Send notifications to a Webhook using a playbook
This use case describes how to send a notification to a third party system like Slack or Microsoft Teams using webhooks and a playbook.
Prerequisites
- A Sekoia.io XDR licence
- The user that configures the Playbook should have a Role that contains:
- The SYMPHONY permissions
- An API Key with a Role that contains at least the following permission:
- SIC_READ_ALERTS
- SIC_READ_INTAKES
To create your API Key, follow this documentation.
Create your playbook
Playbook templates were created to ease the process of setting up the playbooks to send the notifications to Slack or Teams.
To create one, follow these steps:
- Go to the Playbook page
- Click on
+ New Playbook
- If multi-tenant is available, select the Community where the Playbook should be executed
- Choose the
Use a template
option - Search for
Teams
orSlack
depending on your needs - Select the corresponding playbook and click on
Create
Configure your playbook
Once your playbook is created, the following configuration steps are required:
- Open each
Sekoia.io
action and select the account that needs to be used to communicate with Sekoia.io APIs. You may have to create an account with the API key you created previously if no account exists. - Open the
Send to Slack
orSend to Teams
action and replace the URL with the URL of your webhook
Customize your notifications
The Slack and Teams playbook templates are provided as examples of notifications that can be sent to these solutions. You can customize the playbooks to suit your needs by adding additional actions to retrieve more data from the alerts and events and add them to the payload sent.
Keep in mind that the payload must match the format expected by the third parties.