Configure the webhook in Graylog
Configure webhook endpoints so that Graylog can use the endpoint to communicate with Incident Response.
Before you begin
Role required: Responder, Manager, or Administrator
About this task
Log in to your Graylog web console and select the
- Click Notifications, then click Create Notification.
In the New Notification page, fill in the form:
Field Description Title Name for the wehook notification. Description Description for the wehook notification. Notification Type Select HTTP Notification. URL Paste the webhook URL copied from LIR.
- Click Add to URL Whitelist.
Add your webhook to the whitelist.
Field Description Title Use the same title that you used while creating the notification. Type Select Exact match.
- Click Save.
You can test your notification channel by clicking Execute Test
This will create an alert with OK/Informational severity in LIR.
- Click Create.
What to do next
- Navigate to .
- Create or edit an event definition. Enter the details and conditions for
your alert event. For detailed information, see Defining an Event.
- In the Notifications section, click Add
Notification and select the notification you created
containing the webhook URL from LIR.
- Click Done.
- You can optionally set the grace period to limit the notifications from
being sent again. Also, you can optionally select Message Backlog and
provide a number which would limit the number of messages in the
- After adding the alert details, click Done.
Closing a Graylog Alert
Graylog doesn't provide a closing payload for an alert. To close an alert from Graylog, follow the steps given in Close an alert.