Skip to main content

Search

How do I configure notifications for a generic webhook on a flock ?

Description: Canary supports outgoing webhooks from a flock to an endpoint of your choice. This event-driven approach means you get your alerts in realtime! We support your favourite apps, such as Slack and Microsoft Teams.

In this example, we’ll post data to webhook.site, a public tool for assisting in webhook development. It’s useful to see what data is posted in the webhook, but we don’t recommend using it for production purposes. You can consume the webhook by writing a custom endpoint and hosting it on infrastructure under your control.

Note: We also support a Global Generic Webhook - see guide here

Follow the steps below to enable and set up a generic webhook on your Canary flock:

Step 1:

You will need to have an endpoint to post notifications to. We have used webhook.site as the endpoint.

Opening the website will reveal a URL to post notifications to (all information is posted in a JSON format).

Note : Copy the URL that is given.

CleanShot 2024-07-29 at 15.15.58.png

Step 2:

Log in to your Console.

Console Login.png

Step 3:

Select the flock you want to setup webhook notifications on.

Note: we are selecting the "Cape Town - Office" flock.

CleanShot 2024-07-29 at 10.45.46.png

Step 4:

Click on the Gear icon at the top right of the screen.

CleanShot 2024-07-29 at 10.50.37.png

Step 5:

  1. Select On to enable webhook notifications on this flock.
  2. Click on the Add + icon under the webhooks option.

CleanShot 2024-07-30 at 11.28.37.png

Step 6:

Click on Add Generic.

CleanShot 2024-07-29 at 15.17.53.png

Step7:

Paste your Unique url that you received from step 1.

CleanShot 2024-07-29 at 15.18.09.png

 

Step 8:

Once saved, a notification will be posted to the webhook.site URL and alerts will now be posted here.

CleanShot 2024-07-29 at 16.02.23.png

Webhook structure :

The structure of the JSON object is as follows:

Canary Alert

}
"AdditionalDetails": [[],..], /* Array of additional values specific to the incident type */
"CanaryID": "" /* Canary identifier */
"CanaryIP": "X.X.X.X", /* Canary's IP address */
"CanaryLocation": "", /* Description field of Canary */
"CanaryName": "", /* Name of Canary */
"CanaryPort": 0, /* Port of the service that was triggered */
"Description": "", /* Type of incident */
"IncidentHash": "", /* Unique identifier for this incident */
"Intro": "", /* Single line summary of incident */
"ReverseDNS": "", /* Optional field, only if reverse DNS is obtainable */
"SourceIP": "X.X.X.X", /* Attacker IP address */
"Timestamp": "YYYY-MM-DD HH:MM:SS (UTC)" /* Timestamp of the incident */
}

Canarytoken

}
"Description": "", /* Type of token */
"Triggered": 0, /* Number of times the token has been triggered */
"Timestamp": "YYYY-MM-DD HH:MM:SS (UTC)", /* Timestamp of the incident */
"Token": "xxxxxxxxxxxxxxxxxxxxxxxxx", /* Unique token identifier */
"Intro": "", /* Single line summary of incident */
"Reminder": "", /* User-configured reminder for the token */
"AdditionalDetails": [[],..] /* Array of additional values specific to the incident type */
}

You're done! ;-)

Was this article helpful?
1 out of 2 found this helpful
Return to top