Using Webhooks in Notification Policies
For ITM/Endpoint DLP detection rules and CASB rules, Notification Policies can be defined to send notifications via webhooks. When the specific activity is detected, notifications are pushed to third party tools such as Slack, to your SIEM or to your ticketing system. (See Notification Policies.)
Adding Webhooks
You can add webhooks to send notifications to Slack, Outlook Groups, Splunk Cloud, Microsoft Teams or any other 3rd party application you choose.
-
When setting up a Notification Policy, select Integrations > Notification Policies . Click New Notification.
-
In the For Rules area, click Create.
-
Name the policy.
-
Select Add in Webhooks area.
-
-
Click Add in the Webhooks area.
-
From the dropdown, select the type of webhook you want.
-
In the example, Slack was selected. Click the link for detailed instructions.
-
When you complete the instructions, you'll receive a URL. Copy the URL and click Save.
-
The webhook is added and relevant notifications will be sent to Slack.
You can select to deliver your webhook to Slack, Outlook Groups, Splunk Clouds or Microsoft Teams.
For information about how to set up webhooks, use the following links:
Learn more about Slack webhooks
Learn more about Outlook Groups webhooks
Learn more about Splunk Cloud webhooks
Learn more about Teams webhooks
Webhooks Generic Template
If you prefer to deliver notifications using another third party tool, such as Service Now, you can select the Generic Template.
Select Generic from the dropdown and complete the fields in the template for the specific application you want.
-
You must provide the URL and Method which should be available from the third party tool you are working with.
-
Headers are optional and may be necessary for specific webhooks, for example to add a simple authentication.
-
In the Data field you can add any content you want, such as text you want to appear.
-
If the webhook requires a certificate, pasted it in the CA field.
Related Topics: