Skip to content

RasterSec/fleetdm-ntfy-webhook

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
example.png
example.png
 
 
go.mod
go.mod
 
 
main.go
main.go
 
 

Repository files navigation

FleetDM ntfy Webhook

A lightweight Go service that receives FleetDM webhook payloads and forwards them as formatted notifications to ntfy.

Example Alert

Features

  • Dynamically parses any FleetDM query/detection type
  • Priority-based alerting (c2/execution/exfil = urgent, persistence/credential = high)
  • Groups events by action (added/removed)
  • Prioritizes important fields (path, cmdline, user, network info)
  • Filters out noisy/empty fields

Configuration

Environment Variable Default Description
LISTEN_ADDR :8080 Server listen address
NTFY_URL https://ntfy.sh ntfy server URL
NTFY_TOPIC fleet-alerts ntfy topic name

Usage

Docker

docker run -d \
  -e NTFY_URL=https://ntfy.example.com \
  -e NTFY_TOPIC=fleet-alerts \
  -p 8080:8080 \
  ghcr.io/rastersec/fleetdm-ntfy-webhook:latest

Docker Compose

fleet-ntfy-webhook:
  image: ghcr.io/rastersec/fleetdm-ntfy-webhook:latest
  restart: unless-stopped
  environment:
    - NTFY_URL=https://ntfy.example.com
    - NTFY_TOPIC=fleet-alerts
    - LISTEN_ADDR=:8080
  ports:
    - "8080:8080"

Binary

NTFY_URL=https://ntfy.example.com NTFY_TOPIC=fleet ./fleet-ntfy-webhook

FleetDM Configuration

In FleetDM, configure a webhook destination pointing to:

http://your-server:8080/webhook

Building

go build -o fleet-ntfy-webhook .

Or with Docker:

docker build -t fleet-ntfy-webhook .

About

Webhook for forwarding FleetDM query alerts to ntfy

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages