Sha256: f5613c17126b5df0de9673a03f4250680abd907005d87ebf5758d32217c8fb21

Contents?: true

Size: 1.16 KB

Versions: 5

Compression:

Stored size: 1.16 KB

Contents

# Webhook

This emitter creates an HTTP request payload based on the specified conditions.

```yaml
emitter: webhook
url: ...
method: ...
headers: ...
template: ...
```

## Components

### URL

`url` (`string`) is a webhook URL.

### Method

`method` (`string`)is an HTTP method. Optional. Defaults to `POST`.

### Headers

`headers` (`hash`) are HTTP headers. Optional.

### Template

`template` (`string`) is an [ERB](https://github.com/ruby/erb) template to customize the payload to sent. A template should generate a valid JSON.

You can use the following parameters inside an ERB template.

- `rule`: a rule
- `artifacts`: a list of artifacts

## Examples

### ThreatFox

```yaml
- emitter: webhook
  url: https://threatfox-api.abuse.ch/api/v1/
  headers:
    api-key: YOUR_API_KEY
  template: threatfox.erb
```

```ruby
{
	"query": "submit_ioc",
	"threat_type": "payload_delivery",
	"ioc_type": "ip:port",
	"malware": "foobar",
	"confidence_level": 100,
	"anonymous": 0,
	"iocs": [
		<% @artifacts.select { |artifact| artifact.data_type == "ip" }.each_with_index do |artifact, idx| %>
			"<%= artifact.data %>:80"
			<%= ',' if idx < (@artifacts.length - 1) %>
		<% end %>
	]
}
```

Version data entries

5 entries across 5 versions & 1 rubygems

Version Path
mihari-5.7.0 docs/emitters/webhook.md
mihari-5.6.2 docs/emitters/webhook.md
mihari-5.6.1 docs/emitters/webhook.md
mihari-5.6.0 docs/emitters/webhook.md
mihari-5.5.0 docs/emitters/webhook.md