Creating a webhook in IBM Storage Insights

About this task

Webhook helps you to integrate IBM Storage Insights with third-party applications or collaboration tools such as ServiceNow.

Procedure

To create a webhook in IBM Storage Insights, complete the following steps:

  1. Login to your IBM Storage Insights instance and go to Configurations > Integrations. If you are in the new modern view of IBM Storage Insights, then go to Settings.
  2. Click Add Integration.
    The following screen capture shows an example webhook that is configured for ServiceNow.Creating a webhook
  3. Enter appropriate information for each field, including the webhook URL, HTTP headers, and authentication type.
    You can test a webhook connection to third-party application by clicking Test Webhook.
  4. Click Add.

Results

The webhook is created successfully. To view and manage all previously created webhooks, go to Configuration > Integrations. Click the three vertical dots at the end of the specific webhook row to edit or delete the webhook.

Payload information: When you test a webhook connection that is created in IBM Storage Insights or an actual ransomware threat alert is triggered, IBM Storage Insights sends the payload information to your configured application.

Payload when testing webhook connection:

{
  "severity": "Critical",
  "deviceType": "flashFamily",
  "subcatecory": "Security",
  "creator": "Storage insights",
  "alertSource": "testDevice",
  "name": "Ransomware Threat Detection",
  "occurrenceTime": 1709297690345,
  "details": {},
  "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "resourceType": "Storage System"
}
Payload when actual ransomware threat alert is triggered:
{
  "severity": "critical",
  "deviceType": "flashFamily",
  "subcategory": "SECURITY",
  "creator": "",
  "alert": {
    "source": {
      "deviceModel": "xxx",
      "deviceSerialNumber": "xxxxxxxxxxxxxxxx",
      "deviceType": "FlashSystem xxxx - xxxx",
      "deviceName": "xxxxxxxxxxxx"
    },
    "method": "VOLUME"
  },
  "name": "Ransomware Threat Detection",
  "occurrenceTimeInMs": 1718714498000,
  "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "resourceType": "Storage System",
  "details": [
    {
      "volumeID": "150",
      "status": "online_threat_detected",
      "hosts": "xxxx-xxxxxx",
      "virtualVolumeID": "",
      "uID": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "description": "The volume has received an anomalous workload. This anomaly could be the result of a new application configuration where encryption is enabled or a security threat such as ransomware"
    }
  ],
  "tenantUUID": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "alertURL": "https://stag.insights.ibm.com/gui/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx#alerts?id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&parentType=storageSystem&parentId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}