweight Python processes that run on your infrastructure. They poll for jobs, execute actions, and report results. Deploy via Docker, systemd, or the one-line installer.
Connections
Target system configurations — SSH hosts, Kubernetes clusters, Slack workspaces, Jira projects, and more. Config lives in SaaS; credentials stay encrypted on the agent.
Executions
Runtime instances of workflow runs. Monitor progress in real-time, approve or reject human gates, and debug failures with job-level detail.
Getting Started
Deploy an Agent
Create an agent in Automation > Agents, then install it on your infrastructure using the one-line installer, Docker, or manual setup. See the Agents guide for details.
Create Connections
Set up connections to the systems your workflows will interact with — SSH servers, Kubernetes clusters, Slack, Jira, etc. See the Connections guide.
Build a Workflow
Open Automation > Workflows and create a new workflow. Use the drag-and-drop designer to add triggers, actions, conditions, and other nodes. See the Workflows guide.
Publish and Activate
Click Validate to check your workflow, then Publish to create a versioned snapshot. Finally, Activate the workflow to start responding to events.
Monitor Executions
When your workflow runs, monitor it in Automation > Executions. View real-time job timelines, approve human gates, and debug failures. See the Executions guide.
Example: Auto-Restart on Critical Incident
Here is a simple but powerful workflow that automatically restarts a service when a critical incident is created, then notifies the team on Slack.Trigger: Incident Created
The workflow starts when an incident is created. A trigger condition filters for
severity equals critical so only critical incidents activate this workflow.Condition: Check Service
A condition node checks
{{incident.service}} equals payment-api to scope the automation to a specific service.Action: Restart Service
An SSH action runs
sudo systemctl restart payment-api on the target host. The connection and agent handle authentication automatically.Permissions
EasyAlert uses four granular permissions for automation:| Permission | Key | What It Grants |
|---|---|---|
| View Automation | automation:read | View workflows, agents, connections, and execution history |
| Manage Automation | automation:write | Create and update workflows, agents, and connections |
| Delete Automation | automation:delete | Delete workflows, agents, and connections |
| Execute Automation | automation:execute | Manually execute workflows, approve or reject approval steps |
Users without the required permission simply won’t see the relevant buttons or pages — EasyAlert never shows “access denied” messages.
Security Architecture
Encrypted Credential Vault
Credentials are encrypted with AES-256-GCM using a key derived from the agent’s API key via PBKDF2 (600,000 iterations). Credentials never leave the agent and are never stored in the SaaS database.
Outbound-Only Agents
Agents initiate all communication — they poll the SaaS API for jobs and push results back. No inbound ports need to be opened on your infrastructure.
Template Variable Escaping
When template variables like
{{incident.title}} are used in shell commands, EasyAlert automatically applies shlex.quote() escaping to prevent command injection attacks.Webhook Authentication
Webhook triggers require a Bearer token for authentication. The secret is bcrypt-hashed server-side and rate-limited to 60 requests per minute with 5-minute idempotency deduplication.