Overview
Webhooks are one of the ways that the Capsule8 sensor can send alerts to other applications. Webhook output type sends alerts to a webhook endpoint with an HTTP request. This output type is incredibly powerful when combined with alert templates because it allows users to create ad hoc integrations with a number of third-party services. Some common use cases are shipping alert summaries to Slack, automatically creating Jira tickets when high priority alerts are seen, or even sending alerts directly to a Splunk cloud instance.
In this article we will work you through on how you can automatically export Capsule8 sensor alerts using webhooks.
Requirements
- Capsule8 Sensor
Note: It is very important that before performing any of these steps that you have the Capsule8 Sensor running in your environment. If you have not already, see the Capsule8 Installation Guide for instructions on installing the Capsule8 Sensor in your deployment environment.
1. Configuring the Capsule8 Sensor to Log Alerts using Webhook
The below example shows how the Capsule8 Sensor can be configured to export alert data to a web server or Slack, you can even send it to any random service using Webhook.
To do that go to, modify the below using your preferred text editor.
/etc/capsule8/capsule8-analytics.yaml
then add the below:
alert_output:
outputs:
# Send Alerts to a local web server
- type: webhook
enabled: true
url: http://localhost:8080/alerts
# Send Alerts to an arbitrary service with all settings
- type: webhook
enabled: true
url: https://api.example-company.com/capsule8-alerts
template: "New Capsule8 Alert {{.UUID}}"
timeout: 5
method: PUT
headers:
"Content-Type": "application/json"
"Authorization": "BEARER your-generated-token"
# Send Alerts to Slack using their webhook JSON format
- type: webhook
enabled: true
url: https://hooks.slack.com/services/123ABC/ab914B12eeigVh2xZ
template: '{"text": "š¶ New Capsule8 Alert {{.PolicyType}} {{.Description}}"}'
Key | Required | Description |
---|---|---|
type |
yes | The output type. |
enabled |
yes | Enables/disables the output. |
url |
yes | The URL to send the request to. |
headers |
no | The headers to pass along with the request. Defaults to āContent-Type: application/jsonā. |
method |
no | The HTTP method to use. Defaults to POST. |
timeout |
no | The timeout in seconds. Defaults to 30. |
For step-by-step guides on how to export alerts using Webhook to the Capsule8 Console, S3 & SQS, Splunk, Google Cloud Storage, ELK, Azure Storage, etc. please visit our documentation page.
Comments
0 comments
Please sign in to leave a comment.