You configure the Webhook API for your organization in the Distributed Cloud AIP user interface (UI).
Since the Webhook sends alerts through HTTPS Post, the selected Webhook URL must be HTTPS.
- Log into Distributed Cloud AIP using administrator credentials.
- In the left navigation bar, click Settings. The Settings page displays.
- Click the Integrations tab. The Integrations page displays.
- In the Webhook API section, fill in the following information:
- Name – Type a name for the webhook.
- Description – Type a description of the webhook.
- Webhook URL – Type the endpoint to which to send webhook alerts. The URL must be HTTPS.
- Alerts Severity drop-down menu – Select one of the following options:
- Do not fire webhook for any alerts
- Fire webhook for all alerts
- Fire webhook only for Severity 1 and Severity 2 alerts
- Fire webhook only for Severity 1 alerts
- Click Save. Your Webhook API is configured for your organization.
Ensure the following IP addresses are open in the user's firewall to allow the Distributed Cloud AIP Webhook API to push alerts to the user's webhook endpoints:
Distributed Cloud AIP expects webhook endpoints to use the default HTTPS port – 443. If a different port is used, then Webhook integrations do not work as expected.
Additionally, the Webserver hosting the endpoint needs to have a valid SSL certificate.
For more information, see Configure Webhook Network Access.
Configure the webhook API in the endpoint that receives alert notifications.
- Open the selected endpoint.
- Follow the endpoint's instructions to link the Distributed Cloud AIP Webhook API to the endpoint.
Webhook Concurrency Limit
The Distributed Cloud AIP Webhook API batches alerts by severity for an organization. The Webhook API pushes the batched alerts to the customer's webhook endpoint every 10 seconds.
For example, you configure the Distributed Cloud AIP Webhook API to only send you Severity 1 alerts. At 10:00:01 a.m., in the Distributed Cloud AIP platform, you receive 15 alerts. Five are Severity 1 and ten are Severity 3. The Distributed Cloud AIP Webhook API batches the five Severity 1 alerts and sends them to your receiving application at 10:00:10 a.m.
Webhook Error Messaging
The Distributed Cloud AIP Webhook API displays any HTTPS error messages received from the customer's webhook endpoint. Examples include, but are not limited to, rate limits, internal error messages, and moved endpoints.