How to create a webhook

Elastic Security
1

Dear community,

TL;DR:
goal: create tickets for SIEM alarms in ticket system
path: use webhook with token (generated by ticket system)
problem: how to setup a connector

I'd like to create a ticket for every SIEM alarm in our ticket system. The ticket system uses a token for authentication.

In the chapter "Webhook action" (Webhook action | Elastic Docs) there is no option for delivering a token to via the request. Do I have to put it in the "params", or does this fit to the auth section (where only 'basic auth' is supported)?

Best regards,
Kai

#elastic-stack:webhook
#webhook
#connector
#elastic-stack:connector

2

Hi @KaWa

Usually Authentication Tokens are added as a custom headers... perhaps I am missing something?

Can you should a sample what a curl POST request would look like?

Screenshot 2025-07-02 at 6.14.20 AM
Screenshot 2025-07-02 at 6.14.20 AM1912×1554 174 KB

3

Dear community,

We got it working, thanks to our internal IT!

For all the people reading this, there are some points you have to keep in mind:

  1. In the kibana.yml there are options that touch the communication between Kibana and other systems. We had to consider these parameters (found here
  • xpack.actions.proxyBypassHosts
  • xpack.actions.allowedHosts
  1. How to use a token in a HTTP-header:
    image
    image856×782 40.3 KB

    (xxxyyyzzz is your token)
  2. If you use HTTPS, perhaps you need to make your CA available (see "Add certificate authority" in the picture).
  3. What does your ticket-system expect? Perhaps you need to make it aware, that Kibana sends json and use the "Content-Type"-header.

I hope this helps others with the same problem.

Best regards
Kai

1 Like
4

Thanks, @stephenb for your comment. We tried curl POST and this led us to the solution.

1 Like