HomeDocumentationAPI Reference
Log In
Documentation
Start typing to search…
  1. User Interface
  2. Settings
  3. Notifications

Adding Webhook Notifications

To add a webhook notification you will need to have previously set up a compatible webhook in the application or service where notifications are to be received. Ensure that the provided URL is accessible from the Sandfly server, and supply a compatible template.

ℹ️

INFO: Upgrade Feature - Webhook Notifications

The ability to configure and use Webhook Notifications requires an upgraded plan. Please see https://www.sandflysecurity.com/get-sandfly/🡵 for details.

Sandfly comes with a sample set of ready-to-use templates for webhook-enabled Slack apps ( https://api.slack.com/messaging/webhooks🡵 ), which are formatted with Slack's Block Kit ( https://api.slack.com/block-kit🡵 ). Users can create and deploy their own templates for use with other services. Please refer to the vendor's webhook documentation for details on how to structure a compatible template.

Add Webhook Form

The Add Webhook button opens a form containing the following configurable fields:

  • Name - A human-readable name that refers to this webhook instance.
  • Notification Event - Select the event that will be triggered by this webhook. Due to a direct association to the template, this value cannot be changed later. Should another event be needed, simply create a new webhook for that event.
  • Alert Mode - Choose between sending notifications for all alerts or to filter the alerts by Host Tags.
  • Destination URL - The outbound HTTP or HTTPS URL that will receive the webhook request.
  • Ignore Certificate Errors (optional) - The option to ignore certificate errors from the webhook request.
  • Template - Select a predefined template, available options depend on the currently selected Notification Event or enter a custom template.
  • Content Type - A free-form text field for providing the HTTP header Content-Type that will be used for the webhook request. As this value can vary based on the webhook provider, please refer to their documentation.
An image of the Add Webhook form found on the Notification page.

Adding a Webhook Notification

Once all of the necessary fields have been filled in, click on the Finish button to save the form.

👍

TIP: Test the Webhook Configuration

We recommend sending a test notification from Sandfly to confirm the configuration. This can be swiftly accomplished by clicking on the Test button found under the Actions column of the Notifications page. Afterward, check that the destination received the test message and is formatted as expected.

Custom Templates

For the creation of custom templates, here are all of the Sandfly data types that are passed into the template which can be used for dynamic variables / content (see the included templates for examples):

type NotifDataResult struct {
	Result    Result
	Host      Host
	ResultURL string
	HostURL   string
}

type NotifDataRollupResult struct {
	Host      Host
	HostURL   string
	Sandflies []NotifDataSandflyRollup
}

// Each of the "Sandflies" entry in the above rollup struct
type NotifDataSandflyRollup struct {
	SandflyName       string
	Alerts            int
	SandflyResultsURL string
}

type NotifDataError struct {
	Message          string
	URL              string
	NotificationName string
	NotificationID   int
}

Updated 27 days ago