Create a webhook endpoint for AWS GuardDuty
Create a webhook endpoint so that GuardDuty can send automated real-time messages or information to Incident Response.
Before you begin
Role required: Responder, Manager, or Administrator
- Log in to Lightstep Incident Response.
On the navigation pane, select Integrations.
- Click the AWS GuardDuty integration card.
On the form, fill in the fields.
Field Description Name Name of the integration. Status Status of the integration such as enabled or disabled.Note: You can modify this field only after the webhook is generated. Service Name of the service that you want to associate with the integration.
A service represents a functional outcome like networking, payments, or HR services, that is owned by one team. You might need multiple tool integrations to monitor each technical service and receive events from those tools.
Description Summary for the integration. Integration URL The URL of the home page of the monitoring tool that sends alerts. Tags Tags that can help users search for the integration.
Click Generate Webhook.
A webhook URL is generated. AWS GuardDuty sends messages to this secure webhook endpoint.Note: Click Send sample alert to generate a sample alert from Incident Response and view it in Alerts. This allows you to experiment with automation rules, on-call scheduling, and escalation policies without having to set up the webhook with an external monitoring tool.
- Click Save.