This tutorial describes how you can send a webhook from Crowdstike when a detection or incident has happen to iHub and iHub will create an Alert in OpsGenie and inform the one on call.
...
Expand | ||
---|---|---|
|
Code Block | ||
---|---|---|
| ||
{
"message": "CrowdStrike Incident {{name}}",
"alias": "CrowdStrike Incident",
"description":"ID: {{id}} URL:{{url}}",
"responders":[
{"id":"tt-xx-yy-zz-bb", "type":"team"}
],
"visibleTo":[
{"id":"tt-xx-yy-zz-bb", "type":"team"}
],
"tags": ["CrowdStrike"],
"priority":"P1"
} |
Expand the instructions for Integrations Hub for Jira Data Center
Expand | |||||
---|---|---|---|---|---|
| |||||
|
Crowdstrike steps
Goto All apps
Click on Webhooks
Add a new webhook
Enter the URL
...
iHub cloud incoming webhook url
...
shown in the Incoming Webhooks page
Add a HMAC key (wont be needed since it does not encrypt the message)
Click save
Goto Workflows
Add a new workflow, select the trigger to be detection or incident
On the then clause select Notifications → Webhook and select the webhook created above.
...