This guide explains how to set up a webhook to send Cmd data to Elastic Cloud. Specifically, Cmd webhooks can send information about the Linux events that fire alerts on monitored servers; you can review the full list of data you can include in a webhook.
Prerequisites:
A valid username/password for the Elastic Cloud deployment where you want to send Cmd data.
Permission to manage integrations in Cmd.
Elastic setup
Log in to Elastic Cloud.
Select the deployment that you want to receive Cmd data.
Copy the "Cloud ID", you'll need it later.
Cmd setup
1. Log in to the Cmd web app.
2. Go to 'Integrations preferences'
(Upper-right dropdown menu > Project & app settings > Integrations preferences)
3. Select Webhook, then click Add integration to open the following modal:
4. Define a 'Name' to help you identify this webhook in the Cmd web app.
5. Under 'Webhook URL' enter https://temuzliiab.execute-api.us-west-2.amazonaws.com/api/forwarder . (This is a dedicated webhook forwarder.)
6. Under 'Custom JSON to send' enter the following snippet, with the changes outlined below:
{
"es_index": "example-index",
"es_http_user": "username",
"es_http_cred": "password",
"es_cloud_id": "deploymentID:string"
}For
es_index, enter the Elastic Cloud index where you want to send Cmd data.For
es_http_userandes_http_cred, enter a matching username and password for your Elastic Cloud deployment.For
es_cloud_id, enter the Cloud ID that you copied from Elastic Cloud.
7. Select the Cmd CQL properties to include in the Linux event data sent by this webhook. (If you add properties after initial setup, Kibana will require reindexing. To avoid this, include all the properties.)
8. Test the webhook by copying and pasting the 'Webhook test command'. If setup was successful, the specified Elastic Cloud index will receive the example data within seconds.
Implement the webhook with a trigger
Finally, to use this webhook to send event data, set it as a trigger action.
Related resources: