IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
Hello, I am trying to implement a Phishing use case by forwarding the email to SOAR. I found that the product we are using has a webhook functionality. I am wondering if I can forward new events from Phishing tool to SOAR for creating incidents. I didn't find any documentation on webhook integration. Wondering what is the custom headers? And I assume, I can provide SOAR incident creation rest endpoint in URL?This is the first time I am working on IBM SOAR. Please ignore any newbie questions.
Hi Srini,You have the ability to retrieve information about an incident from an endpoint using a function called call_rest_api in the application fn_utilities, but there isn't a straightforward method to generate an incident using webhooks. In order to create a SOAR incident specifically based on endpoints, you would need a poller, which can only be developed and installed as an application.