Stellar XDR Integration

Step 1 - Create Webhook for Stellar XDR

  • Visit the Webhooks page in Binalyze AIR,

  • Click the "+ New Webhook" button on the upper right corner,

  • Provide a self-explanatory name (examples: RDP Brute Force Trigger, Phishing Detected Trigger, etc.),

  • Select "Stellar XDR: Stellar XDR Webhook Parser" as the parser for this webhook,

  • Select an Acquisition Profile when InsightIDR activates this webhook,

  • Select the Ignore option or leave with its default value (defaults to 24 hours for recurrent alerts for a single endpoint),

  • Provide other settings such as Evidence Repository, CPU Limit, Compression & Encryption to use or let AIR configure them automatically based on the matching policy

  • Click the "Save" button.

  • Copy the Webhook URL for Step 2.

Step 2 - Setting up Stellar XDR

Log in to Stellar Cyber.

  • Click System | Administration | Saved Scripts. The Script Template page appears.

  • Click Create to add a new script. The Add Script Template screen appears.

  • Enter the Name. Each script must have a unique name. This field does not support multibyte characters. You cannot edit the name after you submit it.

  • Choose a Tenant Name.

  • In the Script Body, call the script you created earlier. Change the AIR-WEBHOOK-URL with the one that you create in Step 1.

curl AIR-WEBHOOK-URL --header 'Content-Type: application/json' --data-raw {"result":{"host":{{_source.srcip}}"}}

Last updated