Intezer's inbound webhooks are designed to automatically pull in new security alerts for real-time monitoring and analysis. This feature is handy for investigating alerts triggered by SIEM systems. For other types of alerts:
- Direct connections are available for endpoint security tools like Microsoft Defender for Endpoint, SentinelOne, and CrowdStrike.
- A dedicated phishing mailbox can handle phishing threats specifically.
Setting Up an Inbound Webhook address in Intezer
To set up an inbound webhook, contact Intezer Support at firstname.lastname@example.org. Our team will guide you through the necessary configurations and ensure that alerts are ingested successfully.
Sending Splunk Alerts to Intezer via Webhook
You can easily forward alerts, including but not limited to notable events, to Intezer for automated monitoring and analysis. This allows you to extend Splunk's capabilities with Intezer's real-time investigation features.
- Splunk Alert: Create a new alert in Splunk based on the conditions you're interested in, which could range from notable events to more routine alerts.
- Webhook Action: Choose "Webhook" as the alert action and paste your Intezer inbound webhook URL into the URL field.
Once this is set up, Splunk will start sending selected alerts to Intezer for real-time analysis.
View Investigation Results
Head to the "Ingested Alerts" page to see the automated analysis results. Here you'll find risk classification, verdict, and recommended actions for each alert. These results can be retrieved using various methods like the API, Python SDK, webhook, or SOAR integration (Splunk SOAR, XSOAR, Chronicle SOAR, Microsoft Sentinel, etc.). This makes it easy to integrate Intezer's automated investigation into your existing security workflow.
Other Ways to Send Alerts to Intezer
- Direct Connections: For endpoint alerts, use direct integrations with products (Microsoft Defender for Endpoint, SentinelOne, CrowdStrike).
- Dedicated phishing mailbox: Specifically for phishing threats.
- API or Python SDK
- SOAR Integrations (Splunk SOAR, XSOAR, Chronicle SOAR, Microsoft Sentinel, etc.)
For additional questions or support, reach out to email@example.com.