Types of event sinks
We support two types of event sinks:
Slack - send event alerts to a Slack channel.
Webhook - send event alerts to a URL webhook.
Create a new event sink
POST /v1/event_sink
Create a new event sink with the specified data.
Body
Create event sink arguments
To create a Slack event sink, we need the channel name and Slack OAuth code, e.g.
{
"Slack": {
"channel": "#security-alerts",
"slack_oauth_code":
}
}
To create a webhook event sink, we need the url, e.g.
{
"Webhook": {
"url": "https://webhook.com/bar/baz"
}
}
Example
curl $API_BASE/v1/event_sink \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X POST \
-d '{
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_args": { "Webhook": { "url": "https://test.com/webhook/abc" } }
}'
Response
Returns the newly created event sink.
{
"event_sink": {
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_type": "Webhook",
"configuration": {
"Webhook": {
"url": "https://test.com/webhook/abc"
}
},
"created_at": "2024-05-09T20:01:32Z",
"updated_at": "2024-05-09T20:01:32Z"
}
}
List event sinks
GET /v1/event_sink
List all event sinks for a tenant.
Query parameters
Example
curl -G $API_BASE/v1/event_sink \
--data-urlencode "tenant_id=00000000-0000-0000-0000-000000000000" \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json"
Response
Returns a list of event sink objects.
{
"event_sinks": [
{
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_type": "Webhook",
"configuration": {
"Webhook": {
"url": "https://test.com/webhook/abc"
}
},
"created_at": "2024-05-09T20:01:32Z",
"updated_at": "2024-05-09T20:01:32Z"
},
...
]
}
Get an event sink
GET /v1/event_sink/{id}
Get the event sink with the given id.
Example
curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X GET
Response
Returns the event sink object.
{
"event_sink": {
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_type": "Webhook",
"configuration": {
"Webhook": {
"url": "https://test.com/webhook/abc"
}
},
"created_at": "2024-05-09T20:01:32Z",
"updated_at": "2024-05-09T20:01:32Z"
}
}
Update an event sink
PUT /v1/event_sink/{id}
Update the event sink with the given id.
Body
Update event sink arguments
To update a Slack event sink, we need the new channel name, e.g.
{
"Slack": {
"channel": "#critical-security-alerts",
}
}
To create a webhook event sink, we need the new url, e.g.
{
"Webhook": {
"url": "https://webhook.com/bar/baz"
}
}
Example
curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X PUT \
-d '{
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"event_sink_args": { "Webhook": { "url": "https://foo.com/webhook/abc" } }
}'
Response
Returns the updated event sink object.
{
"event_sink": {
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_type": "Webhook",
"configuration": {
"Webhook": {
"url": "https://foo.com/webhook/abc"
}
},
"created_at": "2024-05-09T20:01:32Z",
"updated_at": "2024-05-09T20:10:06Z"
}
}
Delete an event sink
DELETE /v1/event_sink/{id}
Delete the event sink with the given id.
Example
curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X DELETE
Response
Returns the id and tenant_id for the deleted event sink.
{
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000"
}
