Event Sinks

Event sinks are event alert destinations. You can create, read, update, and delete event sinks with the Scanner API.

Types of event sinks

We support two types of event sinks:

  • Slack - send event alerts to a Slack channel.

  • Webhook - send event alerts to a URL webhook.

Create a new event sink

POST /v1/event_sink

Create a new event sink with the specified data.

Body

Name
Type
Description

tenant_id required

string

Unique identifier for the tenant

name required

string

Name of the event sink

description required

string

Description of the event sink

event_sink_args required

Event sink details

Create event sink arguments

To create a Slack event sink, we need the channel name and Slack OAuth code, e.g.

{ 
    "Slack": {
        "channel": "#security-alerts",
        "slack_oauth_code": 
    }
}

To create a webhook event sink, we need the url, e.g.

{
    "Webhook": {
        "url": "https://webhook.com/bar/baz"
    }
}

Example

curl $API_BASE/v1/event_sink \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X POST \
-d '{
    "tenant_id": "00000000-0000-0000-0000-000000000000",
    "name": "Webhook",
    "description": "Detection alerts webhook",
    "event_sink_args": { "Webhook": { "url": "https://test.com/webhook/abc" } }
}'

Response

Returns the newly created event sink.

{
  "event_sink": {
    "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
    "tenant_id": "00000000-0000-0000-0000-000000000000",
    "name": "Webhook",
    "description": "Detection alerts webhook",
    "event_sink_type": "Webhook",
    "configuration": {
      "Webhook": {
        "url": "https://test.com/webhook/abc"
      }
    },
    "created_at": "2024-05-09T20:01:32Z",
    "updated_at": "2024-05-09T20:01:32Z"
  }
}

List event sinks

GET /v1/event_sink

List all event sinks for a tenant.

Query parameters

Name
Type
Description

tenant_id required

string

Unique identifier for the tenant

Example

curl -G $API_BASE/v1/event_sink \
--data-urlencode "tenant_id=00000000-0000-0000-0000-000000000000" \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json"

Response

Returns a list of event sink objects.

{
  "data": {
    "event_sinks": [
      {
        "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
        "tenant_id": "00000000-0000-0000-0000-000000000000",
        "name": "Webhook",
        "description": "Detection alerts webhook",
        "event_sink_type": "Webhook",
        "configuration": {
          "Webhook": {
            "url": "https://test.com/webhook/abc"
          }
        },
        "created_at": "2024-05-09T20:01:32Z",
        "updated_at": "2024-05-09T20:01:32Z"
      },
      ...
    ]
  },
  "pagination": null
}

Get an event sink

GET /v1/event_sink/{id}

Get the event sink with the given id.

Example

curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X GET

Response

Returns the event sink object.

{
  "event_sink": {
    "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
    "tenant_id": "00000000-0000-0000-0000-000000000000",
    "name": "Webhook",
    "description": "Detection alerts webhook",
    "event_sink_type": "Webhook",
    "configuration": {
      "Webhook": {
        "url": "https://test.com/webhook/abc"
      }
    },
    "created_at": "2024-05-09T20:01:32Z",
    "updated_at": "2024-05-09T20:01:32Z"
  }
}

Update an event sink

PUT /v1/event_sink/{id}

Update the event sink with the given id.

Body

Name
Type
Description

id required

string

Unique identifier for the event sink

name

string

Update the name of the event sink

description

string

Update the description of the event sink

event_sink_args

Update the event sink details

Update event sink arguments

To update a Slack event sink, we need the new channel name, e.g.

{ 
    "Slack": {
        "channel": "#critical-security-alerts",
    }
}

To create a webhook event sink, we need the new url, e.g.

{
    "Webhook": {
        "url": "https://webhook.com/bar/baz"
    }
}

Example

curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X PUT \
-d '{
    "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
    "event_sink_args": { "Webhook": { "url": "https://foo.com/webhook/abc" } }
}'

Response

Returns the updated event sink object.

{
  "event_sink": {
    "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
    "tenant_id": "00000000-0000-0000-0000-000000000000",
    "name": "Webhook",
    "description": "Detection alerts webhook",
    "event_sink_type": "Webhook",
    "configuration": {
      "Webhook": {
        "url": "https://foo.com/webhook/abc"
      }
    },
    "created_at": "2024-05-09T20:01:32Z",
    "updated_at": "2024-05-09T20:10:06Z"
  }
}

Delete an event sink

DELETE /v1/event_sink/{id}

Delete the event sink with the given id.

Example

curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X DELETE

Response

Returns the id and tenant_id for the deleted event sink.

{
  "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
  "tenant_id": "00000000-0000-0000-0000-000000000000"
}
PreviousDetection RulesNextValidating YAML files

Last updated