Webhook

Overview

Webhooks can be used to send event data to a third-party app or to your own web server. Every time an event has a state update (start, ongoing, end) Netography will send the the event information to the URL specified.

JSON Format

Below is an example of a webhook JSON POST body sent when an event is started.

{
   "alerttype":"start",
   "algorithm":"knownbotnet",
   "beta":false,
   "bypassdisplay":false,
   "bypassrule":false,
   "cachekey":"1.2.3.4 7.8.9.10",
   "categories":[
      "iprep"
   ],
   "customer":"<shortname>",
   "description":"Srcip reputation is a known botnet",
   "dstinternal":"",
   "dstip":[

   ],
   "duration":0,
   "end":0,
   "factorcount":"",
   "factors":"",
   "flowsrcname":"",
   "id":"00edee24-bc66-4b37-803c-123456789012",
   "ignore":false,
   "input":"",
   "ipinfo":[

   ],
   "ipinfocount":0,
   "lasttimestamp":0,
   "metrics":{
      "bits":{
         "avg":0.00,
         "max":0,
         "min":0,
         "sum":0
      },
      "bitsxrate":{
         "avg":0.00,
         "max":0,
         "min":0,
         "sum":0
      },
      "clockahead":{
         "avg":0.00,
         "max":0,
         "min":0,
         "sum":0
      },
      "clockbehind":{
         "avg":0.00,
         "max":0,
         "min":0,
         "sum":0
      },
      "count":{
         "flow":1
      },
      "duration":{
         "avg":0.00,
         "max":0,
         "min":0,
         "sum":0
      },
      "hasclock":false,
      "packets":{
         "avg":0.00,
         "max":0,
         "min":0,
         "sum":0
      },
      "packetsxrate":{
         "avg":0.00,
         "max":0,
         "min":0,
         "sum":0
      }
   },
   "name":"",
   "output":"",
   "rollupperiod":300,
   "rulecount":0,
   "rules":null,
   "severity":"medium",
   "site":"",
   "srcinternal":"",
   "srcip":[

   ],
   "start":1689391131,
   "summary":"Knownbotnet alert has started in <location> for device <devicename>",
   "tag":"",
   "tags":[
      "tag1",
      "tag2",
      "tag3"
   ],
   "threshold":"count(track_by) >= 1",
   "timestamp":1689391131,
   "track":"srcip dstip",
   "track_by":[
      "srcip",
      "dstip"
   ],
   "updatecount":1,
   "updateinterval":300
}

Customizing the webhook JSON

The field names in the webhook can be customized to match fields your webhook service is already looking for. If you need to customize any of the fields in the above JSON, please contact support.

Netography Portal Steps

In Settings > Response Integrations, click Add Integration. Select Webhook

Configuration

The following fields are specific to the Webhook integration.

Field
Required
Description
Example

URL

yes

The URL to POST the event JSON to

Skip SSL Verification

If checked, the server certificate will not be validated against the available certificate authorities. Also won’t require the URL host name to match the common name presented by the certificate

Headers

Comma separated list of header: value pairs

X-Netography: Webhook

Authentication

The following fields are necessary for the integration to authenticate using HTTP Basic Auth.

Field
Required
Description

Username

no

HTTP Basic Auth ID

Password

no

HTTP Basic Auth password

PreviousRTBHNextSyslog

Last updated