Webhook
372 views
Skip to first unread message
Romain Hennebois
May 30, 2024, 10:45:57 AM5/30/24
to Wazuh | Mailing List
Hi team,
I need some help with opensearch notification plugin and webhook integration.
I'm currently trying to integrate my Rocket.Chat webhook URL but i receive this error message when my header is "application/json" :
[status_exception] {"event_status_list": [{"config_id":"qDnhyY8BldJqsO0F2Izp","config_type":"webhook","config_name":"Rocket.Chat","email_recipient_status":[],"delivery_status":{"status_code":"500","status_text":"Failed to send webhook message Failed: <!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Bad Request</pre>\n</body>\n</html>\n"}}]}
I need some help with opensearch notification plugin and webhook integration.
I'm currently trying to integrate my Rocket.Chat webhook URL but i receive this error message when my header is "application/json" :
[status_exception] {"event_status_list": [{"config_id":"qDnhyY8BldJqsO0F2Izp","config_type":"webhook","config_name":"Rocket.Chat","email_recipient_status":[],"delivery_status":{"status_code":"500","status_text":"Failed to send webhook message Failed: <!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Bad Request</pre>\n</body>\n</html>\n"}}]}
but when my header is "json", i receive the message but it's empty.
I am using wazuh 4.7.4
Natalia Castillo
May 30, 2024, 9:32:05 PM5/30/24
to Wazuh | Mailing List
Hey there!
Seems like there's an issue in integrating your Rocket.Chat webhook URL with the OpenSearch notification plugin in Wazuh 4.7.4. Let's sort this out together and do some steps to troubleshoot what might be causing the issue.
{
"text": "Your message here"
}
Seems like there's an issue in integrating your Rocket.Chat webhook URL with the OpenSearch notification plugin in Wazuh 4.7.4. Let's sort this out together and do some steps to troubleshoot what might be causing the issue.
- Regarding the 500 Error with "application/json" Header: This commonly indicates an issue with how Rocket.Chat is processing the request.
- For the Empty Message with "json" Header: It suggests that the payload format might not align with what Rocket.Chat expects.
{
"text": "Your message here"
}
Make sure that you're sending the correct structure.
Ensure that your Wazuh server-side configuration aligns with our documentation here. Here's a configuration snippet for reference:
<integration>
<name>custom-integration</name>
<hook_url>WEBHOOK</hook_url>
<level>10</level>
<group>multiple_drops,authentication_failures</group>
<api_key>APIKEY</api_key> <!-- Replace with your external service API key -->
<alert_format>json</alert_format>
<options>{"data": "Custom data"}</options> <!-- Replace with your custom JSON object -->
</integration>
You can also test your RocketChat webhook with a cURL command executed on the wazuh-dashboard server:
curl -X POST -H 'Content-Type: application/json' --data '{"text":"Example message sent from wazuh-dashboard"}' https://chat.mydomain.local/hooks/<APIKEY>
Additionally, checking systemctl status wazuh-dashboard might provide more insights into any errors.
Let me know if you need further assistance!
Ensure that your Wazuh server-side configuration aligns with our documentation here. Here's a configuration snippet for reference:
<integration>
<name>custom-integration</name>
<hook_url>WEBHOOK</hook_url>
<level>10</level>
<group>multiple_drops,authentication_failures</group>
<api_key>APIKEY</api_key> <!-- Replace with your external service API key -->
<alert_format>json</alert_format>
<options>{"data": "Custom data"}</options> <!-- Replace with your custom JSON object -->
</integration>
You can also test your RocketChat webhook with a cURL command executed on the wazuh-dashboard server:
curl -X POST -H 'Content-Type: application/json' --data '{"text":"Example message sent from wazuh-dashboard"}' https://chat.mydomain.local/hooks/<APIKEY>
Additionally, checking systemctl status wazuh-dashboard might provide more insights into any errors.
Let me know if you need further assistance!
Romain Hennebois
May 31, 2024, 2:52:44 AM5/31/24
to Wazuh | Mailing List
Hi Natalia,
Thank you for your reply! I have tried everything you suggested, but nothing more.
The OpenSearch notification plugin doesn't work yet, but the curl works.
Thank you for your reply! I have tried everything you suggested, but nothing more.
The OpenSearch notification plugin doesn't work yet, but the curl works.
Romain Hennebois
May 31, 2024, 5:15:58 AM5/31/24
to Wazuh | Mailing List
Also, if I use ‘Slack’ instead of ‘Custom webhook’ it works but the message is empty.
Natalia Castillo
May 31, 2024, 6:59:59 PM5/31/24
to Wazuh | Mailing List
Hi!
I misunderstood part of your issue earlier. The documentation I provided was about the Integrator daemon, not exactly what you need. Let's take a few more steps to troubleshoot and resolve your issue.
The problem seems to be with the message being sent. Ensure you're structuring your message as JSON. Even if you set the header to "application/json," the message itself must be in JSON format.
Let's start by sending a plain text message in the correct JSON format, without configuring any specific alert. This way, we can ensure the message is sent correctly without errors. Here's an example format:
.png?part=0.1&view=1)
Try sending this simple message first. If it works, we can then move on to structuring the specific message you want to send. Let me know what you're trying to achieve, and I'll help you format the message accordingly.
Let me know how everything works!
The problem seems to be with the message being sent. Ensure you're structuring your message as JSON. Even if you set the header to "application/json," the message itself must be in JSON format.
Let's start by sending a plain text message in the correct JSON format, without configuring any specific alert. This way, we can ensure the message is sent correctly without errors. Here's an example format:
Try sending this simple message first. If it works, we can then move on to structuring the specific message you want to send. Let me know what you're trying to achieve, and I'll help you format the message accordingly.
Let me know how everything works!
Romain Hennebois
Jun 10, 2024, 3:06:35 AM6/10/24
to Wazuh | Mailing List
Hi Natalia,
I'm sorry for not replying last week, I was out of work.
For the notification channel, I still get the same error "status_code":"500","status_text"
For the message you told me to try, I have this error showing "[x_content_parse_exception] [1:321] [bool] failed to parse field [filter]".
I hope we can find a way to solve this!
Kamil Tańcula
Feb 19, 2025, 3:55:08 AMFeb 19
to Wazuh | Mailing List
Hello all,
i encountered the same error
i configured a chanell (Custom webhook) to rocketchat but when i try to send a test massage i get the message:
[status_exception] {"event_status_list": [{"config_id":"d282HZUB78RAxY0OEbn7","config_type":"webhook","config_name":"Rocketchat","email_recipient_status":[],"delivery_status":{"status_code":"500","status_text":"Failed to send webhook message Failed: <!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Bad Request</pre>\n</body>\n</html>\n"}}]}
when I try to send a message via monitor/notification with the content {"text":"Example message"} I get the message [alerting_exception] [1:321] [bool] failed to parse field [filter]
however, when I execute the following command from the wazuh server, the message arrives correctly
curl -X POST -H 'Content-Type: application/json' --data '{"text":"Example message"}' https://rocketchat.domain.com/hooks/67b584d647f99788451ffcb1/wwRPqnizMrNqhkYtma545645646466546544654Yot4iZW
where could the problem be?
i encountered the same error
i configured a chanell (Custom webhook) to rocketchat but when i try to send a test massage i get the message:
[status_exception] {"event_status_list": [{"config_id":"d282HZUB78RAxY0OEbn7","config_type":"webhook","config_name":"Rocketchat","email_recipient_status":[],"delivery_status":{"status_code":"500","status_text":"Failed to send webhook message Failed: <!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>Bad Request</pre>\n</body>\n</html>\n"}}]}
when I try to send a message via monitor/notification with the content {"text":"Example message"} I get the message [alerting_exception] [1:321] [bool] failed to parse field [filter]
however, when I execute the following command from the wazuh server, the message arrives correctly
curl -X POST -H 'Content-Type: application/json' --data '{"text":"Example message"}' https://rocketchat.domain.com/hooks/67b584d647f99788451ffcb1/wwRPqnizMrNqhkYtma545645646466546544654Yot4iZW
where could the problem be?
Reply all
Reply to author
Forward
0 new messages