Webhook integration is available for enterprise plans only.
You can create a custom webhook that receives Intezer Protect events and forward those events to another application such as SIEM, ticket management, or custom app.
The following Intezer Protect events can be exported via webhook:
- Alerts
Overview
After configuring the webhook, when Intezer Protect generates an alert, it automatically sends that alert to the URL endpoint you configure in the webhook. Intezer Protect sends an HTTP POST request with the payload in json format as shown in the following example:
{
"alert_id": "a4cb1a5d-2b4e-4b58-b292-2f6ae612a550",
"alert_type": "malicious_code",
"severity": "high",
"alert_details": {
"family": "XMrig"
},
"assets": [
{
"asset_id": "236d33ed-e274-43dc-9572-2dc89948b6c5",
"hostname": "aks-workers-123456-vmss000000"
}
],
"created_at": "2021-02-17T14:50:33.819137"
"alert_url": "https://protect.intezer.com/da724875-b0da-4912-872d-e9ec51d122c0/alerts/a4cb1a5d-2b4e-4b58-b292-2f6ae612a550"
}
The following table describes Intezer Protect payload elements:
| Field Name | Description | Type | Possible Values |
| alert_id | A unique identifier for the alert | string (uuid) | |
| alert_type | The type of the alert | string |
malicious_code fileless_malware suspicious_command |
| severity | The severity of the alert | string |
low medium high severe |
| alert_details.family | The associated malware family in case of a malware attack. Available only in malicious_code and fileless_malware alerts | string | |
| alert_details.command | The suspicious command triggered opening the alert. Available only in suspicious_command alert | string | |
| assets_details | A list of assets relevant to the alert opened | array | |
| asset_details.asset_id | A unique identifier of the asset | string (uuid) | |
| asset_details.hostname | The hostname of the asset | string | |
| created_at | An iso8601 format string of the time when the alert was created (in UTC) | string | |
| alert_url | A url that opens the alert in Intezer Protect | string |
Set up the Integration
Please contact us at support@intezer.com in order to set up a webhook integration and for further assistance.