The UXI Dashboard can send information to a third-party service via webhooks. Currently, there are pre-defined webhooks for either Slack, Teams, ServiceNow, or there is a generic webhook that can optionally use HTTP Basic auth and send the messages in a pre-defined JSON format.
The content of the webhook message depends on whether your dashboard is using Incident Detection. Incident detection examines issues based on your historical data to identify anomalies and group issues together. Without Incident Detection, webhooks notify you regarding all issues detected for every sensor. With Incident Detection enabled, instead of being notified about every issue, you are only notified about each Incident when the incident is first detected and when it is resolved. Please note that incidents can evolve and more issues may be added to the incident after it is first detected, but no subsequent updates will be sent.
If you want more granular data than the data provided by webhooks, please see the Data Push Destinations feature using the Issue data.
Adding Webhooks
Webhook 1: Generic
Before you begin with the generic webhook, ensure the system you want to use is reachable from our UXI cloud. The following UXI IP addresses should be allowed to communicate with the destination.
54.190.18.21
52.88.224.46
54.71.247.190
34.210.97.95
To set up the webhook from the dashboard, go to Settings -> Integrations and select the Add webhook button.
Change the target to Generic.
Paste the webhook URL in the URL input field
Select an Authentication method - None or Basic Auth
Bearer Token authentication - If the destination allows for it to be specified in the URL as a query parameter you can specify it in the URL. This wouldn’t work if the destination only allows for it to be part of the header.
Click on Add.
Your webhook should be visible in your webhook list and will be triggered once an issue or incident is detected depending on whether Incident Detection is enabled.
Below is an example of the body of the request to the webhook URL for dashboards without incident detection enabled.
{
'details': ' Sensor: *Sensor1* Network: *YourSSIDName* Service: *Gmail*',
'notification_reference': 5649,
'description': 'External service is unavailable',
'severity': 'error',
'status': 'ALARM',
'start_timestamp': 1590395448
}
Below is an example of the body of the request to the webhook URL for dashboards with incident detection enabled.
{
"description":"*New incident detected*",
"details":"New incident detected\n'Incident JUL/2024-026'\n3 sensors affected\n\nIssues:\nGATEWAY_UNREACHABLE\nNetworks affected:\n• uxi_psk\nGroups affected:\n• Group1\n• Group2\n• Group3\n\nIncident began: 2024-07-15 06:45:31.105569+00:00\n",
"notification_reference":"cd5c2826-0f0e-4bd1-ba64-b0a02f040842",
"severity":"error",
"status":"ALARM",
"start_timestamp":1721025931.105569
}
Webhook 2: Microsoft Teams Incoming Webhook
Caution: According to Microsoft, they would deprecate Office 365 connectors in MS Teams, including Incoming webhooks from Aug 15th, 2024.
In Microsoft Teams, you can create a new channel or use the existing channel to receive alerts from the UXI dashboard.
You can refer to this documentation to create an incoming webhook on the MS Teams channel:
https://learn.microsoft.com/en-us/microsoftteams/platform/webhooks-and-connectors/how-to/add-incoming-webhook?tabs=newteams%2Cdotnet
Navigate to Manage Channel > Settings > Connectors > Add "Incoming Webhook"
Provide Name, upload an image(optional), and then copy the URL
Navigate to UXI dashboard, Settings > Integrations > Add Webhook > Select "Microsoft Teams" > Paste the URL > Keep the authentication to "None" > Enabled > Submit.
Once you have incidents on the dashboard, you should able to receive the webhook messages in the Teams Channel. You can validate it by checking the incident panel on the top right side of the UXI dashboard.
Note: MS Teams does not let you create a username-password for the webhook.
This MS Teams webhook should work for incident and non-incident detection enabled customers meaning if you have incident detection enabled you should get incidents as alerts and if you don't then you should get issues as alerts.
Webhook 3: Slack
In order to add a slack webhook, you need to create a slack application.
Follow the instructions for Slack incoming webhooks here
Copy the webhook URL generated by slack.
It should look something like this
https://hooks.slack.com/services/xxxxxxxxxx/xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx
3. On the dashboard, Click on the add webhook button
Change the target to Slack
Paste the URL in the URL input field
Select None for Authentication
Click on Add
All alerts will now be published to the appropriate Slack channel. In our case the channel is #webhook-test and the result is as below
Webhook 4: ServiceNow
This is a little more in-depth as it requires configuration on ServiceNow.
Below are the steps to create your webhook with ServiceNow.
Navigate to Scripted REST API
2. Create your API
Click on the new button to start creating your API
Give your API a name and an ID
Click on the submit button to save this API
3. Select your API and create a new unauthenticated resource
After creating your API, you are redirected to a list of APIs.
Search for your API and select your API
Create a new resource by clicking on the new button at the bottom of the page.
4. Use the script below as a template
This example shows how to create a POST request. We will be using it to post an alert. The alert details are contained in
request.body.data.text
5. Final script for REST API:
(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
gs.info(request.body.data);
var action = request.body.data.action;
var inc = new GlideRecord('incident');
if (action == 'open_incident') {
inc.initialize();
inc.short_description = 'Incident created from WebHook';
inc.comments = request.body.data.text;
inc.insert();
gs.info('Incident created');
return {
"uri": request.uri,
"url": request.url,
"sys_id": inc.sys_id,
};
} else if (action == 'close_incident') {
inc.get(request.body.data.sys_id);
inc.state = 7;
inc.update();
gs.info('Incident closed');
}
})(request, response);
6. An example Incident from ServiceNow
Once this is done, on the dashboard, you just have to add the webhook to the dashboard.
On the dashboard, Click on the add webhook button
Change the target to ServiceNow
Paste the Webhook URL in the URL input field. In our case https://ven02658.service-now.com/api/arune/cape. This is a combination of the base (https://ven02658.service-now) and resource path (/api/arune/cape).
Select the Authentication method for your webhook
If None is selected, proceed to the next step
If Basic is selected, type in Username and Password and proceed to the next step
Click on Add
All alerts will now be published to the defined URL. Please note that incidents on ServiceNow will auto close when all issues on an alert (incident) have been closed or no longer ongoing.
Note: Some of the webhooks when you try to configure using a generic option, require data to be received in a specific JSON format. for example MS Teams Webhook hence feature requests can be entered in AIZ for such requests.
Editing Webhooks
In the Webhooks section, click on the webhook you would like to edit. This opens up the edit modal, and you can modify the webhook.
Click Save to save your changes.
Deleting Webhooks
In the Webhooks section, click on the webhook you would like to delete.
This opens up the edit modal, and you can click on the red trash can to remove a webhook. Please note that this will not delete the configuration on your service side.