Splunk Enterprise Security
Highlighted

Is the webhook option supported for adaptive response actions in Enterprise Security?

The webhook opiont is only available under Search & Reporting alert actions. This option in not available in the adaptive response actions for correlation searches in ES. Is the webhook a supported option for ES?

Highlighted

Re: Is the webhook option supported for adaptive response actions in Enterprise Security?

SplunkTrust
SplunkTrust

That action isn’t written as an AR. You are better off writing your own webhook alert action for your purpose using Splunk Add on builder as an AR.

https://docs.splunk.com/Documentation/AddonBuilder/2.2.0/UserGuide/Overview

0 Karma