Skip to main content

Collaborate

Configure Detect Integrations

Detect integrations consist of generating webhooks that are used to retrieve data from supported third-party applications such as Splunk Enterprise, IBM QRadar, Microsoft Sentinel, and Amazon GuardDuty.

What are Webhooks?

Webhooks are predefined URLs that consist of HTTP requests that allow one application to instantly send data to another when specific events occur, enabling automation and data synchronization.

How are webhooks used in ACD?

In Automated Collective Defense (ACD), the intel ingested or fetched from the supported integrations using webhooks is available in Intel Repository > My Collection. If you have configured automation rules in ACD, this intel is automatically shared with the network for review.

Steps

To generate webhooks for supported integrations in ACD, follow these steps:

  1. From the main menu, go to Automated Collective Defense, and click Integrations.

  2. In the Detect section, select the integration from which you want to retrieve indicators in Collaborate, and then click Configure. For example, Splunk Enterprise.

  3. Enter the following details to configure the webhook for the selected integration:

    • Title: Enter a unique title for the webhook. For example, Splunk Webhook.

    • Description (Optional): Enter a description that explains the purpose of the webhook. For example, Configuring this integration to get data from Splunk Enterprise to Collaborate's Member Portal.

    • Allowed Sources (Optional): To retrieve data from a specific network of IPs or IP addresses, you can select either Network or IP Address, and enter relevant IPs. To add multiple addresses, ensure each entry starts on a new line.

      For example, you can select IP Address and enter 192.168.1.0

  4. Click Generate. This generates the webhook URL, which serves as an endpoint to receive data from the integration.

Next Steps

Copy the URL and configure it in the integration platform to retrieve data from the application using the webhook URL. For example, you can configure the generated webhook URL in Splunk Enterprise to start receiving data from Splunk Enterprise in ACD. This data is available in the Intel Repository > My Collection > All Detected.