You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 3
Next »
This tutorial describes how you can send a webhook from Crowdstike when a detection or incident has happen to iHub and iHub will create an Alert in OpsGenie and inform the one on call.
iHub Cloud Instructions
Creata an Integration
Select Incoming webbook as trigger
Add a Action: Webhook action
Enter the URL: https://api.opsgenie.com/v2/alerts
Method: POST
Expand headers and add Key: Authorization and Value: GenieKey {your_key}
Click on Variables and add the one below:
In the body paste in
{
"message": "CrowdStrike Incident {{name}}",
"alias": "CrowdStrike Incident",
"description":"ID: {{id}} URL:{{url}}",
"responders":[
{"id":"tt-xx-yy-zz-bb", "type":"team"}
],
"visibleTo":[
{"id":"tt-xx-yy-zz-bb", "type":"team"}
],
"tags": ["CrowdStrike"],
"priority":"P1"
}
iHub DataCenter instructions
Goto Outbound integrations
Add a new Action
Enter the URL: https://api.opsgenie.com/v2/alerts
Method: POST
Expand headers and add Key: Authorization and Value: GenieKey {your_key}
Click on Variables and add the one below:
img
In the body paste in
{
"message": "CrowdStrike Incident {{name}}",
"alias": "CrowdStrike Incident",
"description":"ID: {{id}} URL:{{url}}",
"responders":[
{"id":"tt-xx-yy-zz-bb", "type":"team"}
],
"visibleTo":[
{"id":"tt-xx-yy-zz-bb", "type":"team"}
],
"tags": ["CrowdStrike"],
"priority":"P1"
}
Goto Inbound integrations
Create a new Rule
In the then clause point to the action above
Crowdstrike steps
Goto All apps
Click on Webhooks
Add a new webhook
Enter the URL to the:
iHub cloud incoming webhook url
iHub dc inbound url
Add a HMAC key (wont be needed since it does not encrypt the message)
Click save
Goto Workflows
Add a new workflow, select the trigger to be detection or incident
On the then clause select Notifications → Webhook and select the webhook created above.