Integration Configuration

Overview

Each Integration you want to send alerts to needs some configuration, typically a URL and an API token. Follow the instructions in <tbd: Integrations> for prerequisites and initial setup, then navigate to Integrations > Configure, then click your desired Integration. A configuration dialog pops up. After you have entered the Integration's configuration, click Install.

You can re-open the configuration dialog and a new "Send Test Alert" button will be available.

You can toggle the "Enabled" switch to temporarily shut off alerts without deleting your configuration.

Splunk 

1. Set Up the Splunk Cloud Instance to receive the alerts
2. Open the Splunk installation pop up.
3. Complete the fields
   • URL: Splunk HTTP Event Collector URL. Depending on your network setup, this URL likely ends with the string :8088/services/collector/event
   • Authentication Token: Splunk token can be obtained while setting up the HTTP Event Collector in the Splunk Cloud Instance
4. Click Install

ELK Kibana

1. Have Elasticsearch running.
2. Open the ELK Kibana installation pop up.
3. Complete the URL field by specifying the Elasticsearch URL where new documents should be sent. For a typical install, this looks like http://yourURL:9200/capsule8-alerts/documents
4. Navigate to Kibana
5. Create an index called Capsule8-alerts following the steps under the 4. Visualizing the Capsule8 Sensor Alerts on Kibana subtitle on Exporting Alerts to ELK documentation
6. Click Install.

PagerDuty

Detailed PagerDuty configuration instructions are available at Exporting Alerts to PagerDuty.

Slack

Detailed Slack configuration instructions are available at Exporting Alerts to Slack.