# Event Sinks
## Create a new event sink
**`POST`** `/v1/event_sink`
Create a new event sink with the specified data.
**Body**
| Name | Type | Description |
|---|
tenant_id required | string | Unique identifier for the tenant |
name required | string | Name of the event sink |
description required | string | Description of the event sink |
event_sink_args required | See #create-event-sink-arguments | Event sink details |
### **Create event sink arguments**
To create a Slack event sink, we need the channel ID and the Scanner Slack integration ID, e.g.
```json
{
"Slack": {
"channel_id": "C12345678",
"slack_integration_id": "00000000-0000-0000-0000-000000000001",
}
}
```
Note: the API still supports the `channel` parameter (with a channel name), but `channel` is deprecated in favor of `channel_id`.
To create a webhook event sink, we need the url, e.g.
```json
{
"Webhook": {
"url": "https://webhook.com/bar/baz"
}
}
```
To create a PagerDuty event sink, we need the Events API V2 integration key, e.g.
```json
{
"PagerDuty": {
"integration_key": "e93facc04764012d7bfb002500d5d1a6"
}
}
```
**Example**
```bash
curl $API_BASE/v1/event_sink \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X POST \
-d '{
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_args": { "Webhook": { "url": "https://test.com/webhook/abc" } }
}'
```
**Response**
Returns the newly created event sink.
```json
{
"event_sink": {
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_type": "Webhook",
"configuration": {
"Webhook": {
"url": "https://test.com/webhook/abc"
}
},
"created_at": "2024-05-09T20:01:32Z",
"updated_at": "2024-05-09T20:01:32Z"
}
}
```
## List event sinks
**`GET`** `/v1/event_sink`
List all event sinks for a tenant.
**Query parameters**
| Name | Type | Description |
| ---------------------------------------------------- | ------ | -------------------------------- |
| `tenant_id` required | string | Unique identifier for the tenant |
**Example**
```bash
curl -G $API_BASE/v1/event_sink \
--data-urlencode "tenant_id=00000000-0000-0000-0000-000000000000" \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json"
```
**Response**
Returns a list of event sink objects.
```json
{
"data": {
"event_sinks": [
{
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_type": "Webhook",
"configuration": {
"Webhook": {
"url": "https://test.com/webhook/abc"
}
},
"created_at": "2024-05-09T20:01:32Z",
"updated_at": "2024-05-09T20:01:32Z"
},
...
]
},
"pagination": null
}
```
## Get an event sink
**`GET`** `/v1/event_sink/{id}`
Get the event sink with the given id.
**Example**
```bash
curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X GET
```
**Response**
Returns the event sink object.
```json
{
"event_sink": {
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_type": "Webhook",
"configuration": {
"Webhook": {
"url": "https://test.com/webhook/abc"
}
},
"created_at": "2024-05-09T20:01:32Z",
"updated_at": "2024-05-09T20:01:32Z"
}
}
```
## Update an event sink
**`PUT`** `/v1/event_sink/{id}`
Update the event sink with the given id.
**Body**
| Name | Type | Description |
| --------------------------------------------- | -------------------------------------------------------------------------- | ---------------------------------------- |
| `id` required | string | Unique identifier for the event sink |
| `name` | string | Update the name of the event sink |
| `description` | string | Update the description of the event sink |
| `event_sink_args` | See [#update-event-sink-arguments](#update-event-sink-arguments "mention") | Update the event sink details |
### Update event sink arguments
To update a Slack event sink, we need the new channel ID, e.g.
```json
{
"Slack": {
"channel_id": "C87654321",
}
}
```
Note: the API still supports the `channel` parameter (with a channel name), but `channel` is deprecated in favor of `channel_id`.
To update a webhook event sink, we need the new url, e.g.
```json
{
"Webhook": {
"url": "https://webhook.com/bar/baz"
}
}
```
To update a PagerDuty event sink, we need the new Events API V2 integration key, e.g.
```json
{
"PagerDuty": {
"integration_key": "e93facc04764012d7bfb002500d5d1a6"
}
}
```
**Example**
```bash
curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X PUT \
-d '{
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"event_sink_args": { "Webhook": { "url": "https://foo.com/webhook/abc" } }
}'
```
**Response**
Returns the updated event sink object.
{
"event_sink": {
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_type": "Webhook",
"configuration": {
"Webhook": {
"url": "https://foo.com/webhook/abc"
}
},
"created_at": "2024-05-09T20:01:32Z",
"updated_at": "2024-05-09T20:10:06Z"
}
}
## Delete an event sink
**`DELETE`** `/v1/event_sink/{id}`
Delete the event sink with the given id.
**Example**
```bash
curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X DELETE
```
**Response**
Returns the `id` and `tenant_id` for the deleted event sink.
```json
{
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000"
}
```