The opensentinel Generic Webhook handler parses and converts incoming webhook payloads into integration appropriate (output) formats. It supports the following integrations as automation destinations:
Content-Type headers supported by the webhook source integration are also supported by this handler.
In general, this handler attempts to interpret the incoming payload to the best of its ability, taking into account the
Content-Type header as well as a few other markers (such as the message format).
Let's look at a relatively simple
text/plain example. Using the Generic Webhook handler, the following
curl -H 'Content-Type: text/plain' \ -d 'Hello, this is a plain test message' \ "https://automations.opensentinel.com/webhook?token=<TOKEN>"
would output something similar to this in your Keybase channel:
Using a slightly less trivial example, the following
curl -H 'Content-Type: application/x-www-form-urlencoded' \ -d 'test-message=This is a test form-encoded message' \ "https://automations.opensentinel.com/webhook?token=<TOKEN>"
would result in:
The Generic Webhook handler essentially attempts to parse all the supplied fields and pretty-prints the output in Keybase. Similarly for
multipart/form-data payloads, it will attempt to parse each of the individual parts and handle them separately.