Creating a webhook in IBM Storage Insights
About this task
Webhook helps you to integrate IBM Storage Insights with third-party applications or collaboration tools such as ServiceNow.
Procedure
To create a webhook in IBM Storage Insights, complete the following steps:
- Login to your IBM Storage Insights instance and go to . If you are in the new modern view of IBM Storage Insights, then go to Settings.
- Click Add Integration. The following screen capture shows an example webhook that is configured for ServiceNow.
- Enter appropriate information for each field, including the webhook URL, HTTP headers,
and authentication type. You can test a webhook connection to third-party application by clicking Test Webhook.
- Click Add.
Results
Payload information: When you test a webhook connection that is created in IBM Storage Insights or an actual ransomware threat alert is triggered, IBM Storage Insights sends the payload information to your configured application.
Payload when testing webhook connection:
{
"severity": "Critical",
"deviceType": "flashFamily",
"subcatecory": "Security",
"creator": "Storage insights",
"alertSource": "testDevice",
"name": "Ransomware Threat Detection",
"occurrenceTime": 1709297690345,
"details": {},
"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"resourceType": "Storage System"
}
Payload when actual ransomware threat alert is triggered:
{
"severity": "critical",
"deviceType": "flashFamily",
"subcategory": "SECURITY",
"creator": "",
"alert": {
"source": {
"deviceModel": "xxx",
"deviceSerialNumber": "xxxxxxxxxxxxxxxx",
"deviceType": "FlashSystem xxxx - xxxx",
"deviceName": "xxxxxxxxxxxx"
},
"method": "VOLUME"
},
"name": "Ransomware Threat Detection",
"occurrenceTimeInMs": 1718714498000,
"id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"resourceType": "Storage System",
"details": [
{
"volumeID": "150",
"status": "online_threat_detected",
"hosts": "xxxx-xxxxxx",
"virtualVolumeID": "",
"uID": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"description": "The volume has received an anomalous workload. This anomaly could be the result of a new application configuration where encryption is enabled or a security threat such as ransomware"
}
],
"tenantUUID": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"alertURL": "https://stag.insights.ibm.com/gui/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx#alerts?id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&parentType=storageSystem&parentId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}