Versions Compared

Old Version 1

changes.mady.by.user Sales Rixter AB

Saved on

compared with

New Version Current

changes.mady.by.user Peter Atthem

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This tutorial describes how you can send a webhook from Crowdstike when a detection or incident has happen to iHub and iHub will create an Alert in OpsGenie and inform the one on call.

...

Info

Expand the instructions for Integrations Hub for Jira Data Center

Expand
titleiHub DataCenter instructions

  1. Goto integrations

  2. Add a new Action

  3. Enter the URL: https://api.opsgenie.com/v2/alerts

  4. Method: POST

  5. Expand headers and add Key: Authorization and Value: GenieKey {your_key}

  6. Click on Variables and add the one below:
    img

  7. In the body paste in

    Code Block
    languagejs
    {
    "message": "CrowdStrike Incident {{name}}",
    "alias": "CrowdStrike Incident",
    "description":"ID: {{id}} URL:{{url}}",
    "responders":[
        {"id":"tt-xx-yy-zz-bb", "type":"team"}
    ],
    "visibleTo":[
        {"id":"tt-xx-yy-zz-bb", "type":"team"}
    ],
    "tags": ["CrowdStrike"],
    "priority":"P1"
}

  8. Goto Incoming Webhooks menu

  9. Create a new Rule

  10. In the then clause point to the action above

Crowdstrike steps

  1. Goto All apps

  2. Click on Webhooks

  3. Add a new webhook

    Image Modified

  4. Enter the URL

...

  1. iHub cloud incoming webhook url

  2. iHub dc inbound url

  1. shown in the Incoming Webhooks page

  2. Add a HMAC key (wont be needed since it does not encrypt the message)

  3. Click save

  4. Goto Workflows

  5. Add a new workflow, select the trigger to be detection or incident

  6. On the then clause select Notifications → Webhook and select the webhook created above.

...

Image Removed