Sending Alerts to TheHive

Hello,

I was wondering if i can send alerts to TheHive with the alerting plugin
Example of request to create an alert :

curl -XPOST -H 'Authorization: Bearer ***API*KEY***' -H 'Content-Type: application/json' http://127.0.0.1:9000/api/alert -d '{
  "title": "New Alert",
  "description": "N/A",
  "type": "external",
  "source": "instance1",
  "sourceRef": "alert-ref"
}

Thank you

Hi @hilo21,

I believe you should be able to, are you running into any specific issues?

Hello @dbbaughe.
I am able to using curl but the destinations url doesn’t support ip for custom webhooks and even though i defined my hostname in the hosts file it did not work i don’t know how can i bypass this limitation
Thank you

I went through this issue, and solved it by setting a dummy URL, then directly altering the alert config document:

PUT .opendistro-alerting-config/_doc/<alert-config-id>
  {
  "destination" : {
    "type" : "custom_webhook",
      "name" : "My Custom Web Hook",
      "schema_version" : 1,
      "custom_webhook" : {
        "header_params" : {
          "enabled": true,
          "Content-Type" : "application/json"
        },
        "url" : "http://**X.X.X.X**:8080/alert-me"
      }
    }
  }
1 Like