i try to send a webhook to our Mattermost Server. in MM i configured an incoming webhook and i have a URL.
On InsightIDR i added a “Data Exporter” - “Universal Webhook” with the given URL.
With that i get an “Bad request” (HTTP 400). The same with from IDR the given example cURL statement.
curl -X POST -H 'X-Rapid7-Event: test' -H 'X-Rapid7-Signature: ***' -H 'Content-Type: application/json; charset=UTF-8' -d '{"timestamp":"Mar 30, 2023","webhook_id":"57bd***","webhook_name":"**A L A R M** -- IDR Cosanta"}' https://***URL***
Has somebody experience with Mattermost an IIDR Webhooks?
So the Mattermost Server response is Bad Requests, because the payload of the Data Exporter is different.
You need to transform the IDR Data Exporter payload to something that is compliant for Mattermost.
You can utilize InsightConnect for example for this conversion.
yes, “Missing Message” is the error description, so you are right. But not all our customers have IConnect and they will not pay for it just for a kind of messaging/alerting.
Is there a way to trigger a script in IIDR, so i can build individual payloads?
No, not that I know of. Utilizing other tooling is the only way to create your own payloads. If you do find a way to trigger a custom payload directly from IDR please let me know.