Link

Zebrium Webhooks

This section provides detailed information on webhook support provided by Zebrium so you can build your own custom integration.

Zebrium provides four outgoing webhooks:

Alert

  • Alert webhook payloads are sent when any alert rule is triggered.
  • Alert rules are defined using the Views/Alerts menu item in the Logs tab of the Zebrium UI.
  • Frequency of Alert webhooks depends on the Alert configuration. Alerts can be set to trigger every 5 min, 15 min, 30 min, 1 hour, or 1 day when their conditions are met.

Anomaly

  • Anomaly webhook payloads are sent when data is ingested and our machine learning detects anomalous events that are Not part of an Incident that was created.
  • Frequency of Anomaly webhooks depends on data ingest and detection of anomalies.

Incident

  • Incident webhook payloads are sent when data is ingested and our machine learning detects an incident comprised of anomalous events.
  • Frequency of Incident webhook depends on data ingest and detection of anomalies.

Signature

  • Signature webhook payloads are sent when data is ingested and the conditions defined in your Signature are met.
  • Signature rules are defined using the Signature tab of the Zebrium UI.
  • Frequency of Signature webhook depends on data ingest and detection of matching Signature rule definitions.

Configuring Webhooks in the Zebrium UI

  1. From the User menu area, select the Account Settings gear icon
  2. Click the Webhooks tab.
  3. Click the Create Webhook button.
  4. Select which payload you wish to send to the endpoint using the Alert On multi-select drop-down. You can choose: Alert, Anomaly, Incident, Signature or any combination of these.
    • An endpoint can be the receiver of any combination of payloads.
    • Payloads are always sent separately.
    • In the case where you have one endpoint to handle all payload formats, there is a common identifier in every payload called event_type that your backend can use to tell which payload has been received and then call the appropriate payload handler.
    • You can also configure a separate endpoint for each payload.
    • You can have as many webhooks defined as you like.
  5. Enter the URL of your endpoint
  6. Select the Authentication method your backend requires
    • NONE - Requires no additional configuration
    • BASIC - Enter your Username and Password
    • TOKEN - Enter the Token
    • Prefix - When specifying either Basic or Token based authentication, you can enter any prefix string that your backend expects to see in the Authorization header. For Basic authentication, the typical prefix string is Basic (our default) and for token-based authentication, the typical prefix string is either Bearer (our default) or Token.
    • Here is an example of an Authorization header for Basic Authentication. Note the prefix string (before the encoded username/password) is Basic Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l
  7. Click Create to save your outgoing webhook definition

Webhook Payload Format

  • See links below for detailed description of each webhook payload.

Table of contents