# Coralogix

{% hint style="info" %}
Cortex connects to many third-party vendors whose system interfaces frequently change. As a result, integration behavior or configuration steps may shift without notice. If you encounter unexpected issues, check with your system administrator or refer to the vendor's documentation for the most current information. Additionally, integration sync times vary and are subject to scheduling overrides and timing variance.
{% endhint %}

## Overview

[Coralogix](https://coralogix.com/) is an observability and security platform. Integrate Cortex with Coralogix to drive insights into alerts.

After setting up the integration, relevant alerts from Coralogix will appear in your entity pages. While viewing an entity, click **Integrations > Coralogix** in its sidebar to view the list of alerts.

## How to configure Coralogix with Cortex

### Prerequisites

Before getting started, generate a [Coralogix API key](https://coralogix.com/docs/alerts-api/#api-access).

### Step 1: Configure the integration in Cortex

1. In Cortex, navigate to the [Coralogix settings page](https://app.getcortexapp.com/admin/integrations/coralogix)
   * Click **Integrations** from the main nav. Search for and select **Coralogix**.
2. Click **Add configuration**.
3. Configure the Coralogix integration form:
   * **Account alias**: Enter your account alias.
   * **API key**: Enter your Coralogix API key.
   * **Region**: Select your region.
4. Click **Save**.

## How to connect Cortex entities to Coralogix

### Discovery

By default, Cortex will use the entity name or [Cortex tag](https://docs.cortex.io/entities#cortex-tag) (e.g. `my-service`) as the "best guess" for the Coralogix alert application name. For example, if your entity name is "My Service" and your Cortex tag is “my-service”, then the corresponding application name in Coralogix should be “My Service” or "my-service".

If your Coralogix application names don’t cleanly match the Cortex tag, you can override this in the Cortex entity descriptor.

### Editing the entity descriptor

Coralogix alerts can be listed in the Catalog under the `Coralogix` section. We support application names in the YAML for pulling Coralogix alerts.

```yaml
info:
  x-cortex-coralogix:
    applications:
    - applicationName: my-app # application name tied to alert
      alias: my-alias # alias is optional and only relevant if you have opted into multi account support
```

## Using the Coralogix integration

### Scorecards and CQL

With the Coralogix integration, you can create Scorecard rules and write CQL queries based on Coralogix alerts.

See more examples in the [CQL Explorer](https://app.getcortexapp.com/admin/cql-explorer) in Cortex.

<details>

<summary>Check if Coralogix application is set</summary>

Check if entity has a registered Coralogix application in its entity descriptor. If no registration exists, we'll try to automatically detect which corresponding Coralogix application is associated with the entity.

**Definition:** `coralogix (==/!=) null: Boolean`

**Example**

You could write a rule that checks whether an entity has a Coralogix application set:

```
coralogix != null
```

</details>

<details>

<summary>Alerts</summary>

List of alerts, filterable on status

**Definition:** `coralogix.alerts(): List`

**Example**

You could write a rule that checks whether an entity has at least 3 alerts:

```
ccoralogix.alerts().length >= 3
```

You could write a rule that checks whether an entity has no alerts and status triggered:

```
coralogix.alerts(statuses = ["triggered"]).length -= 0
```

</details>

### View integration logs <a href="#still-need-help" id="still-need-help"></a>

{% hint style="info" %}
This feature is available to Cortex cloud customers.
{% endhint %}

On the integration settings page, click the **Logs** tab to view logs from the last 7 days. Learn more in [Troubleshooting with integration logs](https://docs.cortex.io/ingesting-data-into-cortex/integrations/..#troubleshooting-with-integration-logs).