To add a webhook notification you will need to have previously set up a compatible webhook in the application or service where notifications are to be received, ensure that the provided URL is accessible from the Sandfly server, and supply a compatible template.

ℹ️

INFO: Upgrade Feature - Webhook Notifications

The ability to configure and use Webhook Notifications requires an upgraded plan. Please see https://www.sandflysecurity.com/get-sandfly/ for details.

Sandfly comes with a sample set of ready-to-use templates for webhook enabled Slack apps ( https://api.slack.com/messaging/webhooks ), which are formatted with Slack's Block Kit ( https://api.slack.com/block-kit ). Users can create and deploy their own templates for use by other services. Please refer to the vendor's webhook documentation for details on how to structure a compatible template.

Add Webhook Form

Setting up a webhook notification is easy, fill in the following fields:

• Name - A textual name that refers to this webhook instance.
• Notification Event - Select the event that will be utilized by this webhook. Due to a direct association to the template, this value cannot be changed later. Should another event be needed, simply create a new webhook for that event.
• Alert Mode - Choose between sending notifications for all alerts or filter the alerts by Host Tags.
• Destination URL - The outbound HTTP or HTTPS URL that will receive the webhook request.
• Ignore Certificate Errors (optional) - The option to ignore certificate errors from the webhook request.
• Template - Select a predefined template, whose options change based on the currently selected Notification Event, or enter a custom template.
• Content Type - A free-form text field for providing the HTTP header Content-Type that will be used for the webhook request. As this value can vary based on the webhook provider, please refer to their documentation.

Once all of the necessary fields have been filled in, click on the Finish button to save the form.

👍

TIP: Test the Webhook Configuration

We recommend sending a test notification from Sandfly to confirm the configuration. This can be swiftly accomplished by clicking on the Test button found under the Actions column of the Notifications page. Afterward, check that the destination received the test message and was formatted as expected.

Custom Templates

For the creation of custom templates, here are all of the Sandfly data types that are passed into the template which can be used for dynamic variables / content (see the included templates for examples):

type NotifDataResult struct {
	Result    Result
	Host      Host
	ResultURL string
	HostURL   string
}

type NotifDataRollupResult struct {
	Host      Host
	HostURL   string
	Sandflies []NotifDataSandflyRollup
}

// Each of the "Sandflies" entry in the above rollup struct
type NotifDataSandflyRollup struct {
	SandflyName       string
	Alerts            int
	SandflyResultsURL string
}

type NotifDataError struct {
	Message          string
	URL              string
	NotificationName string
	NotificationID   int
}