Creating a webhook in IBM Storage Insights
Integrate IBM Storage Insights with third-party applications using webhooks to receive real-time alerts and automate workflows. Configure, test, and manage webhooks for seamless data exchange.
About this task
Webhook helps you to integrate IBM Storage Insights with third-party applications or collaboration tools such as ServiceNow.
Note:
- Only users with the Admin role can create, modify, or remove webhooks. Users with the Monitor role can view webhook configurations and retry sending failed webhooks.
- Ransomware threat detection alerts are sent to all configured webhooks, regardless of their individual configurations.
Procedure
To create a webhook in IBM Storage Insights, complete the following steps:
- Login to your IBM Storage Insights instance and go to . If you are in the modern UI of IBM Storage Insights, then go to .
- Click Add Integration.
- Enter appropriate information for each field, including the webhook name and URL,
description, alerts to be forwarded, HTTP headers, and authentication type. You can test a webhook connection to third-party application by clicking Test Webhook.
- Click Add.
Results
Payload information: When you test a webhook connection that is created in IBM Storage Insights or an actual alert is triggered, IBM Storage Insights sends the payload information to your configured application.
Example payload when ransomware threat alert is
triggered:
{
"severity": "critical",
"deviceType": "flashFamily",
"subcategory": "SECURITY",
"creator": "",
"alert": {
"source": {
"deviceModel": "xxx",
"deviceSerialNumber": "xxxxxxxxxxxxxxxx",
"deviceType": "FlashSystem xxxx - xxxx",
"deviceName": "xxxxxxxxxxxx"
},
"method": "VOLUME"
},
"name": "Ransomware Threat Detection",
"occurrenceTimeInMs": 1718714498000,
"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"resourceType": "Storage System",
"details": [
{
"volumeID": "150",
"status": "online_threat_detected",
"hosts": "xxxx-xxxxxx",
"virtualVolumeID": "",
"uID": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"description": "The volume has received an anomalous workload. This anomaly could be the result of a new application configuration where encryption is enabled or a security threat such as ransomware"
}
],
"tenantUUID": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"alertURL": "https://stag.insights.ibm.com/gui/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx#alerts?id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&parentType=storageSystem&parentId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
Example payload when any other alert is triggered:
{
"severity": "critical",
"deviceType": "flashFamily",
"category": "SECURITY",
"name": "Write-cache Delay Percentage >= 10.0",
"occurrenceTimeInMs": 1733320427770,
"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"tenantUUID": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"deviceName": "tpcflash5200-9"
"alertURL": "https://stag.insights.ibm.com/gui/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx#alerts?id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&parentType=storageSystem&parentId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
"Description": "Alert Write-cache Delay Percentage >= 10.0 on ABC was triggered 1 times at Sun 2024- "
}
To manage the webhooks that you created, see Monitoring integrations in IBM Storage Insights.