Sha256: f5613c17126b5df0de9673a03f4250680abd907005d87ebf5758d32217c8fb21
Contents?: true
Size: 1.16 KB
Versions: 5
Compression:
Stored size: 1.16 KB
Contents
# Webhook This emitter creates an HTTP request payload based on the specified conditions. ```yaml emitter: webhook url: ... method: ... headers: ... template: ... ``` ## Components ### URL `url` (`string`) is a webhook URL. ### Method `method` (`string`)is an HTTP method. Optional. Defaults to `POST`. ### Headers `headers` (`hash`) are HTTP headers. Optional. ### Template `template` (`string`) is an [ERB](https://github.com/ruby/erb) template to customize the payload to sent. A template should generate a valid JSON. You can use the following parameters inside an ERB template. - `rule`: a rule - `artifacts`: a list of artifacts ## Examples ### ThreatFox ```yaml - emitter: webhook url: https://threatfox-api.abuse.ch/api/v1/ headers: api-key: YOUR_API_KEY template: threatfox.erb ``` ```ruby { "query": "submit_ioc", "threat_type": "payload_delivery", "ioc_type": "ip:port", "malware": "foobar", "confidence_level": 100, "anonymous": 0, "iocs": [ <% @artifacts.select { |artifact| artifact.data_type == "ip" }.each_with_index do |artifact, idx| %> "<%= artifact.data %>:80" <%= ',' if idx < (@artifacts.length - 1) %> <% end %> ] } ```
Version data entries
5 entries across 5 versions & 1 rubygems