Creating a webhook in IBM Storage Insights

Integrate IBM Storage Insights with third-party applications using webhooks to receive real-time alerts and automate workflows. Configure, test, and manage webhooks for seamless data exchange.

About this task

Webhook helps you to integrate IBM Storage Insights with third-party applications or collaboration tools such as ServiceNow.

Note:
  • Only users with the Admin role can create, modify, or remove webhooks. Users with the Monitor role can view webhook configurations and retry sending failed webhooks.
  • Ransomware threat detection alerts are sent to all configured webhooks, regardless of their individual configurations.

Procedure

To create a webhook in IBM Storage Insights, complete the following steps:

  1. Login to your IBM Storage Insights instance and go to Configurations > Integrations. If you are in the modern UI of IBM Storage Insights, then go to Settings > Integrations.
  2. Click Add Integration.
  3. Enter appropriate information for each field, including the webhook name and URL, description, alerts to be forwarded, HTTP headers, and authentication type.
    You can test a webhook connection to third-party application by clicking Test Webhook.
  4. Click Add.

Results

The webhook is created successfully. To view and manage all previously created webhooks, go to Settings > Integrations. Click the three vertical dots at the end of the specific webhook row to edit or delete the webhook.

Payload information: When you test a webhook connection that is created in IBM Storage Insights or an actual alert is triggered, IBM Storage Insights sends the payload information to your configured application.

Example payload when ransomware threat alert is triggered:
{
  "severity": "critical",
  "deviceType": "flashFamily",
  "subcategory": "SECURITY",
  "creator": "",
  "alert": {
    "source": {
      "deviceModel": "xxx",
      "deviceSerialNumber": "xxxxxxxxxxxxxxxx",
      "deviceType": "FlashSystem xxxx - xxxx",
      "deviceName": "xxxxxxxxxxxx"
    },
    "method": "VOLUME"
  },
  "name": "Ransomware Threat Detection",
  "occurrenceTimeInMs": 1718714498000,
  "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "resourceType": "Storage System",
  "details": [
    {
      "volumeID": "150",
      "status": "online_threat_detected",
      "hosts": "xxxx-xxxxxx",
      "virtualVolumeID": "",
      "uID": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "description": "The volume has received an anomalous workload. This anomaly could be the result of a new application configuration where encryption is enabled or a security threat such as ransomware"
    }
  ],
  "tenantUUID": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "alertURL": "https://stag.insights.ibm.com/gui/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx#alerts?id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&parentType=storageSystem&parentId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
Example payload when any other alert is triggered:
{
  "severity": "critical",
  "deviceType": "flashFamily",
  "category": "SECURITY",
  "name": "Write-cache Delay Percentage >= 10.0",
  "occurrenceTimeInMs": 1733320427770,
  "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "tenantUUID": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "deviceName": "tpcflash5200-9"  
  "alertURL": "https://stag.insights.ibm.com/gui/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx#alerts?id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&parentType=storageSystem&parentId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  "Description": "Alert Write-cache Delay Percentage >= 10.0 on ABC was triggered 1 times at Sun 2024- "
}

To manage the webhooks that you created, see Monitoring integrations in IBM Storage Insights.