IBM Security QRadar SOAR

 View Only
  • 1.  Webhook to SOAR

    Posted Tue May 09, 2023 09:43 AM


    I am trying to implement a Phishing use case by forwarding the email to SOAR. I found that the product we are using has a webhook functionality. I am wondering if I can forward new events from Phishing tool to SOAR for creating incidents. I didn't find any documentation on webhook integration. Wondering what is the custom headers? And I assume, I can provide SOAR incident creation rest endpoint in URL?

    This is the first time I am working on IBM SOAR. Please ignore any newbie questions.

    Srinivasu Bongu

  • 2.  RE: Webhook to SOAR

    Posted Wed May 17, 2023 05:48 AM

    Hi Srini,

    You have the ability to retrieve information about an incident from an endpoint using a function called call_rest_api in the application fn_utilities, but there isn't a straightforward method to generate an incident using webhooks. In order to create a SOAR incident specifically based on endpoints, you would need a poller, which can only be developed and installed as an application.

    Calvin Wynne