Webhook

Notification Type Response Integration

Overview

Webhooks can be used to send event data to a third-party app or to your own web server. Every time an event has a state update (start, ongoing, end) Netography will send the the event information to the URL specified.

JSON Format

Below is an example of a webhook JSON POST body sent when an event is started.

{
   "alerttype":"start",
   "algorithm":"knownbotnet",
   "beta":false,
   "bypassdisplay":false,
   "bypassrule":false,
   "cachekey":"1.2.3.4 7.8.9.10",
   "categories":[
      "iprep"
   ],
   "customer":"<shortname>",
   "description":"Srcip reputation is a known botnet",
   "dstinternal":"",
   "dstip":[
      
   ],
   "duration":0,
   "end":0,
   "factorcount":"",
   "factors":"",
   "flowsrcname":"",
   "id":"00edee24-bc66-4b37-803c-123456789012",
   "ignore":false,
   "input":"",
   "ipinfo":[
      
   ],
   "ipinfocount":0,
   "lasttimestamp":0,
   "metrics":{
      "bits":{
         "avg":0.00,
         "max":0,
         "min":0,
         "sum":0
      },
      "bitsxrate":{
         "avg":0.00,
         "max":0,
         "min":0,
         "sum":0
      },
      "clockahead":{
         "avg":0.00,
         "max":0,
         "min":0,
         "sum":0
      },
      "clockbehind":{
         "avg":0.00,
         "max":0,
         "min":0,
         "sum":0
      },
      "count":{
         "flow":1
      },
      "duration":{
         "avg":0.00,
         "max":0,
         "min":0,
         "sum":0
      },
      "hasclock":false,
      "packets":{
         "avg":0.00,
         "max":0,
         "min":0,
         "sum":0
      },
      "packetsxrate":{
         "avg":0.00,
         "max":0,
         "min":0,
         "sum":0
      }
   },
   "name":"",
   "output":"",
   "rollupperiod":300,
   "rulecount":0,
   "rules":null,
   "severity":"medium",
   "site":"",
   "srcinternal":"",
   "srcip":[
      
   ],
   "start":1689391131,
   "summary":"Knownbotnet alert has started in <location> for device <devicename>",
   "tag":"",
   "tags":[
      "tag1",
      "tag2",
      "tag3"
   ],
   "threshold":"count(track_by) >= 1",
   "timestamp":1689391131,
   "track":"srcip dstip",
   "track_by":[
      "srcip",
      "dstip"
   ],
   "updatecount":1,
   "updateinterval":300
}

Customizing the webhook JSON

The field names in the webhook can be customized to match fields your webhook service is already looking for. If you need to customize any of the fields in the above JSON, please contact support.

Netography Portal Steps

In Settings > Response Integrations, click Add Integration. Select Webhook

Configuration

The following fields are specific to the Webhook integration.

Field	Required	Description	Example
`URL`	yes	The URL to POST the event JSON to
`Skip SSL Verification`		If checked, the server certificate will not be validated against the available certificate authorities. Also won’t require the URL host name to match the common name presented by the certificate
`Headers`		Comma separated list of `header: value` pairs	`X-Netography: Webhook`

Authentication

The following fields are necessary for the integration to authenticate using HTTP Basic Auth.

Field	Required	Description
`Username`	no	HTTP Basic Auth ID
`Password`	no	HTTP Basic Auth password

Updated about 1 month ago