- Get Started with Threat Center
- Group Detections
- Work on Cases
- Triage Alerts in Threat Center
- Edit and Collaborate in Threat Center
- Find Cases or Alerts
- Build a Search in Threat Center
- Enter a Search Using Exabeam Query Language in Threat Center
- Enter a Search Using Natural Language in Threat Center
- Run a Recent Search in Threat Center
- Create a New Saved Search in Threat Center
- Run a Saved Search in Threat Center
- Edit a Saved Search in Threat Center
- Delete a Saved Search in Threat Center
- Sort Cases or Alerts
- View Case and Alert Metrics
- Get Notified About Threat Center
Manually Send Case or Alert Information to Webhooks
Manually send case or alert information directly from the case or alert to third-party systems using webhooks.
The webhook message contains case or alert attributes in a key-value JSON format. Case or alert attributes sent include:
When the case or alert was last updated
Case or alert ID
A summary of the case or alert, including the number of related detections, triggered rules, MITRE ATT&CK® tactics and techniques, users, endpoints; the case or alert risk score; and the attribute by which related detections are grouped
Associated tags
Associated ATT&CK tactics and techniques
Associated Exabeam use cases
Associated users
Associated endpoints
Case or alert severity
Case stage; and, if the case is closed, the case closed reason
Queue
Assignee
Details for every related detection, including the detection type, associated Exabeam use case, associated triggered rules, approx_log_time, description, detection ID, associated source and destination users, associated source and destination IP addresses, and associated source and destination host names
To automatically send case or alert information to webhooks under specific situations and conditions you specify, create an Automation Management playbook where an action is Send all threat details via webhook.
Ensure that you've added the webhook in Exabeam Security Operations Platform settings.
In a case or alert, click Automations, then select Send to webhook.
Select up to three webhooks to which you'll send case or alert information.
To add additional webhooks, click Add a new webhook in settings. You're redirected to Exabeam Security Operations Platform settings. After you add the webhook, return to sending a webook in Threat Center. To retrieve the latest list of webhooks, click
.Click Send. This action is recorded in the case or alert history.