Create a webhook endpoint for Microsoft Sentinel
Create a webhook endpoint so that Microsoft Sentinel can send automated real-time messages or information to Incident Response.
Before you begin
Role required: Responder, Manager, or Administrator
- Log in to Lightstep Incident Response.
On the navigation pane, select Integrations.
- Click the Microsoft Sentinel integration card.
On the form, fill the fields.
Field Description Name Name of the integration. Status Status of the integration such as enabled or disabled.Note: You can modify this field only after the webhook is generated. Service Name of the service that you want to associate with the integration.
A service represents a functional outcome like networking, payments, or HR services, that is owned by one team. You might need multiple tool integrations to monitor each technical service and receive events from those tools.
Description Summary for the integration. Integration URL The URL of the home page of the monitoring tool that sends alerts. Tags Tags that can help users search for the integration.
Click Generate Webhook.
A webhook URL is generated. Microsoft Sentinel sends messages to this secure webhook endpoint.
Copy the webhook by clicking the copy icon (). You will need it when configuring Microsoft
Note: Select Send sample alert to generate a sample alert from Incident Response and view it in Alerts. This allows you to experiment with automation rules, on-call scheduling, and escalation policies without having to set up the webhook with an external monitoring tool.
- Click Save.
What to do next
Configure the webhook endpoint in Microsoft Sentinel.