Create a webhook endpoint for Splunk Security
Create a webhook endpoint so that Splunk Security can send automated real-time messages or information to Incident Response.
Before you begin
Role required: Responder, Manager, or Administrator
- Log in to Lightstep Incident Response.
- From the navigation pane, select Integrations.
Click the Splunk Security integration card.
On the form, fill in the fields.
Field Description Name Name of the integration. Status Status of the integration such as enabled or disabled.Note: You can modify this field only after the webhook is generated. Service Name of the service that you want to associate with the integration.
A service represents a functional outcome like networking, payments, or HR services, that is owned by one team. You might need multiple tool integrations to monitor each technical service and receive events from those tools.
Description Summary for the integration. Integration URL The URL of the home page of the monitoring tool that sends alerts. Tags Tags that can help users search for the integration.
Click Generate Webhook.
A webhook URL is generated. Splunk Security sends messages to this secure webhook endpoint.
Copy the webhook, by clicking the copy icon (). You will need it when configuring Splunk Security.
Note: Click Send sample alert to generate a sample alert from Incident Response and view it in Alerts. This allows you to experiment with automation rules, on-call scheduling, and escalation policies without having to set up the webhook with an external monitoring tool.
- Click Save.