Hello, It is possible to use Discord Webhooks for ...
# fleete
Esteban
06/12/2023, 2:39 PMHello, It is possible to use Discord Webhooks for Policies Automations?
k
Kathy Satterlee
06/12/2023, 2:58 PMHi @Esteban! You can configure any destination for the failing_policies_webhook. Depending on how Discord needs request formatted, you may need to use a middleman (I like Tines) to actually receive the request, do whatever formatting needs to be done, and forward it on to its final destination.
e
Esteban
06/12/2023, 3:05 PMHello! I've configured the automations via the "Manage automations" button in the Fleet GUI. I've directly pasted the Discord Webhook but aparently it's not enough
k
Kathy Satterlee
06/12/2023, 3:07 PMWhat version of Fleet are you using?
e
Esteban
06/12/2023, 3:09 PMFleet 4.32.0
Esteban
06/12/2023, 3:10 PMQuick question, what is the timer for sending the policy webhook?
k
Kathy Satterlee
06/12/2023, 3:12 PMThe policy webhook is sent based on your policy update interval.
I did a quick bit of research into Discord webhooks and it looks like there are likely required fields that wouldn't be included on the Fleet side. In that case, you'd need to go the route of sending the webhook somewhere where you could tweak the payload to have required fields/headers and then forward to Discord from there.
e
Esteban
06/12/2023, 3:13 PMGreat! So the invertal means then the policy fails the Webhook is sent?
Esteban
06/12/2023, 3:14 PMYeah, I though so about the required fields for Discord
k
Kathy Satterlee
06/12/2023, 3:14 PMYes, when policies are processed on the Fleet side, that triggers the webhook for any newly failing hosts.
e
Esteban
06/12/2023, 3:15 PMGreat, so I can configure my webhook via the interface
Esteban
06/12/2023, 3:44 PMWell, I configured the webhook using n8n and setting up the interval with the env variable but it's not sending anything
k
Kathy Satterlee
06/12/2023, 3:50 PMTry hitting the refresh endpoint to make sure that all failing hosts read as new:
https://fleetdm.com/docs/using-fleet/rest-api#run-automation-for-all-failing-hosts-of-a-policy
And remember that it may take some time for the webhook to trigger.
Kathy Satterlee
06/12/2023, 3:50 PMAll of this assuming that you currently have at least one host that's failing a policy 🙂
e
Esteban
06/12/2023, 3:51 PMYes
k
Kathy Satterlee
06/12/2023, 3:52 PMYou can also force a run with
fleetctl trigger --name automationse
Esteban
06/12/2023, 4:04 PMMmmm, I received my request on my server but the webhook didnt trigger
Esteban
06/12/2023, 4:19 PMOkay, weird. That command with the debug options shows
"interval": "24h0m0s"
Esteban
06/12/2023, 4:20 PMMy webhook server is using a self-signed certificate. Maybe is because of that?
Esteban
06/13/2023, 1:21 PMWell, hitting the refresh and running the trigger command didnt work
Esteban
06/13/2023, 1:22 PMThe webhook for % of offline hosts did work but policies not
k
Kathy Satterlee
06/13/2023, 3:03 PMAre there any errors in the Fleet logs?