Prerequisites
A value for auth_session_key must be set in the Capsule8 Console's configuration.
Create an auth token
Create an auth token for Sensors to be able to POST alerts to the Console.
Via the Console UI:
Start the Console and log in. Navigate to the "Resources" page and click “Add Resources”. Follow the instructions there to continue.
via the command line:
Alternatively, generate a token from the command line where the Console is set up and running.
$ capsule8-console generate-token --host
Sensor configuration
To configure a Capsule8 Sensor with a Capsule8 Console instance, you must add the following to /etc/capsule8/capsule8-analytics.yaml where the Sensor is running:
alert_output:
outputs:
- type: webhook
enabled: true
url: https://capsule8.mycompany.com/alerts
template: '{"uuid": "{{.UUID}}", "data": {{AlertJSON .}}}'
Headers:
'Authorization': 'BEARER '
timeout: 5
method: POST
# This periodic heartbeat allows the Console to know current/historic connectivity.
Heartbeat:
policy: heartbeat
period: 5m
priority: Info
enabled: true
alertMessage: heartbeat
Restart the Sensors for this change to take effect.
Comments
0 comments
Please sign in to leave a comment.