Capsule8 Docs
Capsule8 Docs

Getting Alerts via a webhook

The webhook output type sends alerts to a webhook endpoint with an HTTP request. This output type is incredibly powerful when combined with Alert Templates because it allows users to create ad hoc integrations with a number of third-party services. Some common use cases are to ship Alert summaries to Slack, automatically create Jira tickets when high priority Alerts are seen, or even to send Alerts directly to a Splunk Cloud instance.

Key Required Description
type yes The output type.
enabled yes Enables/disables the output.
url yes The URL to send the request to.
headers no The headers to pass along with the request. Defaults to “Content-Type: application/json”.
method no The HTTP method to use. Defaults to POST.
timeout no The timeout in seconds. Defaults to 30.


    # Send Alerts to a local web server
    - type: webhook
      enabled: true
      url: http://localhost:8080/alerts

    # Send Alerts to an arbitrary service with all settings
    - type: webhook
      enabled: true
      template: "New Capsule8 Alert {{.UUID}}"
      timeout: 5
      method: PUT
        "Content-Type": "text/plain"
        "X-COMPANY-AUTH": "123456"

    # Send Alerts to Slack using their webhook JSON format
    - type: webhook
      enabled: true
      template: '{"text": "🌶 New Capsule8 Alert {{.PolicyType}} {{.Description}}"}'