Understanding Webhooks

Webhooks are a mechanism for enabling real-time communication between applications. RUCKUS One allows you to configure Webhook URL addresses to receive real-time notifications when incidents or events are created or updated in the application, much like email notifications.

Feature Overview

When an application detects a predefined event, it sends an HTTP POST request to a specified endpoint in another application. This action allows the receiving application to get immediate notifications and data payloads related to the event, eliminating the need for continuous polling. Additionally, it offers configurable webhook functionality to enhance security monitoring and incident response capabilities.

The feature also seamlessly integrates activity logs with various security systems. Link the activity logs from your systems to a Security Information and Event Management (SIEM) system to enhance your ability to monitor security and respond to incidents. This action provides a comprehensive view of all security-related activities, allowing you to quickly identify and address any potential threats. You can use tools such as ServiceNow, Zapier, DataDog, Microsoft Teams, PagerDuty, ServiceNow, Slack, and Splunk to manage and analyze these logs.

Webhooks are particularly useful for integrating disparate systems, automating workflows, and ensuring data consistency across platforms.

Sample Webhook Message with Incident Details


{
  "id": string,                         // Event ID
  "type": "incident",                   // Type of webhook event, will be "incident"
  "secret": string,                     // Webhook secret
  "payload": {                          // incident payload
    "status": string,                   // Incident status, e.g. "new" | "ongoing" | "finished"
    "id": string,                       // Unique incident ID
    "severity": string,                 // Incident severity, e.g. "P1" | "P2" | "P3" | "P4"
    "link": string,                     // Link to incident
    "title": string,                    // Title of incident
    "category": string,                 // Category of Incident
    "subCategory": string,              // Sub-Category of incident
    "startTime": string,                // Incident start time in ISO 8601 format, e.g."2020-11-01T08:00:00.000Z"
    "endTime": string,                  // Incident end time/last updated time in ISO
    "duration": string,                 // Incident duration, e.g. "4d 10h"
    "impactedAreaType": string,         // Impacted area type, e.g. "Access Point", "Venue"
    "impactedAreaName": string,         // Impacted area name, e.g. "AP Name"
    "impactedAreaHierarchy": string,    // Impacted area hierarchy, 
                                        // e.g. "Venue_name (Venue) > AP_Group_name (inherit from Venue) (AP Group) > AP_name (AP Mac) (Access Point)"
    "clientCount": number,              // Total number of client under current hierarchy
    "impactedClientCount": number,      // Total impacted client under current hierarchy
    "impactedClientPercentage": string, // Percentage of impacted client over total number of client under current hierarchy. e.g. "21.43%"
    "rootCauses": string,               // Root Causes of current incident
    "recommendations": string           // Recommendations to resolve current incident
  }
}

Requirements

This feature has no special hardware or software requirements for feature enablement or usage.

Considerations

This feature has no special considerations or limitations pertaining to feature enablement or usage.

Limitations

Each Tenant account can have only 20 webhook configurations.

Best Practices

This feature has no special recommendations for feature enablement or usage.

Prerequisites

This feature has no prerequisites to feature enablement or usage.