Skip to main content

Search

How do I configure notifications for a generic webhook on a flock ?

Learn how to configure generic webhook notifications for a specific Canary flock. This guide covers setting up a custom endpoint, enabling webhooks in the flock settings, and verifying that alerts are posted correctly.

Canary supports outgoing webhooks from a Flock to an endpoint of your choice. This event-driven approach means you get your alerts in realtime! We support your favourite apps, such as Slack and Microsoft Teams.

In this example, we’ll post data to webhook.site, a public tool for assisting in webhook development. It’s useful to see what data is posted in the webhook, but we don’t recommend using it for production purposes. You can consume the webhook by writing a custom endpoint and hosting it on infrastructure under your control.

Note

We also support a Global Generic Webhook - see guide here.

Follow the steps below to enable and set up a generic webhook on your Canary Flock:

Step 1: Setting Up an Endpoint for Notifications

You will need to have an endpoint to post notifications to. We have used webhook.site as the endpoint.

Opening the website will reveal a URL to post notifications to (all information is posted in a JSON format).

Note

Copy the URL that is given.

CleanShot 2024-07-29 at 15.15.58.png

Step 2: Log in to your Console

Console Login.png

Step 3: Select Flock

Select the Flock you want to set up webhook notifications on.

Note

We are selecting the "Cape Town - Office" Flock.

CleanShot 2024-07-29 at 10.45.46.png

Step 4: Enable Notifications

Click on the gear icon at the top right of the screen.

CleanShot 2024-07-29 at 10.50.37.png

Select On to enable webhook notifications on this Flock. (1)

Click on the + icon under the webhooks option. (2)

CleanShot 2024-07-30 at 11.28.37.png

Step 5: Add Generic Webhook

Click on Add Generic.

CleanShot 2024-07-29 at 15.17.53.png

Paste your Unique url that you received from step 1.

CleanShot 2024-07-29 at 15.18.09.png

Step 6: Verifying Notifications Are Sent to the Endpoint

Once saved, a notification will be posted to the webhook.site URL and alerts will now be posted here.

CleanShot 2024-07-29 at 16.02.23.png

Webhook structure

The structure of the JSON object is as follows:

Canary Alert

{
"AdditionalDetails": [[],..], /* Array of additional values specific to the incident type */
"CanaryID": ""/* Canary identifier */
"CanaryIP": "X.X.X.X", /* Canary's IP address */
"CanaryLocation": "", /* Description field of Canary */
"CanaryName": "", /* Name of Canary */
"CanaryPort": 0, /* Port of the service that was triggered */
"Description": "", /* Type of incident */
"IncidentHash": "", /* Unique identifier for this incident */
"Intro": "", /* Single line summary of incident */
"ReverseDNS": "", /* Optional field, only if reverse DNS is obtainable */
"SourceIP": "X.X.X.X", /* Attacker IP address */
"Timestamp": "YYYY-MM-DD HH:MM:SS (UTC)"/* Timestamp of the incident */
}

Canarytoken

{
"Description": "", /* Type of token */
"Triggered": 0, /* Number of times the token has been triggered */
"Timestamp": "YYYY-MM-DD HH:MM:SS (UTC)", /* Timestamp of the incident */
"Token": "xxxxxxxxxxxxxxxxxxxxxxxxx", /* Unique token identifier */
"Intro": "", /* Single line summary of incident */
"Reminder": "", /* User-configured reminder for the token */
"AdditionalDetails": [[],..] /* Array of additional values specific to the incident type */
}
Was this article helpful?
1 out of 2 found this helpful
Return to top