Capsule8 Console Docs
Capsule8 Console Docs
Help
No results found.
Signing in
Viewing alerts
Investigating an alert
Managing users
via Docker image
via Debian/Ubuntu package
via CentOS/RHEL/Amazon Linux 2 package
via AWS S3/SQS
via webhook
via AWS S3/Athena
via HDFS/Presto
Changing the default password
Alert lifecycle management
Configuring single sign-on
Configuring policy
Controlling the Capsule8 Sensor
Troubleshooting
4.2.0
4.1.0
Powered by Stoplight

Getting alerts via webhook

1. PostgreSQL

The Console requires a PostgreSQL >= 9.6 server. Create a database, username, and password and grant all access to this new user.

System Requirements

  • At least 2 vCPUs
  • At least 16 GiB RAM
  • At least 500 GiB disk

Hosting

It is strongly recommended you use an existing PostgreSQL system maintained by an operations team in your company. Otherwise you can hook into cloud services like RDS.

Backups

It is strongly recommended that you have a backup/restore system in place for Console PostgreSQL data.

2. Console

Follow the Capsule8 PackageCloud or Docker registry setup documentation to install the Console in the environment of your choosing.

You will need to configure /etc/capsule8/capsule8-console.yaml with the following (fill in the correct values for your setup):

console:
  frontend: https://<dns-or-ip-you-will-use-in-the-browser>
  standalone: false
  address: 0.0.0.0:443
  auth_session_key: <a-random-64-digit-string>
  database: postgres://<db-user>:<db-password>@<dp-ip-address>:5432/<db-name>

If the frontend value is set incorrectly, you will be able to view the Console but alerts will not show up without a page refresh. You will also see a banner that mentions connectivity issues. Make sure that the frontend value is set to the same base URL you visit in the browser.

The auth session key is not required if you are not running multiple instances of the Console.

Create a token

You need to create an auth token for Sensors to be able to POST alerts to the Console.

Start the Console and log in. Go to the Hosts page and click the “Add Host” button in the top-right corner. Follow the instructions there to continue.

via the command line

Alternatively, you can generate a token from the command line where the Console is set up and running.

$ capsule8-console generate-token --host
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhbGVydHM6cG9zdCI6dHJ1ZSwiZXhwIjoxODk1NTk4NDM1LCJpYXQiOjE1ODAyMzg0MzUsImlkIjowLCJyZXN0cmljdGVkIjp0cnVlfQ.EjytxRbtUICS3ZbyIRssDULC21-xeAZCv0cWS69aXuc

System Requirements

  • At least 2 vCPUs
  • At least 8 GiB RAM
  • At least 5 GiB disk (none if configured solely via environment variables)

Supported Platforms

We actively test on the following Linux distributions:

  • Debian 9, 10
  • Ubuntu 16.04, 18.04, 19.04
  • Fedora 30, 31
  • CentOS/RHEL 7, 8

We also actively test Docker image for systems like docker-compose, EKS, ECS, GKE, etc.

Availability

You may choose to run multiple instances of the Console behind a loadbalancer such as HAProxy or an AWS ELB. There are no Console changes needed to support this.

3. Sensors

To configure a Capsule8 Sensor with a Capsule8 Console instance, you must add the following to /etc/capsule8/capsule8-analytics.yaml where the Sensor is running:

process_lineage_enabled: true
alert_output:
  outputs:
  - type: webhook
    enabled: true
    url: https://<dns-or-ip-of-the-console>/alerts
    template: '{"uuid": "{{.UUID}}", "data": {{AlertJSON .}}}'
    Headers:
      'Authorization': 'BEARER <auth-token-created-before>'
    timeout: 5
    method: POST
# This periodic heartbeat allows the Console to know current/historic connectivity.
Heartbeat:
  policy: heartbeat
  period: 5m
  priority: Info
  enabled: true

Restart the Sensors for this change to take effect.

Minimum Version

Console 4.0 requires a Sensor >= 2.9.0.

Alert Backups

It is strongly recommended that you send alerts to a durable store in addition to the Console webhook. For example, you could send alerts to a log stack such as ELK, or you could write alerts to a network-backed disk. In any case, the goal is to have a secondary system in place to play back to the Console in the event that 1) the Console cannot accept webhooks (i.e. the service is down) or 2) Console data has been corrupted.