Integrations (Slack, Webhooks, and Emails)
You can enable global event notifications as Slack messages, invoked webhooks, or emails.
Slack Integration
To configure notifications to use Slack incoming messages, you will need to create a Slack Incoming Webhook. From the Slack Incoming Webhooks New Configuration page, select a channel the messages should be posted to, and then click the Add Incoming Webhooks Integration button. This will take you to a page where the Webhook URL is displayed, and you can further configure the message to be sent.
Copy the webhook URL displayed on that page. In the N|Solid Console, click Settings and choose Integrations from the left side menu. Paste the Slack webhook URL into the form and name the new integration. Once you have saved this integration, you will be able to attach it to global events, vulnerabilities, and saved views as a notification.
Examples
Below are examples of typical saved view and vulnerability notifications sent as incoming Slack messages.
Process Event Loop Blocked
Saved View Entered
Vulnerability Detected
Webhook Integration
You can also have notifications sent as HTTP POST messages to a webserver you manage. As the messages are sent to your server, you can run your own customized code to handle the notification.
Notification data is sent in the HTTP request as a JSON object in the body of the request. The HTTP request will be sent with the Content-Type header set to application/json.
In the N|Solid Console, click Settings and choose Integrations from the left side menu. Paste your webhook URL into the form and name the new integration. Once you have saved this integration, you will be able to attach it to global events, vulnerabilities, and saved views as a notification.
Events
The data the webhook receives has an event property. The value of this property will change depending on the event that prompts the notification. The following events are supported.
| Event | Description |
|---|---|
nsolid-saved-view-match | An agent has entered a saved view. Additionally, the configured delay time period has passed, and this event has not fired in the time period specified by the snooze parameter |
nsolid-agent-exit | An agent that was connected is no longer connected to N|Solid Console |
nsolid-snapshot-generated | A heap snapshot has been generated. This could have been done manually or as a result of another event |
nsolid-profile-generated | A CPU profile has been generated. This could have been done manually or as a result of another event |
nsolid-process-blocked | A process has had its event loop blocked for at least the time period specified by the duration parameter |
nsolid-vulnerability-detected | A vulnerability has been detected for this process |
Common Data
All notifications will include the following properties in the notification object and additional properties that may be specific to individual events.
| Property | Description |
|---|---|
time | ISO datetime string indicating when this event was triggered |
event | One of the event types, described above |
agents | A list of objects with properties described below |
assets | A list of assets like heap snapshots or cpu profiles that this event caused to be created |
config | The notifications config that caused this notification to be sent |
The property named agent will be an object with the following properties:
| Property | Description |
|---|---|
id | The agent id |
info | Information about this agent including tags, app name, and hostname |
metrics | The latest metrics information we have from this agent, if any |
In addition to the data specified above, some events may contain additional information.
Agent Exit
Agent exit events will include the exit code of the process. If there was a stack trace associated with an abnormal exit, that stack trace will also be included.
Event Loop Blocked Data
The value of the event property in the notification object will be nsolid-process-blocked.
The notification object will include an additional property named stacktrace, whose value is a string version of the stack trace being executed when the event loop was blocked.
Vulnerability Event Data
The value of the event property in the notification object will be nsolid-vulnerability-detected.
The notification object will include an additional property named vulnerability, whose value is a list of vulnerabilities for this process. The new vulnerability whose discovery triggered this event will have a new property with the value true.
Email Notifications
In N|Solid Console, click Settings and choose Integrations from the left side menu. Enter one or more email addresses and name the new integration. Once you have saved this integration, you will be able to attach it to global events, vulnerabilities, and saved views as a notification.
