intrusion detection - How to send OSSec Notification to a HTTP URL -
currently see email notification can sent alerts in ossec. there way make http call in case of alert?
i couldn't find direct way send ossec notification webhook url. but, got working of logstash, use log parsing , indexing. added logstash output following configuration:
output { if [type] == "ossec_alert" { http { http_method => "post" url => "https://mythhpwebhook.com?key=1234" content_type => "application/json" mapping => ["subject", "ossec alert: %{signature}", "message", "%{message}"] } } }
not: message , signature variable filter applied ossec input.
Comments
Post a Comment