Firewalla MSP allows you to integrate Firewalla alerts into other apps and flows using IFTTT, Slack, and generic Webhooks. Want your whole team to see important notifications in Slack so they can avert disaster? Want to receive an automated email, text, or phone call when something bad is happening on your network? Want to use Google Sheets to analyze trends? Then Integrations are for you.
Note that this document is continuously being updated – things may change.
IFTTT Integrations
Using IFTTT, you can use a Webhook to trigger as many actions as you like. For example:
- Send an SMS
- Send an email
- Post a Slack message to a channel or to yourself
- Fire a Webhook
- Trigger an automated phone call
- Add a row to a Google Spreadsheet to record and analyze events
- Add an event to a calendar to see when (and how often) events occur
Here are the steps for creating an IFTTT Webhook.
1. Configure IFTTT
- Go to
https://ifttt.com/maker_webhooks
- Choose Create and for the IF this trigger.
- Choose Webhook as your service.
- Create an applet with Receive a web request as the trigger.
- Give it an event name, (e.g. FWNotify), then click Create Trigger.
- Click Add in Then that
- Then pick as many Services as you like as actions. For example, you can choose to send an SMS, send an email, post the alert to Slack, trigger a phone call, or add a row to a Google Sheets document.
Whatever actions you choose, use the following as you see fit:
-
Value1 = will be the Firewalla Alert Title
-
Value2 = will be the Firewalla Body or Message of the alert
-
Value3 = will be the URL to open the alert in MSPT
- For example, in an email, Value1 might be the subject, while Value2 and Value3 might be in the message body. How you choose to do it is really up to your specific use case.
-
- After you save your applet, go back to
https://ifttt.com/maker_webhooks
and choose Documentation. In the {{Event}} field put the event name you gave earlier.
-
Copy the URL that looks like this:
curl -X POST https://maker.ifttt.com/trigger/FWNotify/with/key/y16q7*gyq35Ho0a5oaVSVS
Ignore thecurl -X POST
part. Now go to the next step.
2. Configure the IFTTT MSP Integration
- Go to your MSP portal and find Alarms on the left side. Then Go to Alarm Settings to the top right and choose IFTTT.
- Paste in the IFTTT URL here.
- You can come back anytime to edit the IFTTT webhook
Any Firewalla notifications will then show up as follows. In this example, we show IFTTT notifications as the Action that fires when the webhook is called.
Advanced IFTTT Filtering
Now you have all of the Firewalla Alarms from all of your devices on all of your Firewalla boxes anywhere you want them! But this may be a little overwhelming. You can use IFTTT Filter Code to filter Alarms:
// First, "convert" the format of the Webhook from Firewalla to the Values IFTTT
// knows how to deal with. You should not need to change these no matter what
// filters you decide to add.
let title = MakerWebhooks.event.Value1;
let body = MakerWebhooks.event.Value2;
let URL= MakerWebhooks.event.Value3;
// The following gives you the time that IFTTT processes the request
// (optional)
let mytime = Meta.currentUserTime.format('l LT');
// If you are going to send the output of the alarms into a Google Sheet,
// this is useful for example. This will make a four column spreadsheet with datestamp, title, boady, and URL
GoogleSheets.appendToGoogleSpreadsheet.setFormattedRow(mytime + "|||" + title + "|||" + body + "|||" + URL);
//Now let's do some alert filtering!
//In this case, only Security Activity or SSH Password Guessing for a specific box will be sent
if ((title === "Security Activity" || title === "SSH Password Guessing")
&& body.indexOf("Michael Gold") >= 0) {
// run the actions
// note here we can define the content of the SMS message:
Sms.sendMeText.setMessage(title + ":"+ body + " " + "@" + mytime);
// here we use the URL above to create a new row for each Alarm with time,
// title, and body each in a different column.
Slack.postToChannel.setTitle(title);
Slack.postToChannel.setMessage(MakerWebhooks.event.Value2 + " " + mytime);
Slack.postToChannel.setImageUrl('https://avatars2.githubusercontent.com/u/21322342?s=200&v=4');
} else {
// skip anything that doesn't match the filter.
Slack.postToChannel.skip();
Sms.sendMeText.skip();
GoogleSheets.appendToGoogleSpreadsheet.skip();
IfNotifications.sendRichNotification.skip();
}
IFTTT filters have a condition to be met and then some logic depending on the outcome.
In this case, for every Alarm Firewalla sends to IFTTT "IF title = "Security Activity" or title = "SSH Password Guessing" AND the body contains "Michael Gold" then process each action as described. This means you can transform the output as much as you like at this step. Also, the way you format messages in SMS can be different than in Google Sheets.
Regardless, all Alarms will continue to be recorded in Firewalla, but won't be sent on to whatever Services you defined in IFTTT.
Important Note: If the conditions defined are not met, they must be explicitly skipped. If you do not specifically skip something, it will be sent even if it does not match the criteria defined. (This is the "else" part.)
This can be very powerful. For example, if the test is not met, you could skip the SMS but log it to Google Sheets anyway. Alternatively, you could define different filters for SMS vs Google Sheets.
All of this code goes in the WHEN section in IFTTT filter.
You can only have one IFTTT Webhook triggered by MSP, so the Filter area is your chance to configure different actions based on the kinds of alerts if you want to.
In the example provided, we log all alerts to a Google Sheet.
Slack
You can get Firewalla Alarms sent directly to Slack or use IFTTT to trigger any action you like.
As shown above, using IFTTT to trigger your Slack notifications has the added advantage of being able to filter them as you wish. But let's look at how to send notifications directly from Firewalla MSP to Slack without IFTTT:
- First, follow the Slack Guide for setting up an app. Sign into https://api.slack.com/ and go to Create an app and then From scratch.
- Choose a name and choose a Slack workspace associated with the notification.
- Choose, "Incoming Webhooks".
- Activate the Webhook.
- Scroll down to Add New Webhook to Workspace
- Choose the person or channel you want to notify.
- Copy the Webhook URL.
- Now Go to MSP > Alarms > Integrations > Slack choose Connect.
- Now paste the URL in the box and submit.
- You will get a confirmation.
Firewalla Alams will now appear in Slack.
Custom App
If you wrote your own app or are using something other than IFTTT or Slack, Firewalla can use any arbitrary Webhook you can provide to send the events.
- Simply go to MSP > Alarms > Alarm Settings > Integrations > choose Custom App.
- Then enter the Webhook for your app and Submit.
The schema for the custom Webhook is as follows:
{ "type": "alarm", "mspId": "xxxxxxxx-....", "alarm": { "timestamp": 1642874847, "type": "ALARM_INTEL", "boxID": "xxxxxxxx-....", "message": "xxx accessed yyy", "alarmID": 123, "destination": { "category": "intel", "domain": "xyz.com", "country": "US", "ip": "1.2.3.4", // or "ip": "2001:7335" "port": 443, "protocol": "tcp", "direction": "outbound" }, "device": { "mac": "AA:BB:CC:AA:BB:CC", "ip": "192.168.0.54", // or "ip": "2001:334" "vendor": "Apple, Inc.", "port": 65301, "name": "iPad" }, "network": { "id": "xxxxxxxx-....", "name": "Server Subnet", "subnet": "192.168.0.0/24" }, "group": { "id": "4", "name": "MyGroup" } } }
API
The MSP API allows you to interact with Firewalla MSP and boxes programmatically, meaning you can get important information, statistics, and trends directly from your Firewalla boxes. With the API, you can get details about all your boxes, devices, alarms, flows, target lists, and more.
Read more about how to use the MSP API in our article about Getting Started with the MSP API or in our API Documentation. For ideas on how you can use our API, see our list of MSP API Examples.
Comments
0 comments
Please sign in to leave a comment.