Event Sinks

Event sinks are event alert destinations. You can create, read, update, and delete event sinks with the Scanner API.

Create a new event sink

POST /v1/event_sink

Create a new event sink with the specified data.

Body

Name

Type

Description

tenant_id required

string

Unique identifier for the tenant

name required

string

Name of the event sink

description required

string

Description of the event sink

event_sink_args required

See Create event sink arguments

Event sink details

Create event sink arguments

To create a Slack event sink, we need the channel ID and the Scanner Slack integration ID, e.g.

{ 
    "Slack": {
        "channel_id": "C12345678",
        "slack_integration_id": "00000000-0000-0000-0000-000000000001",
    }
}

Note: the API still supports the channel parameter (with a channel name), but channel is deprecated in favor of channel_id.

To create a webhook event sink, we need the url, e.g.

{
    "Webhook": {
        "url": "https://webhook.com/bar/baz"
    }
}

To create a PagerDuty event sink, we need the Events API V2 integration key, e.g.

{
    "PagerDuty": {
        "integration_key": "e93facc04764012d7bfb002500d5d1a6"
    }
}

Example

curl $API_BASE/v1/event_sink \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X POST \
-d '{
    "tenant_id": "00000000-0000-0000-0000-000000000000",
    "name": "Webhook",
    "description": "Detection alerts webhook",
    "event_sink_args": { "Webhook": { "url": "https://test.com/webhook/abc" } }
}'

Response

Returns the newly created event sink.

{
  "event_sink": {
    "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
    "tenant_id": "00000000-0000-0000-0000-000000000000",
    "name": "Webhook",
    "description": "Detection alerts webhook",
    "event_sink_type": "Webhook",
    "configuration": {
      "Webhook": {
        "url": "https://test.com/webhook/abc"
      }
    },
    "created_at": "2024-05-09T20:01:32Z",
    "updated_at": "2024-05-09T20:01:32Z"
  }
}

List event sinks

GET /v1/event_sink

List all event sinks for a tenant.

Query parameters

Name

Type

Description

tenant_id required

string

Unique identifier for the tenant

Example

curl -G $API_BASE/v1/event_sink \
--data-urlencode "tenant_id=00000000-0000-0000-0000-000000000000" \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json"

Response

Returns a list of event sink objects.

{
  "data": {
    "event_sinks": [
      {
        "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
        "tenant_id": "00000000-0000-0000-0000-000000000000",
        "name": "Webhook",
        "description": "Detection alerts webhook",
        "event_sink_type": "Webhook",
        "configuration": {
          "Webhook": {
            "url": "https://test.com/webhook/abc"
          }
        },
        "created_at": "2024-05-09T20:01:32Z",
        "updated_at": "2024-05-09T20:01:32Z"
      },
      ...
    ]
  },
  "pagination": null
}

Get an event sink

GET /v1/event_sink/{id}

Get the event sink with the given id.

Example

curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X GET

Response

Returns the event sink object.

{
  "event_sink": {
    "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
    "tenant_id": "00000000-0000-0000-0000-000000000000",
    "name": "Webhook",
    "description": "Detection alerts webhook",
    "event_sink_type": "Webhook",
    "configuration": {
      "Webhook": {
        "url": "https://test.com/webhook/abc"
      }
    },
    "created_at": "2024-05-09T20:01:32Z",
    "updated_at": "2024-05-09T20:01:32Z"
  }
}

Update an event sink

PUT /v1/event_sink/{id}

Update the event sink with the given id.

Body

Name

Type

Description

id required

string

Unique identifier for the event sink

name

string

Update the name of the event sink

description

string

Update the description of the event sink

event_sink_args

See Update event sink arguments

Update the event sink details

Update event sink arguments

To update a Slack event sink, we need the new channel ID, e.g.

{ 
    "Slack": {
        "channel_id": "C87654321",
    }
}

Note: the API still supports the channel parameter (with a channel name), but channel is deprecated in favor of channel_id.

To update a webhook event sink, we need the new url, e.g.

{
    "Webhook": {
        "url": "https://webhook.com/bar/baz"
    }
}

To update a PagerDuty event sink, we need the new Events API V2 integration key, e.g.

{
    "PagerDuty": {
        "integration_key": "e93facc04764012d7bfb002500d5d1a6"
    }
}

Example

curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X PUT \
-d '{
    "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
    "event_sink_args": { "Webhook": { "url": "https://foo.com/webhook/abc" } }
}'

Response

Returns the updated event sink object.

{
  "event_sink": {
    "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
    "tenant_id": "00000000-0000-0000-0000-000000000000",
    "name": "Webhook",
    "description": "Detection alerts webhook",
    "event_sink_type": "Webhook",
    "configuration": {
      "Webhook": {
        "url": "https://foo.com/webhook/abc"
      }
    },
    "created_at": "2024-05-09T20:01:32Z",
    "updated_at": "2024-05-09T20:10:06Z"
  }
}

Delete an event sink

DELETE /v1/event_sink/{id}

Delete the event sink with the given id.

Example

curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X DELETE

Response

Returns the id and tenant_id for the deleted event sink.

{
  "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
  "tenant_id": "00000000-0000-0000-0000-000000000000"
}

PreviousDetection Rules NextGitHub Sync

Last updated 8 months ago

Was this helpful?

Good morning

hashtagCreate a new event sink

hashtagCreate event sink arguments

hashtagList event sinks

hashtagGet an event sink

hashtagUpdate an event sink

hashtagUpdate event sink arguments

hashtagDelete an event sink

Create a new event sink

Create event sink arguments

List event sinks

Get an event sink

Update an event sink

Update event sink arguments

Delete an event sink