Creating a Webhooks Alert Integration

This article explains how to create an integration for your Cato account that uses Webhooks for alerts and system notifications.

Overview

The Cato Management Application supports a variety of alerts and notifications for different use-cases and conditions related to your account. You can define a Webhook integration to send alerts to third-party platforms such as ServiceNow, Jira, and Slack, and create alert-based automation flows. Cato's Webhooks support customizable HTTP headers and messages in the alert to meet the specific needs of your organization.

Creating Webhook Integrations

Create a Webhook integration for the relevant ticketing service. You need to provide the URL for the service that is receiving the alert via the Webhook with the relevant authentication information. The following authentication methods are available:

  • Basic - Basic authentication with User Name and Password.

  • Bearer - Bearer authentication with Bearer Token.

  • Custom - Some services use custom authentication and may require custom authentication and authorization headers. For these services, choose Custom Authentication and provide the relevant key and value for each Custom Header.

You have the option to configure custom HTTP headers for the Webhook. You can use the default body of the alert message or customize one of these JSON templates:

Note

Note: If access to the third-party service is limited to specific IP addresses, please refer to this article for the list of Cato IP addresses that you need to allow (you must be signed in to view this article).

  • Basic - account ID, account name, title, subject, alert type, and the alert content

    The fields in the Basic template are included in most Cato alerts

  • All fields - all predefined fields are included in the template

  • ServiceNow - work_notes (alert content), short_description (account name and title)

  • Jira - summary (account name and title), description (alert content)

  • Custom - Define the content for the Webhook body, you can start with one of the above templates and make changes

Customizing the Alert Content

The content field in the template contains the generated readable summary of the alert, similar to the email alert content. You can choose these formats for the content: contentText, contentMarkdown, or contentHTML.

If you choose to customize the body, there are a number of data fields that you can use in the message content. So you can define custom body (or structure), and then embed the Cato data fields. When you enter $, the available data fields are displayed and then select the required field. The fields use auto-complete to filter the list. For more information about the Cato fields, see Understanding the JSON Fields for Alert Integrations.

Webhooks_page.png

To create a Webhook integration:

  1. From the navigation menu, click Administration > Subscriptions and select the Integrations tab.

  2. Click New Integration > Webhook. The New Webhook Integration panel opens.

  3. Configure these integration settings:

    1. Enter the integration Name.

    2. Click the slider to enable (green) or disable (gray) the integration (it's enabled by default).

  4. Configure the Connection Details:

    1. Enter the URL for the service that is receiving the Webhook.

    2. If necessary, configure the Authentication Method and settings for the service.

    3. Click Test. If the integration can connect to the service, then a Test passed successfully message is displayed.

      If there's a connection error, the page displays the HTTP error code and message reported by the service.

  5. (Optional) In Custom Headers, define the Key and Value for each additional HTTP header for the integration.

  6. In Custom Body, define the content of the Webhook alert:

    1. In Start from template, select the JSON template for the alert message.

    2. (Optional) In Edit Template, customize the alert content.

      • Enter $ to embed other fields

      • Enter / as the escape character

      After editing and saving the content of a predefined template, the integration is then defined as a Custom template.

  7. Click Save. The Webhook integration is saved and added to the Integrations page.

Defining Policy Notifications with Webhooks

Cato Security policies let you send notifications when a rule is matched. You can configure the Track settings to send notifications to a specific integration or to a Subscription Group that contains the integration.

rule_webhook.png

To define a Webhook notification for a rule:

  1. In the relevant policy, edit the rule and expand the Actions section.

  2. Select Send Notification.

  3. Define the Frequency for how often the alert is sent.

  4. In Send notification to, select Subscription Group or Integration and select the relevant item.

  5. Click Apply, and then click Save.

Was this article helpful?

0 out of 0 found this helpful

0 comments

Add your comment