You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 6
Next »
This tutorial describes how you can send a webhook from Crowdstike when a detection or incident has happen to iHub and iHub will create an Alert in OpsGenie and inform the one on call.
iHub DataCenter instructions
Goto integrations
Add a new Action
Enter the URL: https://api.opsgenie.com/v2/alerts
Method: POST
Expand headers and add Key: Authorization and Value: GenieKey {your_key}
Click on Variables and add the one below:
img
In the body paste in
{
"message": "CrowdStrike Incident {{name}}",
"alias": "CrowdStrike Incident",
"description":"ID: {{id}} URL:{{url}}",
"responders":[
{"id":"tt-xx-yy-zz-bb", "type":"team"}
],
"visibleTo":[
{"id":"tt-xx-yy-zz-bb", "type":"team"}
],
"tags": ["CrowdStrike"],
"priority":"P1"
}
Goto Inbound integrations
Create a new Rule
In the then clause point to the action above
Crowdstrike steps
Goto All apps
Click on Webhooks
Add a new webhook
Enter the URL to the:
iHub cloud incoming webhook url
iHub dc inbound url
Add a HMAC key (wont be needed since it does not encrypt the message)
Click save
Goto Workflows
Add a new workflow, select the trigger to be detection or incident
On the then clause select Notifications → Webhook and select the webhook created above.