Webhooks
Webhooks allow Identity Security Insights to send information and data directly to your third-party applications, eliminating manual intervention and delays.
Once configured, webhooks provide a real-time method of notifying external systems about a security incident, assigning tasks for mitigating the risk and resolution; and improving your organization's overall security posture. Webhook message content can be customized using a suite of built-in variables.
Identity Security Insights can integrate with any third-party application capable of receiving generic incoming webhooks. Detection and recommendation information can be sent from your Insights dashboard to various applications including:
Create a webhook
Note
Instructions for creating and configuring webhooks for specific applications are available. These general steps can be used if product-specific instructions have not been prepared
- In Identity Security Insights, select your tenant.
- In Insights, click
> Insights > Integrations.
The Integrations page displays the available integrations. - Click Webhooks or your product.
The Summary page displays. - Click Create Integration.
The Configure Integration page displays. - Provide the following information:
- Webhook Name: Enter your desired name for this webhook.
- Webhook URL: The URL where Insights will send information. This may represent the location of a Teams or Slack channel or other application URL.
- Authorization Type: If your webhook requires Basic or Bearer authorization, select it from the dropdown.
- Bearer: Provide a long-lived access token in the Token field.
- Basic: Provide a Username and Password to use for authentication.
- Add Additional Header: Click this option to add up to ten Key-Value headers in the webhook request.
- Webhook Template: A JSON object, which represents the information sent from Insights. Static test data can be used for testing.
Note
The formatting of each JSON object is unique to each application. Consult the documentation for your application for more information.
Webhook variables
| Variable | Description |
|---|---|
| %%incidentId%% | The internal ID of the detection or recommendation. |
| %%tenantId%% | The ID of the tenant that the detection or recommendation was detected in. |
| %%incidentType%% | Whether the incident was a detection or recommendation. |
| %%severity%% | The severity of the detection or recommendation, from 1 - 4. The higher the number, the more severe the issue. |
| %%definitionId%% | The name of the detection or recommendation. |
| %%definitionSummary%% | A high-level summary of the detection or recommendation. |
| %%source%% | A comma separated list of all the sources of the impacted entities. |
| %%location%% | A comma separated list of all the locations of the impacted entities. |
| %%entityType%% | A comma separated list of all the entity types of the impacted entities (i.e., Identity or Account). |
| %%entityName%% | A comma separated list of all the entity names of the impacted entities. |
| %%timestamp%% | The date and time the incident occurred. |
| %%link%% | A deep link to the details page of the specific detection or recommendation. |
Save and test the webhook
Click Create Integration at the bottom of the page to save the integration.
To test the webhook, edit the configured webhook and click click Test Settings. You should see the message Configuration successfully created. If the request to the webhook is not successful, There was an error while attempting to send a request to the configure Webhook destination displays. Review all entries to ensure they are correct.
Trigger webhook
Once a webhook is configured, it can be manually triggered from any detection or recommendation from the Take Action menu.
The Take Action menu is available from the details pages for both Detections and Recommendations and also from the Quick View panel accessible from the Detection and Recommendations lists
Triggering a webhook sends a message containing the specified detection or recommendation context to the configured application.
Edit or delete a webhook
Webhooks can be edited or removed by clicking the vertical ellipses beside a configured webhook.
Clicking Edit directs you to the configuration details page for your webhook. From here you can edit the Webhook Name, Webhook URL, and update the Webhook Template.
Clicking Delete removes this integration entirely.
Updated about 1 month ago