Generic Webhook

The opensentinel Generic Webhook handler parses and converts incoming webhook payloads into integration appropriate (output) formats. It supports the following integrations as automation destinations:

All the Content-Type headers supported by the webhook source integration are also supported by this handler.

Keybase Channel Output

In general, this handler attempts to interpret the incoming payload to the best of its ability, taking into account the Content-Type header as well as a few other markers (such as the message format).

Let's look at a relatively simple text/plain example. Using the Generic Webhook handler, the following POST request:

curl -H 'Content-Type: text/plain' \
     -d 'Hello, this is a plain test message' \
     "https://automations.opensentinel.com/webhook?token=<TOKEN>"

would output something similar to this in your Keybase channel:

Generic webhook output - plain text encoded

Using a slightly less trivial example, the following POST request:

curl -H 'Content-Type: application/x-www-form-urlencoded' \
     -d 'test-message=This is a test form-encoded message' \
     "https://automations.opensentinel.com/webhook?token=<TOKEN>"

would result in:

Generic webhook output - form encoded

The Generic Webhook handler essentially attempts to parse all the supplied fields and pretty-prints the output in Keybase. Similarly for multipart/form-data payloads, it will attempt to parse each of the individual parts and handle them separately.