Webhooks Integration in IBM product to send data to client crowdstrike account #1443
Unanswered
vineetrathor
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi
In my project we are adding webhooks as integrations where customer can get events data into their slack,teams or crowdstrike dashboard .
So as per my research , I found Ng siem to be useful for this as there we have data onboarding where we use HEC connector to make new connection and then customer gets API key , and url as well which customer will give it to us and then on any event we will send the data ..
So in this i am little skeptical about the payload which we can send ,as there is no existing parser present in crowdstrike for IBM so we will be sending request similar to this format -
curl --location 'https://data.us-2.crowdstrike.com/services/collector/event'
--header 'Authorization: Bearer <HEC_TOKEN>'
--header 'Content-Type: application/json'
--data '{
"event.kind": "alert",
"event.severity": 90,
"event.category": ["malware", "threat"],
"event.type": ["info"],
"event.action": "ransomware-detected",
"event.outcome": "success",
"@timestamp": "2026-03-23T14:00:00.000Z",
"message": "Ransomware detected on primary storage volume",
"Vendor.ibm.storage_defender.tenant_id": "tenant-123",
"Vendor.ibm.storage_defender.application_id": "app-789",
"Vendor.ibm.storage_defender.application_name": "Production Database",
"Vendor.ibm.storage_defender.source": "FCM",
"Vendor.ibm.storage_defender.type": "THREAT_DETECTED",
"Vendor.ibm.storage_defender.severity_label": "CRITICAL",
"Vendor.ibm.storage_defender.threat_id": "THR-12345",
"Vendor.ibm.storage_defender.detail.file_path": "/mnt/data/critical.db",
"Vendor.ibm.storage_defender.detail.threat_type": "ransomware",
"Vendor.ibm.storage_defender.detail.confidence": "high"
}'
So I want to know is this the right approach , or do I need to add some more thing when we are sending the request ,
and another doubt is How will be able to test our code as we don't have crowdstrike license or any free trial account for that matter and also there's no test environment which I can find for crowdstrike..
Please guide me on this
Beta Was this translation helpful? Give feedback.
All reactions