Skip to main content

Inbound Webhooks for Automated Alert Monitoring (BETA)

  • Updated

Overview

Intezer's inbound webhooks are designed to automatically pull in new security alerts for real-time monitoring and analysis. This feature is handy for investigating alerts triggered by SIEM systems. For other types of alerts:

Setting Up an Inbound Webhook address in Intezer

To set up an inbound webhook, contact Intezer Support at support@intezer.com. Our team will guide you through the necessary configurations and ensure that alerts are ingested successfully.

Sending Splunk Alerts to Intezer via Webhook

You can easily forward alerts, including but not limited to notable events, to Intezer for automated monitoring and analysis. This allows you to extend Splunk's capabilities with Intezer's real-time investigation features.

  1. Splunk Alert: Create a new alert in Splunk based on the conditions you're interested in, which could range from notable events to more routine alerts.
  2. Webhook Action: Choose "Webhook" as the alert action and paste your Intezer inbound webhook URL into the URL field.

Once this is set up, Splunk will start sending selected alerts to Intezer for real-time analysis.

View Investigation Results

Head to the "Ingested Alerts" page to see the automated analysis results. Here you'll find risk classification, verdict, and recommended actions for each alert. These results can be retrieved using various methods like the APIPython SDKwebhook, or SOAR integration (Splunk SOARXSOARChronicle SOARMicrosoft Sentinel, etc.). This makes it easy to integrate Intezer's automated investigation into your existing security workflow.

Other Ways to Send Alerts to Intezer

For additional questions or support, reach out to support@intezer.com.

Return to top