Forwarding to Webhook
Webhooks are “user-defined HTTP callbacks.” They are usually triggered by some event. When that event occurs, the source site makes an HTTP request to the URL configured for the webhook. Users can configure them to cause events on one site to invoke behavior on another.
Sysdig Secure leverages webhooks to support integrations that are not covered by any other particular integration/protocol present in the Event Forwarder list.
Prerequisites
Event forwards originate from region-specific IPs. For the full list of outbound IPs by region, see SaaS Regions and IP Ranges. Update your firewall and allow inbound requests from these IP addresses to enable Sysdig to handle event forwarding.
Configure Event Forwarding to a Webhook
To forward secure data to a Webhook:
Log in to Sysdig Secure as
admin
. From theSettings
module, navigate to theEvents Forwarding
tab.Click the
Add Integration
button.Select
Webhook
from the drop-down menu.Configure the required options:
Integration Name: Define an integration name.
Endpoint: Webhook endpoint following the schema protocol (i.e.
https://)hostname:port
Authentication: Four different methods are supported:
Basic authentication: If you select this method, you must fill the
Secret
field with the desireduser: password
. No whiteespaces, semicolon character as separation.Bearer token: If you select this method, you must fill the
Secret
field with the desireduser: password
. No whiteespaces, semicolon character as separation.Signature header: If you select this method, you must fill the
Secret
field with the cryptographic key provided by the software on the other end.Certificate: Select this option if you want to use a certificate uploaded via Sysdig’s Certificates Management tool.
- The Certificate field will then appear; select the appropriate cert from the drop-down menu.
Secret: Authorization / Authentication data. This field depends on the method selected in c).
Custom Headers Any number of custom headers defined by the user to accommodate additional parameters required on the receiving end.
To avoid interfering with the regular webhook protocol and expected headers, the following headers cannot be set using this form.
Data to Send: Select from the drop-down the types of Sysdig data that should be forwarded. The available list depends on the Sysidg features and products you have enabled.
Due to the heavy connection establishment overhead imposed by the HTTP protocol, the Secure policy events are grouped by time proximity into batches and sent together in a single request as a JSON array. In other words, every HTTP request will contain a JSON array containing one or more policy runtime events.
Select whether or not you want to allow insecure connections (i.e. invalid or self-signed certificate on the receiving side).
Toggle the enable switch as necessary. Remember that you will need to “Test Integration” with the button below before enabling the integration.
Click the
Save
button to save the integration.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.