This tutorial describes how you can send a webhook from Crowdstike when a detection or incident has happen to iHub and iHub will create an Alert in OpsGenie and inform the one on call. Expand
title | iHub Cloud Instructions |
---|
Creata an Integration
Select Incoming webbook as trigger
Add a Action: Webhook action
Enter the URL: https://api.opsgenie.com/v2/alerts
Method: POST
Expand headers and add Key: Authorization and Value: GenieKey {your_key}
Click on Variables and add the one below:
In the body paste in
Code Block language js { "message": "CrowdStrike Incident {{name}}", "alias": "CrowdStrike Incident", "description":"ID: {{id}} URL:{{url}}", "responders":[ {"id":"tt-xx-yy-zz-bb", "type":"team"} ], "visibleTo":[ {"id":"tt-xx-yy-zz-bb", "type":"team"} ], "tags": ["CrowdStrike"], "priority":"P1" }
...
Info |
---|
Expand the instructions for Integrations Hub for Jira Data Center |
Expand | |||||
---|---|---|---|---|---|
| |||||
|
Crowdstrike steps
Goto All apps
Click on Webhooks
Add a new webhook
Enter the URL
...
iHub cloud incoming webhook url
...
shown in the Incoming Webhooks page
Add a HMAC key (wont be needed since it does not encrypt the message)
Click save
Goto Workflows
Add a new workflow, select the trigger to be detection or incident
On the then clause select Notifications → Webhook and select the webhook created above.
...