Graylog Alert Notification to Demisto API (Create new Incident)


#1

Hi all,
I’m trying to figure out, if creating a plugin to send out a certain API Call to Demisto Automation server is the way to go. Surely, I could solve this with an email notification, this however, is only my last option. I haven’t figured out how to create a simple plugin which basically only has to pick some fields put it into a specific API POST and send it away to Demisto to create an incident. Can anybody give me a good start or support on that?
Cheers Koltas


(Jochen) #2

You’ll have to create an alarm callback with your business logic.
http://docs.graylog.org/en/2.4/pages/plugins/alert_notifications.html


#3

Gotcha Jochen! Already went trough that section. So I have to create a plugin?
The sample in this section of the doc is outdated however. Anything on that?

Cheers Koltas


(Jochen) #4

Yes.

Please elaborate.


#5

Alright!

Since I’m not a DEV I kinda need a point to start off. I went trough the marketplace already to find a simple api call alert callback source to work from there. Is there a tutorial or FAQ or a updated minimal plugin code for alert callbacks? Cheers for your help Jochen! =)


(Jochen) #6

Why do you think the code is outdated?


#7


Well the Version is 2.2 and there is also an issue flagging that. Or am I missing something huge here?


(Jochen) #8

As long as you don’t need to build any extensions for the web interface, you should be fine.


#9

Aight! I’m going to it then, thanks!


(system) #10

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.