Hi Srini,
You have the ability to retrieve information about an incident from an endpoint using a function called call_rest_api in the application fn_utilities, but there isn't a straightforward method to generate an incident using webhooks. In order to create a SOAR incident specifically based on endpoints, you would need a poller, which can only be developed and installed as an application.
------------------------------
Calvin Wynne
------------------------------
Original Message:
Sent: Mon May 08, 2023 07:36 PM
From: Srini B
Subject: Webhook to SOAR
Hello,
I am trying to implement a Phishing use case by forwarding the email to SOAR. I found that the product we are using has a webhook functionality. I am wondering if I can forward new events from Phishing tool to SOAR for creating incidents. I didn't find any documentation on webhook integration. Wondering what is the custom headers? And I assume, I can provide SOAR incident creation rest endpoint in URL?
This is the first time I am working on IBM SOAR. Please ignore any newbie questions.
------------------------------
Srinivasu Bongu
------------------------------