Hello, 

I am trying to implement a Phishing use case by forwarding the email to SOAR. I found that the product we are using has a webhook functionality. I am wondering if I can forward new events from Phishing tool to SOAR for creating incidents. I didn't find any documentation on webhook integration. Wondering what is the custom headers? And I assume, I can provide SOAR incident creation rest endpoint in URL?

This is the first time I am working on IBM SOAR. Please ignore any newbie questions.

Hi Srini,

You have the ability to retrieve information about an incident from an endpoint using a function called call_rest_api in the application fn_utilities, but there isn't a straightforward method to generate an incident using webhooks. In order to create a SOAR incident specifically based on endpoints, you would need a poller, which can only be developed and installed as an application.

Original Message:
Sent: Mon May 08, 2023 07:36 PM
From: Srini B
Subject: Webhook to SOAR

Hello, 

I am trying to implement a Phishing use case by forwarding the email to SOAR. I found that the product we are using has a webhook functionality. I am wondering if I can forward new events from Phishing tool to SOAR for creating incidents. I didn't find any documentation on webhook integration. Wondering what is the custom headers? And I assume, I can provide SOAR incident creation rest endpoint in URL?

This is the first time I am working on IBM SOAR. Please ignore any newbie questions.

------------------------------
Srinivasu Bongu
------------------------------