Event Sinks
Event sinks are event alert destinations. You can create, read, update, and delete event sinks with the Scanner API.
Create a new event sink
POST
/v1/event_sink
Create a new event sink with the specified data.
Body
tenant_id
required
string
Unique identifier for the tenant
name
required
string
Name of the event sink
description
required
string
Description of the event sink
event_sink_args
required
Event sink details
Create event sink arguments
To create a Slack event sink, we need the channel ID and the Scanner Slack integration ID, e.g.
{
"Slack": {
"channel_id": "C12345678",
"slack_integration_id": "00000000-0000-0000-0000-000000000001",
}
}
Note: the API still supports the channel
parameter (with a channel name), but channel
is deprecated in favor of channel_id
.
To create a webhook event sink, we need the url, e.g.
{
"Webhook": {
"url": "https://webhook.com/bar/baz"
}
}
To create a PagerDuty event sink, we need the Events API V2 integration key, e.g.
{
"PagerDuty": {
"integration_key": "e93facc04764012d7bfb002500d5d1a6"
}
}
Example
curl $API_BASE/v1/event_sink \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X POST \
-d '{
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_args": { "Webhook": { "url": "https://test.com/webhook/abc" } }
}'
Response
Returns the newly created event sink.
{
"event_sink": {
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_type": "Webhook",
"configuration": {
"Webhook": {
"url": "https://test.com/webhook/abc"
}
},
"created_at": "2024-05-09T20:01:32Z",
"updated_at": "2024-05-09T20:01:32Z"
}
}
List event sinks
GET
/v1/event_sink
List all event sinks for a tenant.
Query parameters
tenant_id
required
string
Unique identifier for the tenant
Example
curl -G $API_BASE/v1/event_sink \
--data-urlencode "tenant_id=00000000-0000-0000-0000-000000000000" \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json"
Response
Returns a list of event sink objects.
{
"data": {
"event_sinks": [
{
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_type": "Webhook",
"configuration": {
"Webhook": {
"url": "https://test.com/webhook/abc"
}
},
"created_at": "2024-05-09T20:01:32Z",
"updated_at": "2024-05-09T20:01:32Z"
},
...
]
},
"pagination": null
}
Get an event sink
GET
/v1/event_sink/{id}
Get the event sink with the given id.
Example
curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X GET
Response
Returns the event sink object.
{
"event_sink": {
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_type": "Webhook",
"configuration": {
"Webhook": {
"url": "https://test.com/webhook/abc"
}
},
"created_at": "2024-05-09T20:01:32Z",
"updated_at": "2024-05-09T20:01:32Z"
}
}
Update an event sink
PUT
/v1/event_sink/{id}
Update the event sink with the given id.
Body
id
required
string
Unique identifier for the event sink
name
string
Update the name of the event sink
description
string
Update the description of the event sink
event_sink_args
Update the event sink details
Update event sink arguments
To update a Slack event sink, we need the new channel ID, e.g.
{
"Slack": {
"channel_id": "C87654321",
}
}
Note: the API still supports the channel
parameter (with a channel name), but channel
is deprecated in favor of channel_id
.
To update a webhook event sink, we need the new url, e.g.
{
"Webhook": {
"url": "https://webhook.com/bar/baz"
}
}
To update a PagerDuty event sink, we need the new Events API V2 integration key, e.g.
{
"PagerDuty": {
"integration_key": "e93facc04764012d7bfb002500d5d1a6"
}
}
Example
curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X PUT \
-d '{
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"event_sink_args": { "Webhook": { "url": "https://foo.com/webhook/abc" } }
}'
Response
Returns the updated event sink object.
{
"event_sink": {
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000",
"name": "Webhook",
"description": "Detection alerts webhook",
"event_sink_type": "Webhook",
"configuration": {
"Webhook": {
"url": "https://foo.com/webhook/abc"
}
},
"created_at": "2024-05-09T20:01:32Z",
"updated_at": "2024-05-09T20:10:06Z"
}
}
Delete an event sink
DELETE
/v1/event_sink/{id}
Delete the event sink with the given id.
Example
curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X DELETE
Response
Returns the id
and tenant_id
for the deleted event sink.
{
"id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
"tenant_id": "00000000-0000-0000-0000-000000000000"
}
Last updated
Was this helpful?