Forwarding to Webhook

Webhooks are “user-defined HTTP callbacks.” They are usually triggered by some event. When that event occurs, the source site makes an HTTP request to the URL configured for the webhook. Users can configure them to cause events on one site to invoke behavior on another.

Sysdig Secure leverages webhooks to support integrations that are not covered by any other particular integration/protocol present in the Event Forwarder list.

Prerequisites

Event forwards originate from region-specific IPs. For the full list of outbound IPs by region, see SaaS Regions and IP Ranges. Update your firewall and allow inbound requests from these IP addresses to enable Sysdig to handle event forwarding.

Configure Event Forwarding to a Webhook

To forward secure data to a Webhook:

  1. Log in to Sysdig Secure as admin. From the Settings module, navigate to the Events Forwarding tab.

  2. Click the Add Integration button.

  3. Select Webhook from the drop-down menu.

  4. Configure the required options:

    Integration Name: Define an integration name.

    Endpoint: Webhook endpoint following the schema protocol (i.e. https://)hostname:port

    Authentication: Four different methods are supported:

    • Basic authentication: If you select this method, you must fill the Secret field with the desired user: password. No whiteespaces, semicolon character as separation.

    • Bearer token: If you select this method, you must fill the Secret field with the desired user: password. No whiteespaces, semicolon character as separation.

    • Signature header: If you select this method, you must fill the Secret field with the cryptographic key provided by the software on the other end.

    • Certificate: Select this option if you want to use a certificate uploaded via Sysdig’s Certificates Management tool.

      • The Certificate field will then appear; select the appropriate cert from the drop-down menu.

    Secret: Authorization / Authentication data. This field depends on the method selected in c).

    Custom Headers Any number of custom headers defined by the user to accommodate additional parameters required on the receiving end.

    To avoid interfering with the regular webhook protocol and expected headers, the following headers cannot be set using this form.

    Data to Send: Select from the drop-down the types of Sysdig data that should be forwarded. The available list depends on the Sysidg features and products you have enabled.

    Due to the heavy connection establishment overhead imposed by the HTTP protocol, the Secure policy events are grouped by time proximity into batches and sent together in a single request as a JSON array. In other words, every HTTP request will contain a JSON array containing one or more policy runtime events.

    Select whether or not you want to allow insecure connections (i.e. invalid or self-signed certificate on the receiving side).

    Toggle the enable switch as necessary. Remember that you will need to “Test Integration” with the button below before enabling the integration.

  5. Click the Save button to save the integration.



Last modified June 23, 2022