Event Sinks

Event sinks are event alert destinations. You can create, read, update, and delete event sinks with the Scanner API.

Types of event sinks

We support two types of event sinks:

Slack - send event alerts to a Slack channel.
Webhook - send event alerts to a URL webhook.

Create a new event sink

POST /v1/event_sink

Create a new event sink with the specified data.

Body

Name Type Description

Name	Type	Description
`tenant_id` required	string	Unique identifier for the tenant
`name` required	string	Name of the event sink
`description` required	string	Description of the event sink
`event_sink_args` required	See Create event sink arguments	Event sink details

tenant_id required

string

Unique identifier for the tenant

name required

string

Name of the event sink

description required

string

Description of the event sink

event_sink_args required

See Create event sink arguments

Event sink details

Create event sink arguments

To create a Slack event sink, we need the channel name and Slack OAuth code, e.g.

{ 
    "Slack": {
        "channel": "#security-alerts",
        "slack_oauth_code": 
    }
}

To create a webhook event sink, we need the url, e.g.

{
    "Webhook": {
        "url": "https://webhook.com/bar/baz"
    }
}

Example

curl $API_BASE/v1/event_sink \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X POST \
-d '{
    "tenant_id": "00000000-0000-0000-0000-000000000000",
    "name": "Webhook",
    "description": "Detection alerts webhook",
    "event_sink_args": { "Webhook": { "url": "https://test.com/webhook/abc" } }
}'

Response

Returns the newly created event sink.

{
  "event_sink": {
    "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
    "tenant_id": "00000000-0000-0000-0000-000000000000",
    "name": "Webhook",
    "description": "Detection alerts webhook",
    "event_sink_type": "Webhook",
    "configuration": {
      "Webhook": {
        "url": "https://test.com/webhook/abc"
      }
    },
    "created_at": "2024-05-09T20:01:32Z",
    "updated_at": "2024-05-09T20:01:32Z"
  }
}

List event sinks

GET /v1/event_sink

List all event sinks for a tenant.

Body

Name Type Description

Name	Type	Description
`tenant_id` required	string	Unique identifier for the tenant

tenant_id required

string

Unique identifier for the tenant

Example

curl $API_BASE/v1/event_sink \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X GET \
-d '{
    "tenant_id": ""00000000-0000-0000-0000-000000000000"
}'

Response

Returns a list of event sink objects.

{
  "event_sinks": [
    {
      "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
      "tenant_id": "00000000-0000-0000-0000-000000000000",
      "name": "Webhook",
      "description": "Detection alerts webhook",
      "event_sink_type": "Webhook",
      "configuration": {
        "Webhook": {
          "url": "https://test.com/webhook/abc"
        }
      },
      "created_at": "2024-05-09T20:01:32Z",
      "updated_at": "2024-05-09T20:01:32Z"
    },
    ...
  ]
}

Get an event sink

GET /v1/event_sink/{id}

Get the event sink with the given id.

Example

curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X GET

Response

Returns the event sink object.

{
  "event_sink": {
    "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
    "tenant_id": "00000000-0000-0000-0000-000000000000",
    "name": "Webhook",
    "description": "Detection alerts webhook",
    "event_sink_type": "Webhook",
    "configuration": {
      "Webhook": {
        "url": "https://test.com/webhook/abc"
      }
    },
    "created_at": "2024-05-09T20:01:32Z",
    "updated_at": "2024-05-09T20:01:32Z"
  }
}

Update an event sink

PUT /v1/event_sink/{id}

Update the event sink with the given id.

Body

Name Type Description

Name	Type	Description
`id` required	string	Unique identifier for the event sink
`name`	string	Update the name of the event sink
`description`	string	Update the description of the event sink
`event_sink_args`	See Update event sink arguments	Update the event sink details

id required

string

Unique identifier for the event sink

name

string

Update the name of the event sink

description

string

Update the description of the event sink

event_sink_args

See Update event sink arguments

Update the event sink details

Update event sink arguments

To update a Slack event sink, we need the new channel name, e.g.

{ 
    "Slack": {
        "channel": "#critical-security-alerts",
    }
}

To create a webhook event sink, we need the new url, e.g.

{
    "Webhook": {
        "url": "https://webhook.com/bar/baz"
    }
}

Example

curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X PUT \
-d '{
    "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
    "event_sink_args": { "Webhook": { "url": "https://foo.com/webhook/abc" } }
}'

Response

Returns the updated event sink object.

{
  "event_sink": {
    "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
    "tenant_id": "00000000-0000-0000-0000-000000000000",
    "name": "Webhook",
    "description": "Detection alerts webhook",
    "event_sink_type": "Webhook",
    "configuration": {
      "Webhook": {
        "url": "https://foo.com/webhook/abc"
      }
    },
    "created_at": "2024-05-09T20:01:32Z",
    "updated_at": "2024-05-09T20:10:06Z"
  }
}

Delete an event sink

DELETE /v1/event_sink/{id}

Delete the event sink with the given id.

Example

curl $API_BASE/v1/event_sink/b7e33d65-c7a1-4e54-90c3-231c97398a0c \
-H "Authorization: Bearer $API_KEY" \
-H "Content-Type: application/json" \
-X DELETE

Response

Returns the id and tenant_id for the deleted event sink.

{
  "id": "b7e33d65-c7a1-4e54-90c3-231c97398a0c",
  "tenant_id": "00000000-0000-0000-0000-000000000000"
}

PreviousDetection Rules NextValidating YAML files

Last updated 3 months ago