Capsule8 Docs
Capsule8 Docs
Help

Getting Alerts via a webhook

The webhook output type sends alerts to a webhook endpoint with an HTTP request. This output type is incredibly powerful when combined with Alert Templates because it allows users to create ad hoc integrations with a number of third-party services. Some common use cases are to ship Alert summaries to Slack, automatically create Jira tickets when high priority Alerts are seen, or even to send Alerts directly to a Splunk Cloud instance.

Key Required Description
type yes The output type.
enabled yes Enables/disables the output.
url yes The URL to send the request to.
headers no The headers to pass along with the request. Defaults to “Content-Type: application/json”.
method no The HTTP method to use. Defaults to POST.
timeout no The timeout in seconds. Defaults to 30.

Example:

# Send Alerts to a local web server
- type: webhook
  enabled: true
  url: http://localhost:8080/alerts

# Send Alerts to an arbitrary service with all settings
- type: webhook
  enabled: true
  url: https://api.example-company.com/capsule8-alerts
  template: "New Capsule8 Alert {{.UUID}}"
  timeout: 5
  method: PUT
  headers:
    "Content-Type": "text/plain"
    "X-COMPANY-AUTH": "123456"

# Send Alerts to Slack using their webhook JSON format
- type: webhook
  enabled: true
  url: https://hooks.slack.com/services/123ABC/ab914B12eeigVh2xZ
  template: '{"text": "🌶 New Capsule8 Alert {{.PolicyType}} {{.Description}}"}'