Skip to main content

Exporting Alerts via a Webhook

  • Updated

Overview

Webhooks are one of the ways that the Capsule8 sensor can send alerts to other applications. Webhook output type sends alerts to a webhook endpoint with an HTTP request. This output type is incredibly powerful when combined with alert templates because it allows users to create ad hoc integrations with a number of third-party services. Some common use cases are shipping alert summaries to Slack, automatically creating Jira tickets when high priority alerts are seen, or even sending alerts directly to a Splunk cloud instance.

In this article we will work you through on how you can automatically export Capsule8 sensor alerts using webhooks.

Requirements

  • Capsule8 Sensor

Note: It is very important that before performing any of these steps that you have the Capsule8 Sensor running in your environment.  If you have not already, see the Capsule8 Installation Guide for instructions on installing the Capsule8 Sensor in your deployment environment.

1. Configuring the Capsule8 Sensor to Log Alerts using Webhook

The below example shows how the Capsule8 Sensor can be configured to export alert data to a web server or Slack, you can even send it to any random service using Webhook.

To do that go to, modify the below using your preferred text editor.

/etc/capsule8/capsule8-analytics.yaml

then add the below:

alert_output:
  outputs:
    # Send Alerts to a local web server
    - type: webhook
      enabled: true
      url: http://localhost:8080/alerts

    # Send Alerts to an arbitrary service with all settings
    - type: webhook
      enabled: true
      url: https://api.example-company.com/capsule8-alerts
      template: "New Capsule8 Alert {{.UUID}}"
      timeout: 5
      method: PUT
      headers:
        "Content-Type": "application/json"
        "Authorization": "BEARER your-generated-token"

    # Send Alerts to Slack using their webhook JSON format
    - type: webhook
      enabled: true
      url: https://hooks.slack.com/services/123ABC/ab914B12eeigVh2xZ
      template: '{"text": "šŸŒ¶ New Capsule8 Alert {{.PolicyType}} {{.Description}}"}'

 

Key Required Description
type yes The output type.
enabled yes Enables/disables the output.
url yes The URL to send the request to.
headers no The headers to pass along with the request. Defaults to ā€œContent-Type: application/jsonā€.
method no The HTTP method to use. Defaults to POST.
timeout no The timeout in seconds. Defaults to 30.

 

For step-by-step guides on how to export alerts using Webhook to the Capsule8 Console, S3 & SQS, Splunk, Google Cloud Storage, ELK, Azure Storage, etc. please visit our documentation page.

 

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.