Webhook connector and action

edit

Webhook connector and action

edit

The Webhook connector uses axios to send a POST or PUT request to a web service.

Create connectors in Kibana

edit

You can create connectors in Stack Management > Connectors or as needed when you’re creating a rule. For example:

Webhook connector
Connector configuration
edit

Webhook connectors have the following configuration properties:

Name
The name of the connector.
Method
The HTTP request method, either post(default) or put.
URL
The request URL. If you are using the xpack.actions.allowedHosts setting, make sure the hostname is added to the allowed hosts.
Authentication
The authentication type: none, basic, or SSL. If you choose basic authentication, you must provide a user name and password. If you choose SSL authentication, you must provide SSL server certificate authentication data in a CRT and key file format or a PFX file format. You can also optionally provide a passphrase if the files are password-protected.
HTTP headers
A set of key-value pairs sent as headers with the request. For example, set Content-Type to the appropriate media type for your requests.
Certificate authority

A certificate authority (CA) that the connector can trust, for example to sign and validate server certificates. This option is available for all authentication types.

CA file
The certificate authority file.
Verification mode

Controls the certificate verification.

  • Use full to validate that the certificate has an issue date within the not_before and not_after dates, chains to a trusted certificate authority, and has a hostname or IP address that matches the names within the certificate.
  • Use certificate to validate the certificate and verifies that it is signed by a trusted authority; this option does not check the certificate hostname.
  • Use none to skip certificate validation.

Test connectors

edit

You can test connectors as you’re creating or editing the connector in Kibana. For example:

Webhook params test

Webhook actions have the following properties.

Body

A JSON payload sent to the request URL. For example:

{
  "short_description": "{{context.rule.name}}",
  "description": "{{context.rule.description}}",
  ...
}

Mustache template variables (the text enclosed in double braces, for example, context.rule.name) have their values escaped, so that the final JSON will be valid (escaping double quote characters). For more information on Mustache template variables, refer to Actions.

Connector networking configuration

edit

Use the Action configuration settings to customize connector networking configurations, such as proxies, certificates, or TLS settings. You can set configurations that apply to all your connectors or use xpack.actions.customHostSettings to set per-host configurations.