You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a Cybersecurity engineer, I want an openCTI webhook to notify an external system such as a SOAR to take action whenever a sandbox-report with a certain label is being created in openCTI so that SOAR can:
enrich reports with external metadata (e.g emails sender, IP adresses...),
trigger another enrichment connector
trigger an automated playbook (e.g hunting, incident response, or external corporate notification system (twilio, pagerduty, slack, jira ...)
Given that a Report, an indicator or an observable has been created with a certain tag (e.g sandbox )
Then a SOAR webhook is being triggered
AND our automated playbook executed
Example: phishing email --> SOAR extracting metadata --> SOAR sending attachments to sandbox --> sandbox analysis completed --> connector completing ingestion of the sandbox Report --> webhook on SOAR to attach missing email metadata to the Report and kick-off other playbook
As a cybersecurity engineer, I dream of a fully customizable and advanced webhook where I can customize:
HTTP verb: GET POST PUT DELETE …
custom URL with GET parameters
pass custom headers
pass parameters body or POST messages
so that I can meet every possible integration use case with other systems supporting webhook
As a cybersecurity engineer, I would love openCTI to be capable to fetch secrets from an external vault (kubernetes secrets, hashicorp vault) or environment variable, so that secrets are never in the elasticsearch backend and we can easily rotate webhook secrets without any change in openCTI backend
Given that webhook authentication data is passed as environment variables
Then we are free to either pass those secrets in .env or better delegate this task to an external vault such as Hashicorp vault or kubernetes secrets
AND no secret is ever stored in openCTI (whether encrypted or not)
AND no secret rotation is never needed in openCTI
Use case
Implement webhooks in the notification manager:
The text was updated successfully, but these errors were encountered: