IBM QRadar SOAR

IBM QRadar SOAR

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
  • 1.  Webhook to SOAR

    Posted Tue May 09, 2023 09:43 AM

    Hello, 

    I am trying to implement a Phishing use case by forwarding the email to SOAR. I found that the product we are using has a webhook functionality. I am wondering if I can forward new events from Phishing tool to SOAR for creating incidents. I didn't find any documentation on webhook integration. Wondering what is the custom headers? And I assume, I can provide SOAR incident creation rest endpoint in URL?

    This is the first time I am working on IBM SOAR. Please ignore any newbie questions.





    ------------------------------
    Srinivasu Bongu
    ------------------------------


  • 2.  RE: Webhook to SOAR

    Posted Wed May 17, 2023 05:48 AM

    Hi Srini,

    You have the ability to retrieve information about an incident from an endpoint using a function called call_rest_api in the application fn_utilities, but there isn't a straightforward method to generate an incident using webhooks. In order to create a SOAR incident specifically based on endpoints, you would need a poller, which can only be developed and installed as an application.



    ------------------------------
    Calvin Wynne
    ------------------------------