How to Set Up Notifications Using Spyctl
Configure Notifications using Spyctl to receive alerts for significant Security or Operations events.
Last updated
Was this helpful?
Configure Notifications using Spyctl to receive alerts for significant Security or Operations events.
Last updated
Was this helpful?
Spyderbat's notification system has 3 main components:
Notification Targets: Named destinations to where notifications can be sent.
Notification Templates: Pre-built templates containing most of the information required to create a Notification Config. These templates simplify the configuration process.
Notifications: Allows to you configure notifications to the targets for the Notifiable Objects.
For the the full documentation of the Spyderbat Notifications System refer to .
Spyderbat allows you to configure notifications for a variety of resources and targets, enabling you to streamline your workflow and stay informed about important events. Here’s how you can set up notifications for different targets:
Before you can configure notifications, you need to decide where to send them. Spyderbat supports several Notification Targets, such as:
Slack Channel
Webhook
PagerDuty
Ensure that you have already configured the Notification Targets for these destinations before proceeding.
Each Notification Target can be mapped to an optional Custom Notification Template
, which defines the structure of the notification. Pre-configured templates help streamline the setup process.
If no template is specified, Spyderbat applies its default template.
To learn more about the spyctl notifications commands and their usage, run the following command:
This will display the following help message:
Notification command allows you to Configure, disable, enable, list Notifications. Let's learn them one by one below.
Use spyctl notifications <command> --help
for more information about a given command.
You can configure notifications for 3 resources within Spyderbat's Spyctl CLI, mainly Saved Queries, Custom flags, and Agent Health.
In this section we'll learn about Configuring Notifications for Saved Queries and Custom flags.
To begin, use the spyctl notifications configure command. Below are the available commands and options:
View Help for Notifications Command:
To view the available options for configuring notifications, use the following command:
This will display the following help message:
For a Saved Query:
To configure notifications for a saved query, use the following command:
This will show the usage and options for configuring notifications for a saved query:
To configure a saved query with a target, use the following command:
In this example:
Note: You can configure notifications for multiple targets separated by comma.
For a Custom Flag:
To configure notifications for a custom flag, use the following command:
This will display the usage and options for configuring notifications for a custom flag:
To configure a custom flag with a target, run:
This command configures notifications for a custom flag, sending them to the specified target (e.g., PagerDuty).
With these commands, you can easily configure notifications for saved queries and custom flags, specifying targets, templates, and additional options like cooldown periods
After configuring notifications, you can test whether they are properly set up using the below command. This can be done before enabling the notifications.
This command sends a test notification to the specified target using the provided template. You can have to provide a JSON record file for the template values:
Example: For a Custom Flag (Redflag) - Provide the Redflag record For a Custom Flag (Opsflag) - Provide the Opsflag record For a Saved QUery - Provide the object record for which query is saved.
-T, --target
Target name or UID to send a test notification to. (Required)
-P, --template
Template name or UID of the same type as the target. (Required)
-f, --record-file
File containing a JSON record used to build the notification. (Required)
You should be able to get a test notification in some-time after setting it up.
After configuring and testing the notifications, you can toggle their status with the following commands to receive actual real-time Notfications:
Enable notifications:
Example:
Disable notifications:
Example:
All of the commands to manage Notification Targets
using Spyctl can be found .
All of the commands to manage Notification Templates using Spyctl can be found .
To Configure Notifications for Agent Health