Webhooks (Slack & Teams)
Webhooks are user-defined HTTP requests that are triggered by an application and pushed into other applications.
Popular uses of Webhooks are the following:
Sending realtime notifications to Slack, Microsoft Teams or other messaging platforms
Integrating Keeper events into your custom software, hosted in the Cloud
Developing integrations into Keeper using 3rd party platforms such as IFTTT
The Keeper Admin Console (version 15.3.0+) supports the ability to push custom Webhook events.
When sending a Webhook, you can substitute fields with one of the below variables.
Name | Description |
#alert_name | Title of the event as appears in the Admin Console |
#description | Description of the Event. See reporting & alerts page for list of all possibilities. |
#timestamp | Time which the event occurred |
#remote_address | External IP address of the user generating the event |
#username | User who generated the alert or could be empty depending on the event |
#json | Raw JSON event data (useful for debugging and inspecting fields) |
Depending on the type of event, there are other variable substitutions available.
Name | Description |
#to_username | For sharing events, the destination user |
#from_username | For sharing events, the source user |
#record_uid | For Record events, the Record identifier |
#shared_folder_uid | For Shared Folder events, the folder identifier |
#folder_uid | For Folder-specific events, the folder identifier |
#team_uid | For Team events, the Team identifier |
#role_id | For Role events, the Role ID |
#node | For Node events, the Node ID |
#enforcement | For Role Policy changes, the enforcement name |
#seats | For MSP events, the number of seats |
#seats_added | For MSP events, the number of seats added |
#seats_removed | For MSP events, the number of seats removed |
You can also include hyperlinks for convenience into various areas of the Keeper platform. A few examples:
Vault Login (US Datacenter): https://keepersecurity.com/vault
Vault Login (EU Datacenter): https://keepersecurity.eu/vault
Vault Login (AU Datacenter): https://keepersecurity.com.au/vault
Admin Console Login (US Datacenter): https://keepersecurity.com/console
Admin Console Login (EU Datacenter): https://keepersecurity.eu/console
Admin Console Login (AU Datacenter): https://keepersecurity.com.au/console
Keeper supports Deep Linking into the Web Vault for a particular Record UID. Example:
https://keepersecurity.com/vault#detail/XXXXXX - replace XXXXXX with the Record UID as it appears in the Keeper record, or substitute #record_uid - replace .com with .eu or .com.au if you are hosted in a different data center.
Using the Webhook feature, you can send custom alerts and actions to your Slack channel following the steps below.
(1) Go to https://api.slack.com/apps and Create a new app
(2) Name the App, select your desired Workspace and click Create App.
(3) Click on Incoming Webhooks
(4) Activate the Webhook and click "Add New Webhook to Workspace.
(5) Select the Slack channel you would like the alerts to be sent. Then click "Copy" to grab the Webhook URL required to plug into the Admin Console interface in the following steps.
(6) In the "Basic Information" section on the left, you can populate the icon with the Keeper icon. Right-click and save the image Use the link below to download a 512x512 PNG icon for Keeper: https://keeper-email-images.s3.amazonaws.com/common/Keeper_512x512.png
(7) Login to the Keeper Admin Console and visit Reporting & Alerts > Alerts and create a new alert. After selecting the desired Event Types and Attributes, click on "Add Recipient". In the example below, I have selected all Policy Changes.
(8) Enter the Name and Email address to receive the event, and click Add Webhook.
(9) Paste the Webhook URL from Step 5 into the form.
(10) Copy-paste the below JSON content into the HTTP Body section.
{"text": "Keeper Security Event","blocks": [{"type": "section","fields": [{"type": "mrkdwn","text": "*Alert Name*\n#alert_name"}]},{"type": "section","fields": [{"type": "mrkdwn","text": "*Event Details*\n#description"}]},{"type": "section","fields": [{"type": "mrkdwn","text": "*IP Address*\n#remote_address"},{"type": "mrkdwn","text": "*Timestamp*\n#timestamp"}]},{"type": "actions","elements": [{"type": "button","text": {"type": "plain_text","text": "Vault Login","emoji": true},"value": "vault","url": "https://keepersecurity.com/vault","action_id": "actionId-1"},{"type": "button","text": {"type": "plain_text","text": "Console Login","emoji": true},"value": "console","url": "https://keepersecurity.com/console","action_id": "actionId-2"}]}]}
(10) Click on Add and the Save the alert.
That's it. Please note that it can take up to 15 minutes for events to start transmitting. You can modify the HTTP Body according to your preferences. Slack's Block Kit Builder allows you to customize the look and feel completely.
Creating new Webhook body content and editing content will take up to 15 minutes to take effect.
Another use case is to be notified when a record is added to a particular Shared Folder.
(1) Follow the Slack setup steps above to create a baseline Slack integration.
(2) In the Web Vault, grab the Shared Folder UID that you would like to report on
(3) On the Admin Console, create a new Alert for this event that is tracking "Add Record to Shared Folder"
(4) Under the Attributes section, paste the Shared Folder UID
(5) Under "Recipients", create a new Webhook recipient.
(6) Copy Paste the below JSON text body into the HTTP Body section. In the "text" field, you will want to edit it to match up with the alert that you are creating.
{"text": "Keeper - Added Record to Shared Folder","blocks": [{"type": "section","fields": [{"type": "mrkdwn","text": "*Alert Name*\n#alert_name"}]},{"type": "section","fields": [{"type": "mrkdwn","text": "*Event Details*\n#description"}]},{"type": "section","fields": [{"type": "mrkdwn","text": "*IP Address*\n#remote_address"},{"type": "mrkdwn","text": "*Timestamp*\n#timestamp"},{"type": "mrkdwn","text": "*Record UID*\n#record_uid"}]},{"type": "actions","elements": [{"type": "button","text": {"type": "plain_text","text": "Open Record","emoji": true},"value": "vault","url": "https://keepersecurity.com/vault#detail/#record_uid","action_id": "actionId-1"},{"type": "button","text": {"type": "plain_text","text": "Console Login","emoji": true},"value": "console","url": "https://keepersecurity.com/console","action_id": "actionId-2"}]}]}
To send rich formatted alerts to your Microsoft Teams platform, follow the instructions below:
(1) Create a new team channel, if you haven't already created one.
(2) Under Channels, create a channel and click on Connectors
(3) Add an "Incoming Webhook" Connector
(4) Copy the URL displayed
(5) Login to the Keeper Admin Console and visit Reporting & Alerts > Alerts and click on Add Alert. Select the desired Event Types and Attributes.
For example, below selects all Security, Sharing and Policy Change events:
(6) Select Recipients > Add Recipients
(7) Click on Add Webhook to expand the dialog and type in the Recipient Name.
(8) Paste the Webhook URL from Step 4 into the form.
(9) Copy-paste the below JSON content into the HTTP Body section.
{"@type": "MessageCard","@context": "http://schema.org/extensions","themeColor": "0076D7","summary": "Alert: #alert_name","sections": [{"activityTitle": "#description","activitySubtitle": "#alert_name","activityImage": "https://keeper-email-images.s3.amazonaws.com/common/Keeper_512x512.png","facts": [{"name": "User","value": "#username"}, {"name": "Timestamp","value": "#timestamp"}, {"name": "IP Address","value": "#remote_address"}],"markdown": true}]}
(10) Click on Add and the Save the alert.
That's it. Please note that it can take up to 15 minutes for events to start transmitting. You can modify the HTTP Body according to your preferences. See the Microsoft Connectors website to customize the look and feel completely.
Creating new Webhook body content and editing content will take up to 15 minutes to take effect.
For Mac / Linux users, a quick way to test your format is to use curl:
Put the Webhook content into a test file such as test.json
Run the Curl command with the following syntax, replacing URL with your Slack or Teams URL
# On Mac and Linux:curl -X POST -H 'Content-type: application/json' -d @test.json <WEBHOOK URL># On Windowscurl.exe -H "Content-Type:application/json" -d @test.json <WEBHOOK URL>
