Event Callback
The EventCallback function allows notifications about various events. At the moment, only the new agent registration event is implemented.
new_agent_message - register new agent events:
%type%- Agent type%id%- Agent ID%user%- Username%computer%- Computer%domain%- Domain name%pid%- Process ID%internalip%- Internal IPv4 address%externalip%- External IPv4 address%elevated%-true, if the agent has high context
new_cred_message - new credentials added:
%username%- Username%password%- Password%domain%- Realm%type%- Type of secret%storage%- Secrets vault%host%- Computer
new_download_message - the file was downloaded and saved on the server:
%user%- Username%computer%- Computer%path%- Full filename%size%- Filesize
Telegram
To send events to Telegram, in the EventCallback.Telegram configuration, you need to specify the bot token, as well as the chat ID to which the bot will send the message.
Create BOT
Go to the official @BotFather bot in Telegram and create your own bot. The API token will be shown for the created bot.
Go to the created bot, activate the chat and send it any test message.
Make a request to the Telegram API, specifying your token. The response will contain your test message and chat ID (which you will need to specify in the config)
If you want the bot to write to a group: add the bot to the group, assign the administrator role and write a test message to the group. Getting the chat ID is the same as for the user account.
WebHooks
To send events to any web server, such as ntfy.sh, Slack, or Teams, you must specify the URL, HTTP method, request headers, and format of the data being sent in the EventCallback.Webhooks configuration.
Slack
You can use Slack WebHook to send notifications to Slack.
Last updated