Notification Channel: Webhook

Sysdig Monitor supports sending notifications to a custom webhook. Go to "Settings > Notifications" and add a channel of type "Webhook" and provide the URL endpoint of your choice.


Once you have created the channel, you can add this Webhook channel to any alert by editing the configuration for that alert. Then, when your alert fires, the notification will be sent as a POST in JSON format to your webhook endpoint. 

For testing purposes, you can use a third-party site like to create a temporary endpoint to see exactly what our alert will send in any specific notification.


Description of POST data:

"timestamp": Unix timestamp of when notification fired
"timespan": alert duration in seconds
"alert": info on the alert that generated the event triggering the notification
    "severity": 0 - 7 int value
    "editUrl": URL to edit the alert
    "scope": scope as defined in the alert
    "name": alert name
    "description": alert description
    "id": alert id
"event": info on the event that triggered the notification
    "id": event id
    "url": URL to view the event
"state": ACTIVE (alert condition is met) or OK (alert condition no longer met)
"resolved": false (alert has not been manually resolved) or true (it has)
"entities": array of nodes within the alert scope that triggered the notification
    "entity": metadata to identify the node
    "metricValues": array of metrics that triggered the notification
          "metric": metric name
          "aggregation": time aggregation method used to calculate the metric
          "groupAggregation": group aggregation method used to calculate the metric
          "value": metric value
    "additionalInfo": array of additional metadata about the entity
          "metric": metadata key
          "value": metadata value
"condition": alert condition



Example of POST data:

"timestamp": 1471457820000000,
"timespan": 60000000,
"alert": {
"severity": 4,
"editUrl": "",
"scope": "host.mac = \"00:0c:29:04:07:c1\"",
"name": "alertName",
"description": "alertDescription",
"id": 1
"event": {
"id": 1,
"url": ""
"state": "ACTIVE",
"resolved": false,
"entities": [{
"entity": "host.mac = '00:0c:29:04:07:c1'",
"metricValues": [{
"metric": "cpu.used.percent",
"aggregation": "timeAvg",
"groupAggregation": "none",
"value": 100.0
"additionalInfo": [{
"metric": "host.hostName",
"value": "sergio-virtual-machine"
"condition": "timeAvg(cpu.used.percent) > 10"


Configure Webhook Custom Headers

Sysdig Monitor API users can now configure custom headers and data for HTTP webhook requests, for instances where additional information is desired, or for security reasons.

Note: This feature is currently not available in the UI, and can only be accessed via APIs.

To configure a custom webhook:

  1. Use the curl command to retrieve all configured notification channels:

    curl -X GET -H 'authorization: Bearer API-KEY’'
  2. Add the custom headers and execute the request:

    curl -X PUT -H 'Authorization: Bearer API-KEY' -H 'Content-Type: application/json' -d '{
      "notificationChannel": {
        "id": 1,
        "version": 1,
        "type": "WEBHOOK",
        "enabled": true,
        "name": "Test-Sysdig",
        "options": {
          "notifyOnOk": true,
          "url": "",
          "notifyOnResolve": true,
          "customData": {
            "String-key": "String-value",
            "Double-key": 2.3,
            "Int-key": 23,
            "Null-key": null,
            "Boolean-key": true
          "additionalHeaders": {
            "Header-1": "Header-Value-1",
            "Header-2": "Header-Value-2"

The example above adds two custom headers, and defines additional custom data, as well as the format for that data.

Have more questions? Submit a request