Versions:
Graylog 6.0.2
DFIR-IRIS 2.4.7*
Greetings:
I am trying to use Graylog 6.0’s new “Custom HTTP Notification” alert type to send alerts to DFIR-IRIS. Per the DFIR-IRIS, it should be a mere matter of sending interacting with the Iris API via POST (API, Alerts)
An example of how this can be done is found here (dealing with Wazuh sending to Iris): GitHub
So, I believe I have configured this as required:
(Note: I did not use the API Key field because when using that field it forces the use of an API Secret which Iris does not use).
Unfortunately, I keep getting 401 errors (see bottom of screenshot). I have verified the address to be correct and that the api is correct. Further, I have checked the log and there are no error messages.
Any thoughts or suggestions? Thank you!
*Iris is an open-source, Incident Response Investigation System. Iris allows for 3rd-Party Applications to interact via an API.