CrowdStrike - iHub Cloud - OpsGenie - Jira

This tutorial describes how you can send a webhook from Crowdstike when a detection or incident has happen to iHub and iHub will create an Alert in OpsGenie and inform the one on call.

Expand the instructions for Integrations Hub for Jira Cloud

  1. Creata an Integration

  2. Select Incoming webbook as trigger

  3. Add a Action: Webhook action

  4. Enter the URL: https://api.opsgenie.com/v2/alerts

  5. Method: POST

  6. Expand headers and add Key: Authorization and Value: GenieKey {your_key}

  7. Click on Variables and add the one below:

  8. In the body paste in

    { "message": "CrowdStrike Incident {{name}}", "alias": "CrowdStrike Incident", "description":"ID: {{id}} URL:{{url}}", "responders":[ {"id":"tt-xx-yy-zz-bb", "type":"team"} ], "visibleTo":[ {"id":"tt-xx-yy-zz-bb", "type":"team"} ], "tags": ["CrowdStrike"], "priority":"P1" }

 

 

Crowdstrike steps

  1. Goto All apps

  2. Click on Webhooks

  3. Add a new webhook

  4. Enter the URL in the trigger page for incoming webhook.

  5. Add a HMAC key (wont be needed since it does not encrypt the message)

  6. Click save

  7. Goto Workflows

  8. Add a new workflow, select the trigger to be detection or incident

  9. On the then clause select Notifications → Webhook and select the webhook created above.

 

Â