UpGuard

The following tutorial demonstrates how to send your logs to Coralogix using UpGuard. Follow this five-step guide for each notification that you would like to send us.

UpGuard uses webhooks to send notifications when an event happens in your UpGuard account. This could be when an identity breach or data leak is detected, the score of a watched vendor drops below a certain threshold, or when a user requests access to your shared profile.

Configuration

STEP 1. Create Integration.

• Login to your Upguard account.

• Select Settings in your left-hand sidebar.

• Click on the Integrations tab.

• Click + New Integration.

• Select Webhook.

STEP 2. Select Triggers

• Select from a wide-range of pre-defined triggers to use as part of this integration. Examples include:

  • 'When my company's score drops below 600'

  • 'When a domain or IP's score drops below 600'

  • 'When a new identity breach is detected'

  • 'When a new identity breach for a VIP email is detected'

• Enable a trigger by clicking on the associated pill, which slides to the right.

• Click Confirm and next.

STEP 3. Name and Destination

• Provide the webhook URL corresponding to the Coralogix cluster URL associated with the domain and region where your data is stored.

For example, if your Coralogix data is hosted in India, your webhook URL should appear as https://api.app.coralogix.in/api/v1/logs.

• Configure the HTTP Header values by inputting Content-Type: application/json. As webhook by default uses POST method to send requests, there is no need to define the method.

Example:

• Click Confirm and next.

STEP 4. Define Payload Structure

• For each trigger, UpGuard provides a default payload template as in the example below.

• Modify the payload template to comply with the Coralogix structure.

POST Body

Log

• Wrap the payload template in JSON as follows. You will need to input your Coralogix Send-Your-Data API key, application and subsystem names, and computer name.

{
   "privateKey": "<Coralogix send your data api-key>",
   "applicationName": "<application name>",
   "subsystemName": "<subsytem name>",
   "computerName": "<computer name>",
   "logEntries": [
     {
       "severity": <default severity of event 1-6>,
       "text": {
           "notification": {
           }
        }
     }
   ]
}

• The following is an example of a Coralogix-compatible payload template.

{ 
"privateKey": "xxxxxxx-xxxxxx-xxxxxx-xxxxxxx",
   "applicationName": "upguard",
   "subsystemName": "upguard",
   "computerName": "upguard01",
   "logEntries": [
     {
       "severity": 4,
       "text": {
   "notification": {
     "id": {{ notification.id }},
     "type": "{{ notification.type }}",
     "description": "{{ notification.description }}",
     "occurredAt": "{{ notification.occurredAt }}",
     "context":     {
       "PrevScore": {{ notification.context.PrevScore }},
       "PrevScoreOn": "{{ notification.context.PrevScoreOn }}",
       "Threshold": {{ notification.context.Threshold }},
       "LatestScore": {{ notification.context.LatestScore }},
       "LatestScoreOn": "{{ notification.context.LatestScoreOn }}"
     }
   }
 }
     }
   ]
 }

• Validate that your webhook is working properly by clicking Send test message. The value '200 OK' should appear as the Response.

Example:

• Validate that Coralogix has received the test notification by searching the logs in your Coralogix dashboard.

• Click Confirm and next.

STEP 5. Enable the Integration

• Click the toggle to enable the integration and click Finish.

Additional Resources

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].

Previous Generic Incoming Webhooks

Next Fluent Bit Helm Chart for Kubernetes

Theme

Light

light

dark