smallstep webhooks for siem :

Implementing webhooks for SIEM logging, etc Print

Created by: Linda Brown

Modified on: Tue, 19 Apr, 2022 at 11:50 AM

Smallstep Webhooks allow your application to subscribe to SSH session and certificate events. Whenever a ssh session is created, a user change event happens, and a session is ended we will make an HTTP POST to the callback UR you specify.

To configure smallstep Webhooks expand the menu in the lower left corner of the admin page and choose settings. Then under Notifications and Alerts, select Webhooks.

Alternate direct URL is https://smallstep.com/app/<your_team>/settings/webhooks

Enter the name, url, authorization type, and authorization.

Be sure value entered for Basic auth is base64 encoded

Next, add any custom headers if required by your SIEM stack for receiving the events data.

Click the Test button to make sure your webhook is configured properly. If successful you will see a HTTP Post request to your SIEM with the payload below:

{
  "category": "test-post"
}

Click save.

You should immediately start seeing session requests posted to your external SEIM.

Linda is the author of this solution article.

Did you find it helpful? Yes No

Implementing webhooks for SIEM logging, etc Print

Related Articles