Custom Webhook for Moogsoft

You can configure custom webhook to forward alerts from Sysdig Monitor to Moogsoft using the Moogsoft Events API.

Prerequisites

  • Review Custom Webhook.

  • Retrieve the Moogsoft API key:

    1. Log in to Moogsoft and select Settings > API Key Management.

    2. On the API Key Management page, create a new API key for your Sysdig webhook integration.

    3. Copy the key.

      The key will be displayed only once; therefore, store it safely for later use.

    4. From Integrations > Ingestion Services > Events API, copy the events endpoint.

      https://api.moogsoft.ai/v1/integrations/events

      You use this endpoint to configure the webhook in Sysdig Monitor.

Configuration

  1. Complete steps 1-3 in Set Up a Notification Channel and select Custom Webhook.

  2. Enter the Webhook channel configuration options:

    • URL: Enter the Moogsoft events endpoint: https://api.moogsoft.ai/v1/integrations/events
    • Channel Name: Add a meaningful name, such as “Moogsoft Incident”.
  3. For the Method and Headers, specify the following:

    • Header: apiKey
    • Value: The API key you copied from the Moogsoft API Key Management page.
  4. In the Payload Editor, use Sysdig Templating Language to customize the alert notification payload.

    Unlike Sysdig Monitor, Moogsoft uses integer-based severity, which means the severity must be translated.

    For example:

     {
       "check": "{{@alert_name}}",
       "description": "{{@alert_description}}",
       "source": "Sysdig Monitor",
       {{#if_resolved_event}}
         "severity": 0,
       {{#else}}
         {{#if_severity_high}}
           "severity": 5,
         {{#else if_severity_medium}}
           "severity": 4,
         {{#else if_severity_low}}
           "severity": 3,
         {{#else if_severity_info}}
           "severity": 2,
         {{/if}}
       {{/if}}
       "tags": {{@event_labels}}
     }
    
  5. Click Save.