Capsule8 Docs
Capsule8 Docs
Help

Getting Alerts via a webhook

The webhook output type sends alerts to a webhook endpoint with an HTTP request. This output type is incredibly powerful when combined with Alert Templates because it allows users to create ad hoc integrations with a number of third-party services. Some common use cases are to ship Alert summaries to Slack, automatically create Jira tickets when high priority Alerts are seen, or even to send Alerts directly to a Splunk Cloud instance.

Key Required Description
type yes The output type.
enabled yes Enables/disables the output.
url yes The URL to send the request to.
headers no The headers to pass along with the request. Defaults to “Content-Type: application/json”.
method no The HTTP method to use. Defaults to POST.
timeout no The timeout in seconds. Defaults to 30.

Example:

alert_output:
  outputs:
    # Send Alerts to a local web server
    - type: webhook
      enabled: true
      url: http://localhost:8080/alerts

    # Send Alerts to an arbitrary service with all settings
    - type: webhook
      enabled: true
      url: https://api.example-company.com/capsule8-alerts
      template: "New Capsule8 Alert {{.UUID}}"
      timeout: 5
      method: PUT
      headers:
        "Content-Type": "text/plain"
        "X-COMPANY-AUTH": "123456"

    # Send Alerts to Slack using their webhook JSON format
    - type: webhook
      enabled: true
      url: https://hooks.slack.com/services/123ABC/ab914B12eeigVh2xZ
      template: '{"text": "🌶 New Capsule8 Alert {{.PolicyType}} {{.Description}}"}'