Description: Canary supports outgoing Webhooks from your Console to a publicly exposed endpoint of your choice. This event-driven approach ensures that alerts are sent to you as they happen!
In this guide, we’ll send data to your InsightIDR instance instance, using a cloud webhook collector.
In this guide, we'll be using InsightIDR's custom log feature, and a cloud collector. For some further reading, Rapid7 covers this feature in more detail here.
Step 1: Your InsightIDR Dashboard.
Head over to your InsightIDR dashboard.
Step 2: Add new Event Source
Select "DATA COLLECTION", then head over to the "Event Sources" tab, finally select "Add Event Source".
Step 3: Add custom logs
From here, click on the "Add Raw Data" drop down, and select "Custom Logs".
Step 4: Create a new Webhook URL
On the slide out menu, select the "Webhook" toggle, and provide a name for your new Event Source.
Finally grab a copy of your unique webhook URL. Hang onto this as we'll use it in your Canary Console later.
Lastly, select "Save" once done.
Step 5: Configure your Console
With your InsightIDR webhook in hand, we can head over to your Canary Console and configure it there.
Head over to your Console's Global Webhook settings either via the UI shown below:
Or by heading their directly with the below URL if you know your Console hash:
https://EXAMPLE.canary.tools/nest/settings/webhooks
Head down to the "Webhooks" section, and add a "Generic Webhook" using your InsightIDR Webhook URL generated earlier.
Step 6: Verify log ingestion
Heading back over to InsightIDR, you'll now see your new Canary Alerts Datasource, and a test event which was sent upon adding the new webhook.
You can now find logs under the "Log Search" tab, by selecting your created log source under "Raw Log".