Enabling SIEM integrations through Webhooks Enabling SIEM integrations through Webhooks

Enabling SIEM integrations through Webhooks

Description

Conceal offers to you the option to push pre-process scan results into a custom webhook so you can use that data in your post-process reporting. This allows you to send and parse the data as you wish to your endpoint. Anytime we scan a URL, that information will be sent over to your endpoint of choice. This guide will outline how to set this up.

NOTE: This is NOT the same as setting up integrations for active alerting that is found in the Alerts section of the dashboard, this is separate from active alerting. 

 

Procedure

  1. In your browser, navigate to https://dashboard.conceal.io/, login if necessary.
  2. On the left hand menu choose Integrations. Then select the tab labeled SIEM / SOAR.
  3. Locate the webhook plugin and click Configure.
  4. First you will need to enter your WebHook Server IP Address. The next 3 fields: HTTP Verb,  Authentication Type, and Add To only have one option in the dropdown menu and are set for you so you don't need to do anything there. 
    Webhook_1.png
  5. You will add a key and value for the following fields: API_Key Auth values, HTTP Header(s), and Query Param(s).
    - To add more than one of any of these key/value pairs, click the + icon beside the label.
    - To delete a value, click the red trash can icon.
    - You can click the eye icon to reveal the value if it is hidden.
    Webhook_2.png
  6. Fill out the WebHook Signature Key. You can click the eye icon to reveal the value if it is hidden.
    Webhook_3.png
  7. Read very carefully the instructions on the dashboard to ensure you are configuring this integration correctly. Below the instructions you'll see a Sample Response Body, this is a sample of what you would see from the webhook response. You can copy this by clicking the icon beside the text box.
    Webhook_4.png
  8. Make sure to check the Enable checkbox and Save Settings, or close to cancel the configuration.
    Webhook_5.png
  9. You should now be able to test the webhook integration. If you are able to receive data on your webhook, you should be all set. From here can set up your own conditional logic and triggers to figure out what to do when a certain URL goes into isolation. If you are experiencing any issues, please open up a support ticket by clicking here, and include screenshots of your configuration. 

If you run into issues, your firewall could be blocking certain IP addresses needed to send the data. Whitelist the following IP addresses if necessary:

18.214.63.36, 44.214.127.25, 44.209.215.8, 3.233.223.50, 34.232.55.106, 52.86.27.48, 3.216.48.116

 

*Never hesitate to contact your Customer Success Manager for any questions or concerns. You may also open a support ticket at support.conceal.io by scrolling to the bottom and clicking Submit a request.