Webhook
Notification Type Response Integration
Overview
Webhooks can be used to send event data to a third-party app or to your own web server. Every time an event has a state update (start, ongoing, end) Netography will send the the event information to the URL specified.
JSON Format
Below is an example of a webhook JSON POST body sent when an event is started.
{
"alerttype":"start",
"algorithm":"knownbotnet",
"beta":false,
"bypassdisplay":false,
"bypassrule":false,
"cachekey":"1.2.3.4 7.8.9.10",
"categories":[
"iprep"
],
"customer":"<shortname>",
"description":"Srcip reputation is a known botnet",
"dstinternal":"",
"dstip":[
],
"duration":0,
"end":0,
"factorcount":"",
"factors":"",
"flowsrcname":"",
"id":"00edee24-bc66-4b37-803c-123456789012",
"ignore":false,
"input":"",
"ipinfo":[
],
"ipinfocount":0,
"lasttimestamp":0,
"metrics":{
"bits":{
"avg":0.00,
"max":0,
"min":0,
"sum":0
},
"bitsxrate":{
"avg":0.00,
"max":0,
"min":0,
"sum":0
},
"clockahead":{
"avg":0.00,
"max":0,
"min":0,
"sum":0
},
"clockbehind":{
"avg":0.00,
"max":0,
"min":0,
"sum":0
},
"count":{
"flow":1
},
"duration":{
"avg":0.00,
"max":0,
"min":0,
"sum":0
},
"hasclock":false,
"packets":{
"avg":0.00,
"max":0,
"min":0,
"sum":0
},
"packetsxrate":{
"avg":0.00,
"max":0,
"min":0,
"sum":0
}
},
"name":"",
"output":"",
"rollupperiod":300,
"rulecount":0,
"rules":null,
"severity":"medium",
"site":"",
"srcinternal":"",
"srcip":[
],
"start":1689391131,
"summary":"Knownbotnet alert has started in <location> for device <devicename>",
"tag":"",
"tags":[
"tag1",
"tag2",
"tag3"
],
"threshold":"count(track_by) >= 1",
"timestamp":1689391131,
"track":"srcip dstip",
"track_by":[
"srcip",
"dstip"
],
"updatecount":1,
"updateinterval":300
}
Customizing the webhook JSON
The field names in the webhook can be customized to match fields your webhook service is already looking for. If you need to customize any of the fields in the above JSON, please contact support.
Netography Portal Steps
In Settings > Response Integrations, click Add Integration. Select Webhook
Configuration
The following fields are specific to the Webhook integration.
Field | Required | Description | Example |
---|---|---|---|
URL | yes | The URL to POST the event JSON to | |
Skip SSL Verification | If checked, the server certificate will not be validated against the available certificate authorities. Also won’t require the URL host name to match the common name presented by the certificate | ||
Headers | Comma separated list of header: value pairs | X-Netography: Webhook |
Authentication
The following fields are necessary for the integration to authenticate using HTTP Basic Auth.
Field | Required | Description |
---|---|---|
Username | no | HTTP Basic Auth ID |
Password | no | HTTP Basic Auth password |
Updated 2 months ago