You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/blog/integrating-hpe-greenlake-webhooks-with-splunk.md
+2-3Lines changed: 2 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -46,7 +46,7 @@ The [HTTP Event Collector (HEC)](https://dev.splunk.com/enterprise/docs/devtools
46
46
47
47
HPE GreenLake implements robust security measures to ensure webhook authenticity:
48
48
49
-
* Challenge Request Validation: After registering a webhook, a verification challenge is sent to the destination (the webhook URL). The event type is hpe.greenlake.events.v1beta1.webhooks.verification. The challenge request includes a unique, random string generated by the server that is sent in the body as a payload.
49
+
* Challenge Request Validation: After registering a webhook, a verification challenge is sent to the destination (the webhook URL). The event type is `hpe.greenlake.events.v1beta1.webhooks.verification`. The challenge request includes a unique, random string generated by the server that is sent in the body as a payload.
50
50
* HMAC SHA-256 Signature Verification: HPE GreenLake webhooks use a verification challenge process to ensure that webhook connections are legitimate and secure. HPE GreenLake secures webhook notifications through HMAC (Hash-based Message Authentication Code) with SHA-256, a cryptographic hashing algorithm.
51
51
* Shared Secret Management: The platform supports dual secret rotation for zero-downtime security updates.
52
52
@@ -68,7 +68,7 @@ Challenge Request Example:
68
68
69
69
## Challenges and solutions
70
70
71
-
The primary challenge in integrating HPE GreenLake webhooks with Splunk HEC lies in the webhook verification process. The destination must read the value from the challengeRequest field and create an HMAC SHA-256 hash, using the webhook secret as salt and the challengeRequest value as a string to hash. When successful, the destination responds with a JSON object with the format {"verification": "CREATED_HASH"} and a HTTP 200 OK status.
71
+
The primary challenge in integrating HPE GreenLake webhooks with Splunk HEC lies in the webhook verification process. The destination must read the value from the challengeRequest field and create an HMAC SHA-256 hash, using the webhook secret as salt and the challengeRequest value as a string to hash. When successful, the destination responds with a JSON object with the format `{"verification": "CREATED_HASH"}` and a HTTP 200 OK status.
72
72
73
73
### A challenge
74
74
@@ -331,7 +331,6 @@ The complete integration flow works as follows:
331
331
> Note: See [this blog](https://developer.hpe.com/blog/getting-started-with-the-hpe-greenlake-cloud-eventing-framework/) to learn how to register a new webhook handler in HPE GreenLake
332
332
333
333
2. Webhook handler verification process
334
-
335
334
3. Event processing flow
336
335
337
336
* HPE GreenLake sends event data to the custom handler endpoint.
0 commit comments