Sending alert data via http POST - http body is empty

PA_nts — Thu, 03 Apr 2025 10:25:12 GMT

Hi All,

so i am trying to send alerts via a playbook using either http or httpv2 script to send my alert data to a webhook url where the soc analysts will have a common workbench for all alerts (multi xsiam tenant options)

i can connect to the webhook but unable to get my http body to push data - tested against httpbin.org seems to work.. soon as i test it against my webhook my input shows the data correctly ie ${alert.name} as an example, but my output shows my 'body' as empty.

anyone ran into similar issues?

thanks in adv.

Re: Sending alert data via http POST - http body is empty

PA_nts — Fri, 30 May 2025 07:50:56 GMT

Stumbled upon this old post of mine.. fyi if you run into this.. i have done it this way,

in a playbook task i have a 'set' script to generate a 'payload' of data to be sent to the webhook with a key=payload

{
"customer_name": "${customername}",
"xsiam_instance": "${xsiaminstance}",
"alert_name": "${alert.name}",
"detected_at": "${detectedtime}",
"host": "${alert.hostname}",
"monitor_type": "XSIAM Incident",
"source": "XSIAM",
"source_url": "${parentIncidentFields.xdr_url}",
"unique_id": "${parentIncidentFields.incident_id}"
}

then in my next task it uses the HTTPv2 Script to POST to my webhook URL the following in the 'body' field

[
${payload}
]

works for me.

topic Sending alert data via http POST - http body is empty in Cortex XSIAM Discussions

Sending alert data via http POST - http body is empty

Re: Sending alert data via http POST - http body is empty