Skip to content

UpGuard

The following tutorial demonstrates how to send your logs to Coralogix using UpGuard. Follow this five-step guide for each notification that you would like to send us.

UpGuard uses webhooks to send notifications when an event happens in your UpGuard account. This could be when an identity breach or data leak is detected, the score of a watched vendor drops below a certain threshold, or when a user requests access to your shared profile.

Configuration

STEP 1. Create Integration.

  • Login to your Upguard account.

  • Select Settings in your left-hand sidebar.

Settings UpGuard Coralogix

  • Click on the Integrations tab.

Integrations UpGuard Coralogix

  • Click + New Integration.

New Integration UpGuard Coralogix

  • Select Webhook.

Webhook UpGuard Coralogix

STEP 2. Select Triggers

  • Select from a wide-range of pre-defined triggers to use as part of this integration. Examples include:

    • 'When my company's score drops below 600'

    • 'When a domain or IP's score drops below 600'

    • 'When a new identity breach is detected'

    • 'When a new identity breach for a VIP email is detected'

  • Enable a trigger by clicking on the associated pill, which slides to the right.

Triggers UpGuard Triggers

  • Click Confirm and next.

STEP 3. Name and Destination

  • Provide the webhook URL corresponding to the Coralogix cluster URL associated with the domain and region where your data is stored.
Coralogix
Cluster URL
API
Endpoint
.comhttps://api.coralogix.com
.ushttps://api.coralogix.us
.inhttps://api.app.coralogix.in
.app.eu2.coralogix.comhttps://api.eu2.coralogix.com
.app.coralogixsg.comhttps://api.coralogixsg.com

For example, if your Coralogix data is hosted in India, your webhook URL should appear as https://api.app.coralogix.in/api/v1/logs.

  • Configure the HTTP Header values by inputting Content-Type: application/json. As webhook by default uses POST method to send requests, there is no need to define the method.

Name and destination UpGuard Coralogix

Example:

  • Click Confirm and next.

STEP 4. Define Payload Structure

  • For each trigger, UpGuard provides a default payload template as in the example below.

Example payload data UpGuard Coralogix

  • Modify the payload template to comply with the Coralogix structure.

POST Body

Schema
Endpoint Details
Webhook URLhttps://api./api/v1/logs
Content-Typeapplication/json
RequiredProperty NameProperty TypeNote
YesprivateKeyUUID
YesapplicationNamestringusually used to separate environments
YessubsystemNamestringusually used to separate components
computerNamestring
YeslogEntriesarray of logs

Log

RequiredProperty NameProperty TypeNotes
YestimestampnumberUTC milliseconds since 1970 (supports sub millisecond via a floating point)
Yesseveritynumber1 – Debug, 2 – Verbose, 3 – Info, 4 – Warn, 5 – Error, 6 – Critical
Yestextstring
{
   "privateKey": "<Coralogix send your data api-key>",
   "applicationName": "<application name>",
   "subsystemName": "<subsytem name>",
   "computerName": "<computer name>",
   "logEntries": [
     {
       "severity": <default severity of event 1-6>,
       "text": {
           "notification": {
           }
        }
     }
   ]
}
  • The following is an example of a Coralogix-compatible payload template.
{ 
"privateKey": "xxxxxxx-xxxxxx-xxxxxx-xxxxxxx",
   "applicationName": "upguard",
   "subsystemName": "upguard",
   "computerName": "upguard01",
   "logEntries": [
     {
       "severity": 4,
       "text": {
   "notification": {
     "id": {{ notification.id }},
     "type": "{{ notification.type }}",
     "description": "{{ notification.description }}",
     "occurredAt": "{{ notification.occurredAt }}",
     "context":     {
       "PrevScore": {{ notification.context.PrevScore }},
       "PrevScoreOn": "{{ notification.context.PrevScoreOn }}",
       "Threshold": {{ notification.context.Threshold }},
       "LatestScore": {{ notification.context.LatestScore }},
       "LatestScoreOn": "{{ notification.context.LatestScoreOn }}"
     }
   }
 }
     }
   ]
 }
  • Validate that your webhook is working properly by clicking Send test message. The value '200 OK' should appear as the Response.

Payload template response UpGuard Coralogix

Example:

  • Validate that Coralogix has received the test notification by searching the logs in your Coralogix dashboard.

  • Click Confirm and next.

STEP 5. Enable the Integration

  • Click the toggle to enable the integration and click Finish.

Enable integration UpGuard Coralogix

Additional Resources

UpGuardWebhook documentation for advanced modification of Webhook Payload

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].