Webhooks

At MIST, we offer a multitude of webhooks designed for a wide variety of use cases, ranging from network diagnostics, location analytics, network security, and network health. In this video, I'll give a brief description of every type of webhook and some of their potential uses. Since this may be your first time exploring webhooks, I'll also give a quick summary for what webhooks are and how they're used.

So imagine you want to monitor when your access points go offline. You could do this by constantly pulling MIST API and waiting for a response that shows an offline AP. The problem is, this is a resource-intensive process on both the server and client end, and it's a huge waste of bandwidth.

Webhooks solve this problem by automatically sending a post to your endpoint when a particular event occurs. In our example, this would be when the AP goes offline. MIST webhooks send data for network security, APs, location, organization audits, clients, and network health.

Each webhook has a unique set of data, so let's quickly examine each one. First, let's start with alarms. These are security, MARVIS, or infrastructure events that a network administrator chooses to alert on so they can take action to resolve the issue as soon as they receive the alarm.

Security alerts include network security threats such as rogue APs, vSSID spoofing, and honeypot SSID detections. MARVIS alerts are based on issues the MARVIS AI engine has recognized, which include failures such as missing VLANs or DHCP failures. Infrastructure alerts include information on down APs and AP restarts.

These alarms can be checked through the API, sent to an email, or sent through a webhook. For deployments that require a high degree of security and continuous functionality, recognizing and resolving network security threats or infrastructure alerts is of utmost importance. If your deployment has these needs, streaming alarm data through webhooks is the way to go.

Now, if the webhook setup isn't feasible, you can easily send alarms to one or more emails of your choosing. We wanted to give our customers the option to analyze location data themselves in a way that can be tailored to a more specific use case. For example, if one is interested in building custom heatmaps and visualizations, then the location webhook would be a good place to start.

Location webhooks can also be used to take real-time action in response to a client's location. We've seen this used to monitor client entries into restricted areas, so a security response can be initiated as soon as the webhook is received. The audits webhook is a great way to maintain tight control over your organization.

MIST provides audit logs to record when configuration changes occur on your org, who made those changes, and what the change was. The advantage to using webhooks here is the ability to receive real-time information. The audits webhook will send a notification to your endpoint immediately after any configuration changes are made.

It can also act as another security measure to ensure only authorized changes are made to your org. If unwanted changes are made, you'll know immediately. The device events webhook sends real-time updates upon receiving changes in AP configuration, changes in RRM, AP restarts, AP inventory updates, firmware upgrades, and AP disconnects.

This is a webhook for those who are interested in closely monitoring their APs. You may consider using the device events webhook if you want as much AP-specific information as possible to quickly diagnose and resolve network issues. The client sessions webhook reports every time a client disconnects from an AP, while the client join webhook reports every time a client authenticates.

The client sessions webhook payload includes network information about each client including connected time, channel, band, SSID, and WLAN. The client join webhook provides similar information but also supplies an RSSI value. These two webhooks can be used for understanding where clients are moving throughout a deployment, but can also be used to generate real-time network analytics from the client perspective.

Lastly, the device up-down webhook is a very simple but useful webhook. First, you'll need to set a threshold time, then the webhook will send an alert every time an AP disconnects that's longer than the set threshold. This webhook also sends a payload when your APs return online, as well as when they restart.

For larger deployments, this is especially useful to use. As deployments scale, having an automatic notification for disconnects is essential. So in summary, Mist offers webhooks to immediately send notifications for many different event types.

Webhooks can be a great tool for monitoring your network, but they can also be leveraged to build analytics. Keep in mind that there are many uses for webhooks not mentioned here, so I highly recommend exploring webhook documentation to better understand all possibilities. In the next video, we'll talk about setting up webhooks using both the API and the Mist dashboard.