Configure the webhook in Splunk Security
Configure webhook endpoints so that Splunk Security can use the endpoint to communicate with Incident Response.
Before you begin
Role required: Responder, Manager, or Administrator
About this task
- Log in to Splunk Enterprise.
- From the left navigation menu, select Enterprise Security.
- On the Splunk light bar, click Search and then from the menu, select Search.
- Search for a query and then click search.
Click the Save As tab and then click
The Save As Alert form opens.
Perform the following steps:
- In the Title field, enter the name of the alert.
- Under Alert type, select whether alert search timing should be scheduled
For more information on search timing, see alert type and triggering scenarios.
- Under Trigger Actions, select Webhook.
- In the URL field, enter the webhook URL copied from LIR.
For information on webhook, see Create a webhook.
- Click Save.