Integrations (Teams, Slack, Webhooks, [...])
You can enable Saved Views, vulnerabilities and global event notifications as Microsoft Teams, Slack messages, invoked webhooks, or emails.
Slack Integration
To configure notifications to use Slack incoming messages, you will need to create a Slack Incoming Webhook. From the Slack Incoming Webhooks New Configuration page, select a channel the messages should be posted to, and then click the Add Incoming Webhooks Integration button. This will take you to a page where the Webhook URL is displayed, and you can further configure the message to be sent.
Copy the webhook URL displayed on that page. In the N|Solid Console, click Settings and choose Integrations
from the left side menu. Paste the Slack webhook URL into the form and name the new integration. Once you have saved this integration, you will be able to attach it to global events, vulnerabilities, and saved views as a notification.
Microsoft Teams Integrations
Similar to how teams configure NSolid’s Slack integration, organizations using Microsoft Teams can now configure notifications to use Microsoft Teams incoming messages feature.
To set up Microsoft Teams in NSolid, users need to create a Microsoft Teams Incoming Webhook (see MS Teams docs here) and use it to configure the Microsoft Teams integration in Settings>Integrations.
On the New Teams Webhook page, users can enter the channel name they wish to post messages to in the Webhook Name field, and paste the webhook URL into the Webhook Url and save the webhook. Once saved the integration is active and users can select Microsoft Teams as the notification destination of their set alerts.
Now the Microsoft Teams integration is available.
Once configured users can use the Microsoft Teams integration in both Threshold Event Notifications based on Saved Views and Global Event Notifications .
To have NSolid send a Global Notification to your configured Microsoft Teams channel visit Settings>GlobalNotifications and select the configured Microsoft Teams Notification from the drop down.
Once selected users can observe the message format and content:
Users can also use the Microsoft Teams integration when their processes enter a saved view:
PagerDuty Integrations
Organizations using PagerDuty can now configure notifications to use PagerDuty incidents feature.
To have NSolid send a Global Notification to your configured PagerDuty incidents visit Settings>GlobalNotifications and select the configured PagerDuty Notification from the drop down.
On the New PagerDuty integration page, users can add a nickname for the identity of the integration and the provided
Now the PagerDuty integration is available.
Once configured users can use the PagerDuty integration in both Threshold Event Notifications based on Saved Views and Global Event Notifications.
To have NSolid send a Global Notification to your configured PagerDuty integration Settings>GlobalNotifications and select the configured PagerDuty Notification from the drop down.
Examples
Below are examples of typical saved view and vulnerability notifications sent as incoming Slack messages.
Process Event Loop Blocked
Saved View Entered
Vulnerability Detected
In case you need support to set up the PagerDuty integration, please visit our support portal: https://support.nodesource.com/
Webhook Integration
You can also have notifications sent as HTTP POST messages to a webserver you manage. As the messages are sent to your server, you can run your own customized code to handle the notification.
Notification data is sent in the HTTP request as a JSON object in the body of the request. The HTTP request will be sent with the Content-Type
header set to application/json
.
In the N|Solid Console, click Settings and choose Integrations
from the left side menu. Paste your webhook URL into the form and name the new integration. Once you have saved this integration, you will be able to attach it to global events, vulnerabilities, and saved views as a notification.
Events
The data the webhook receives has an event
property. The value of this property will change depending on the event that prompts the notification. The following events are supported.
Event | Description |
---|---|
nsolid-saved-view-match | An agent has entered a saved view. Additionally, the configured delay time period has passed, and this event has not fired in the time period specified by the snooze parameter |
nsolid-agent-exit | An agent that was connected is no longer connected to N|Solid Console |
nsolid-snapshot-generated | A heap snapshot has been generated. This could have been done manually or as a result of another event |
nsolid-profile-generated | A CPU profile has been generated. This could have been done manually or as a result of another event |
nsolid-process-blocked | A process has had its event loop blocked for at least the time period specified by the duration parameter |
nsolid-vulnerability-detected | A vulnerability has been detected for this process |
Common Data
All notifications will include the following properties in the notification object and additional properties that may be specific to individual events.
Property | Description |
---|---|
time | ISO datetime string indicating when this event was triggered |
event | One of the event types, described above |
agents | A list of objects with properties described below |
assets | A list of assets like heap snapshots or cpu profiles that this event caused to be created |
config | The notifications config that caused this notification to be sent |
The property named agent
will be an object with the following properties:
Property | Description |
---|---|
id | The agent id |
info | Information about this agent including tags, app name, and hostname |
metrics | The latest metrics information we have from this agent, if any |
In addition to the data specified above, some events may contain additional information.
Agent Exit
Agent exit events will include the exit code of the process. If there was a stack trace associated with an abnormal exit, that stack trace will also be included. Additionally, if you catch an exception with an uncaughtException
handler and exit synchronously, as Node.js documentation recommends, the exception will also be included.
const nsolid = require('nsolid');
process.on('uncaughtException', err => {
console.error(err);
proces.exit(1);
});
If you must exit asynchronously from an uncaughtException
handler it is still possible to report the exception by passing it to nsolid.saveFatalError()
prior to shutting down.
const nsolid = require('nsolid');
process.on('uncaughtException', err => {
nsolid.saveFatalError(err);
shutdownApp(() => {
proces.exit(1);
});
});
Event Loop Blocked Data
The value of the event
property in the notification object will be nsolid-process-blocked
.
The notification object will include an additional property named stacktrace
, whose value is a string version of the stack trace being executed when the event loop was blocked.
Vulnerability Event Data
The value of the event
property in the notification object will be nsolid-vulnerability-detected
.
The notification object will include an additional property named vulnerability
, whose value is a list of vulnerabilities for this process. The new vulernability whose discovery triggered this event will have a new
property with the value true
.
Email Notifications
In N|Solid Console, click Settings and choose Global Notifications
from the left side menu. Select a global event, such as vulnerabilities found, a new CPU profile, or a new HeapSnapshot, etc, that is meant to be notified via email. Click on New Notification
dropdown and select Email
. Enter one or more email addresses; once you have saved this notification, the previously provided emails will receive the respective notifications.