Canary supports outgoing Webhooks from your Console to an endpoint of your choice. This event-driven approach ensures that alerts are sent to you as they happen!

In this guide, we’ll send data to your Cribl instance, using the Thinkst Canary log source.

Configuring Canary Webhooks to Cribl

Step 1: Head over to Cribl

1. Select Products
2. Mouse-over Worker Groups
3. Select the Worker Group you'd like to set up the webhook under.

Note: We've selected default - you will most likely have more the just the one Worker Group

Note: Under the Worker Group you selected you will find your Ingress Address under Group Information - the Ingress Address will be used later under Step 10 to point to the webhook you're about to create in Cribl.

Step 2: Routing and QuickConnect

1. Select the Routing drop down.
2. Select QuickConnect

Step 3: Add Destination

Select the Add Destination option on the right hand side

Step 4: Webhook

1. In the search bar, search for webhook
2. Select the Webhook tile card

Step 5: Webhook General Settings

1. Select General Settings from the left panel
2. Enter the Output ID you'd like to use - Note: we've used Thinkst_Canary
3. Enter the Description you'd like to use - Note: we've used Thinkst Canary
4. Enter the Webhook URL you'd like to use - Note: we've used https:localhost:10080
5. The default settings will be more than enough, however, add any Tags you might like to use here
6. Select Save once ready

Step 6: Authentication

1. Select Authentication from the left panel
2. Under Authentication Type select Auth token (text secret)
3. Under Token (text secret) select the option you have available for your webhook
   Note: we've selected Thinkst_Canary_webhook_secret_text
4. Select Create

Step 7: Create new secret

1. Enter the Description you'd like to use - Note: we've used Thinkst Canary
2. Enter the Tags you'd like to use
3. Enter the Value* (secret key) you'd like to use
4. Select Save

Step 8: Save the webhook

Note: you will see your new Webhook created.

Step 9: Ingress Address

The Ingress Address can be found under the Worker Group you've set up the webhook under the Group Information.

Step 10: Create a webhook on your Canary Console to send data to Cribl

At this point you're able to obtain your HTTP Source URL (Ingress Address) within Cribl. We'll use this URL and the request headers that were previously defined.

From the Global Settings page on your Canary Console, Add a new Generic Webhook and populate the  following fields:

1. Webhook URL
   Note: add your Port and /cribl/_bulk to the end of the webhook URL
   e.g: https://default.main.xxxxxxx.xxxxxx.cribl.cloud:10080/cribl/_bulk
2. Add the custom request header (e.g Thinkst_Canary_webhook_secret_text)
3. Add the custom request header secret key
4. Select Save

Step 11: Generate an alert and verify that you're able to see the alert within Cribl

Trigger a Canary or Canarytoken alert and observe the alert within your Cribl instance.

You're done! ;)