IBM Storage Insights 中创建网络钩子

使用网络钩子 IBM Storage Insights 使用网络钩子与第三方应用程序集成,以接收实时警报并自动执行工作流程。 配置、测试和管理网络钩子,实现无缝数据交换。

关于此任务

Webhook 可帮助您将 IBM Storage Insights 与第三方应用程序或协作工具(如 ServiceNow )集成。

注:
  • 只有具有管理员角色的用户才能创建、修改或删除网络钩子。 具有监控器角色的用户可以查看网络钩子配置并重试发送失败的网络钩子。
  • 勒索软件威胁检测警报会发送到所有已配置的网络钩子,无论它们各自的配置如何。

步骤

要在 IBM Storage Insights 中创建网络钩子,请完成以下步骤:

  1. 登录您的 IBM Storage Insights 实例,然后转到配置 > 集成。 如果您使用的是 IBM Storage Insights ,然后转到设置 > 整合
  2. 单击 添加集成
  3. 为每个字段输入适当的信息,包括网络钩子名称和 URL、描述、要转发的警报、 HTTP 标头和验证类型。
    您可以通过单击 测试 Webhook来测试与第三方应用程序的 Webhook 连接。
  4. 单击 添加

结果

已成功创建 Webhook。 要查看和管理之前创建的所有网络钩子,请转到设置 > 集成。 单击特定 Webhook 行末尾的三个垂直点以编辑或删除 Webhook。

有效载荷信息: 当您测试在 IBM Storage Insights 或触发实际警报时、 IBM Storage Insights 将有效载荷信息发送到您配置的应用程序。

触发勒索软件威胁警报时的有效载荷示例:
{
  "severity": "critical",
  "deviceType": "flashFamily",
  "subcategory": "SECURITY",
  "creator": "",
  "alert": {
    "source": {
      "deviceModel": "xxx",
      "deviceSerialNumber": "xxxxxxxxxxxxxxxx",
      "deviceType": "FlashSystem xxxx - xxxx",
      "deviceName": "xxxxxxxxxxxx"
    },
    "method": "VOLUME"
  },
  "name": "Ransomware Threat Detection",
  "occurrenceTimeInMs": 1718714498000,
  "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "resourceType": "Storage System",
  "details": [
    {
      "volumeID": "150",
      "status": "online_threat_detected",
      "hosts": "xxxx-xxxxxx",
      "virtualVolumeID": "",
      "uID": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
      "description": "The volume has received an anomalous workload. This anomaly could be the result of a new application configuration where encryption is enabled or a security threat such as ransomware"
    }
  ],
  "tenantUUID": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "alertURL": "https://stag.insights.ibm.com/gui/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx#alerts?id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&parentType=storageSystem&parentId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}
触发任何其他警报时的示例有效载荷:
{
  "severity": "critical",
  "deviceType": "flashFamily",
  "category": "SECURITY",
  "name": "Write-cache Delay Percentage >= 10.0",
  "occurrenceTimeInMs": 1733320427770,
  "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "tenantUUID": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "deviceName": "tpcflash5200-9"  
  "alertURL": "https://stag.insights.ibm.com/gui/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx#alerts?id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&parentType=storageSystem&parentId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  "Description": "Alert Write-cache Delay Percentage >= 10.0 on ABC was triggered 1 times at Sun 2024- "
}

要管理创建的网络钩子,请参阅 IBM Storage Insights 中的监控集成