Red Canary’s webhook integration allows you to trigger any HTTP listener as part of an automation playbook. Common uses of webhooks include:
- Creating tickets in ticket-tracking systems such as ServiceNow or JIRA.
- Posting data to SIEM / log collection platforms like Splunk or SumoLogic.
- Triggering incidents in paging systems such as OpsGenie or VictorOps (PagerDuty has a distinct integration action).
- Sending data to a custom business application you have exposed to the internet as custom software, an Azure function, or an AWS endpoint.
Webhooks are highly customizable and allow you to configure which HTTP method is used and specify HTTP headers that are used for authorization, routing, etc.
Adding a webhook automation action
To trigger a webhook as part of an automation playbook:
- Within any playbook, click Add Action.
- Click Webhook/API > Invoke Webhook or API > Add to Playbook.
- Select an HTTP Method that should be used.
- Enter the URL that should be invoked.
- Optionally, enter one or more HTTP headers that should be included in the HTTP request. By default, no HTTP headers are sent.
- Specify a Payload type (learn more about these below). Payloads are applicable to the POST, PUT, and PATCH HTTP methods.
- Click Save.
What are payloads?
The payload of a webhook is the content that is included in the body of the HTTP request to the specified URL. These payloads can be customized based on your needs and the API you’re integrating with.
All attributes as JSON
This payload type sends all of the objects and attributes that triggered the action to the webhook URL as the body of a JSON post.
If the receiving application requires the Content-Type header to properly process the message, ensure you specify Content-Type=application/json in the HTTP Headers section.
This payload type allows you to specify a fully custom webhook payload. This content can be JSON, text, etc.
If required by the receiving application, ensure you send the appropriate HTTP headers using the HTTP Headers section.