Incidents & On-Call

Change Management

Overview

"What changed?" is the first question asked during every incident. Alert24's change management feature automatically tracks deployments, configuration changes, infrastructure updates, and other changes across your services — then correlates them with incidents so you can answer that question instantly.

What You Get

  • Automatic change tracking — GitHub pushes, CI/CD deployments, and cloud infrastructure changes are logged automatically
  • Incident correlation — When an incident fires, Alert24 shows what changed in the last 24 hours across affected services
  • Post-mortem linking — Link specific changes to incidents to build a causal record
  • Change dashboard — Visualize change frequency, types, risk levels, and sources across your organization
  • DORA metrics — Track change failure rate by correlating deployments with incidents

How It Works

  1. Connect your tools — Add a GitHub webhook, CI/CD pipeline step, or cloud audit log integration
  2. Changes are logged automatically — Every push, deploy, or infrastructure change creates a record in Alert24
  3. View changes on service pages — Each service shows its recent changes alongside monitoring data
  4. Correlate during incidents — When an incident fires, Alert24 surfaces recent changes to affected services
  5. Link changes to incidents — During post-mortem, link the specific changes that caused the incident

Ways to Log Changes

GitHub Webhooks (Recommended)

The easiest integration. Add a webhook to your GitHub repo and Alert24 automatically detects and parses push events, pull requests, and releases.

  1. In Alert24, go to your service and note the Changes Webhook URL
  2. In GitHub, go to Settings > Webhooks > Add webhook
  3. Set Payload URL to your Alert24 changes webhook URL
  4. Set Content type to application/json
  5. Select events: Pushes and Releases
  6. Click Add webhook

Every push to the repo will now appear as a change on your service page, with the commit SHA, message, branch, and author automatically extracted.

CI/CD Pipelines

Add a step to your deployment pipeline that notifies Alert24 after a successful deploy.

GitHub Actions:

- name: Log deployment to Alert24
  if: success()
  run: |
    curl -s -X POST "${{ secrets.ALERT24_CHANGES_URL }}" \
      -H "Content-Type: application/json" \
      -d '{
        "summary": "Deploy ${{ github.sha }}",
        "change_type": "deployment",
        "commit_sha": "${{ github.sha }}",
        "branch": "${{ github.ref_name }}",
        "changed_by": "${{ github.actor }}",
        "environment": "production"
      }'

GitLab CI:

after_script:
  - |
    curl -s -X POST "${ALERT24_CHANGES_URL}" \
      -H "Content-Type: application/json" \
      -d "{
        \"summary\": \"Deploy ${CI_COMMIT_SHORT_SHA}\",
        \"change_type\": \"deployment\",
        \"commit_sha\": \"${CI_COMMIT_SHA}\",
        \"branch\": \"${CI_COMMIT_REF_NAME}\",
        \"changed_by\": \"${GITLAB_USER_NAME}\"
      }"

Jenkins:

post {
    success {
        sh """
            curl -s -X POST "\${ALERT24_CHANGES_URL}" \
              -H "Content-Type: application/json" \
              -d '{"summary":"Jenkins build #${BUILD_NUMBER}","change_type":"deployment","commit_sha":"${GIT_COMMIT}","changed_by":"${BUILD_USER}"}'
        """
    }
}

REST API

Use the Alert24 API to log changes programmatically from any tool.

curl -X POST "https://app.alert24.net/api/v1/services/{serviceId}/changes" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "summary": "Deploy v2.1.0 to production",
    "change_type": "deployment",
    "commit_sha": "abc1234",
    "branch": "main",
    "environment": "production",
    "risk_level": "medium",
    "changed_by": "jane.doe"
  }'

See the Changes API documentation for the full API reference.

Git Hooks

Add a post-push hook to your repository:

#!/bin/bash
# .git/hooks/post-push
curl -s -X POST "${ALERT24_CHANGES_URL}" \
  -H "Content-Type: application/json" \
  -d "{
    \"summary\": \"$(git log -1 --pretty=%s)\",
    \"change_type\": \"deployment\",
    \"commit_sha\": \"$(git rev-parse HEAD)\",
    \"branch\": \"$(git rev-parse --abbrev-ref HEAD)\",
    \"changed_by\": \"$(git config user.name)\",
    \"source\": \"git_hook\"
  }"

Cloud Audit Logs

Route infrastructure changes from your cloud provider to Alert24.

AWS CloudTrail — Create an EventBridge rule that matches CloudTrail API events and routes them to an Alert24 API destination. Alert24 auto-detects CloudTrail payloads and extracts the service, operation, user, and region.

Azure Monitor — Create an Activity Log alert rule with an Action Group webhook pointing to your Alert24 changes URL. Alert24 auto-detects Azure Monitor payloads.

GCP Audit Logs — Create a Cloud Logging sink to Pub/Sub with a push subscription to your Alert24 changes URL. Alert24 auto-detects GCP Audit Log payloads.

Email

Send an email to changes+{token}@alerts.alert24.net to log a change. The subject becomes the summary, and you can include structured fields in the body:

To: [email protected]
Subject: Deploy v2.1.0 to production

Type: deployment
Environment: production
Risk: high
Commit: abc1234
Branch: main

Rolled out the new billing module with Stripe integration update.

Supported fields: Type, Environment, Risk, Service, Commit, Branch, PR, Tags.

Change Types

Type Description
deployment Code deployment to an environment
config_change Configuration file or setting change
infrastructure Cloud resource creation, modification, or scaling
code Code merge or commit (not yet deployed)
database_migration Database schema or data migration
feature_flag Feature flag toggle
rollback Reverting a previous change
scaling Auto-scaling or manual capacity change
security_patch Security update or patch

Risk Levels

Assign a risk level to each change to help prioritize during incident investigation:

Level When to use
Low Routine changes, minor updates, documentation
Medium Feature releases, dependency updates
High Database migrations, infrastructure changes, auth changes
Critical Breaking changes, security patches, data migrations

Incident Correlation

When an incident is created, Alert24 automatically surfaces changes to affected services from the previous 24 hours. This appears in the Recent Changes section on the incident detail page.

You can:

  • Link a change to the incident (click the link icon) to mark it as a contributing cause
  • Unlink changes that turned out to be unrelated
  • View linked changes in the post-incident review

Change Dashboard

The Changes page (accessible from the sidebar) provides an organization-wide view of all changes with:

  • Summary cards — Total changes, deployments, high-risk changes, unique sources
  • Change frequency chart — Changes over time
  • Breakdown charts — By type, source, and risk level
  • Filterable table — Filter by service, type, source, environment, and date range

Auto-Detection

Alert24 automatically detects the source of incoming webhooks and normalizes the payload. No configuration is needed for:

Source What's Extracted
GitHub Commit SHA, message, branch, PR, author, compare URL
GitLab Commit SHA, message, branch, MR, pipeline URL, user
AWS CloudTrail Event name, service, user ARN, region
Azure Monitor Operation, caller, correlation ID, resource
GCP Audit Logs Method name, principal email, resource labels

For other sources, send a JSON payload with the standard change fields (summary, change_type, etc.).

Incident ManagementOn-Call Schedules