Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trigger WebHook only for specific events #1986

Closed
laurentdelosieresmano opened this issue Apr 19, 2021 · 6 comments
Closed

Trigger WebHook only for specific events #1986

laurentdelosieresmano opened this issue Apr 19, 2021 · 6 comments
Labels
question

Comments

@laurentdelosieresmano
Copy link

Hello TheHive community,

In the webhook section, it is mentioned how to set up a webhook. By default, the webhook is triggered for any events "AnyEvent". I am wondering if we can narrow down this trigger (e.g. only when a new case is created or updated / task is created or updated)

curl -XPUT -u$thehive_user:$thehive_password -H 'Content-type: application/json' $thehive_url/api/config/organisation/notification -d '
{
  "value": [
    {
      "delegate": false,
      "trigger": { "name": "AnyEvent"},
      "notifier": { "name": "webhook", "endpoint": "local" }
    }
  ]
}'

Thank you.
@To-om
Copy link
Contributor

To-om commented Apr 29, 2021

You can try something like:

"value": [
    {
      "delegate": false,
      "trigger": {
        "name": "FilteredEvent", 
        "filter": {
          "_and": [
            { "_is": { "objectType": "case" } },
            { "_is": { "operation": "Creation" } }
          ]
        }
      },
      "notifier": { "name": "webhook", "endpoint": "local" }
    }
  ]

This is not yet documented and the format is subject to change.

@laurentdelosieresmano
Copy link
Author

Thank you ;)

@laurentdelosieresmano
Copy link
Author

laurentdelosieresmano commented Apr 29, 2021
edited
Loading

Do you know if we can set this up in a configuration file ?

@To-om
Copy link
Contributor

To-om commented Apr 30, 2021

You cannot configure webhook for an organisation in the file application.conf. But you can set the default value for all organisations:

organisation {
  defaults {
    notification: [
      {
        "delegate": false,
        "trigger": {
          "name": "FilteredEvent", 
          "filter": {
            "_and": [
              { "_is": { "objectType": "case" } },
              { "_is": { "operation": "Creation" } }
            ]
          }
        },
        "notifier": { "name": "webhook", "endpoint": "local" }
      }
    ]
  }
}

@To-om To-om closed this as completed May 10, 2021
@hariomch
Copy link

hariomch commented May 5, 2022

Hey, I want to trigger webhook only when a case is created. I ran the below command with org-admin user which isn't working.

curl -XPUT -u "USERNAME:PASS" -H 'Content-type: application/json' "HIVE_URL/api/config/organisation/notification" -d '
{
    "value": [
        {
        "delegate": false,
        "trigger": {
            "name": "FilteredEvent",
            "filter": {
            "_and": [
                { "_is": { "objectType": "case" } },
                { "_is": { "operation": "create" } }
            ]
            }
        },
        "notifier": { "name": "webhook", "endpoint": "local" }
        }
    ]
}'

I have already declared the webhook in application.conf file
Can you tell me if the format is changed or is there any other way to achieve this?

@To-om
Copy link
Contributor

To-om commented May 6, 2022

Can you enable logging (set org.thp.thehive.services.notification to DEBUG) ?

This can be done by updating /etc/thehive/logback.xml and restart or with the command curl -u "USERNAME:PASS" "HIVE_URL/api/v1/admin/log/set/org.thp.thehive.services.notification/DEBUG. Then have a look on logs.

@melv33n melv33n mentioned this issue May 27, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@To-om @hariomch @laurentdelosieresmano