# Stellar XDR Integration

**Step 1 - Create Webhook for Stellar XDR**

* Visit the **Webhooks** page in AIR,
* Click the "**+ New Webhook**" button on the upper right corner,
* Provide a self-explanatory name (examples: RDP Brute Force Trigger, Phishing Detected Trigger, etc.),
* Select "**Stellar XDR: Stellar XDR Webhook Parser**" as the parser for this webhook,
* Select an **Acquisition Profile** when InsightIDR activates this webhook,
* Select the **Ignore** option or leave with its default value (defaults to 24 hours for recurrent alerts for a single endpoint),
* Provide other settings such as **Evidence Repository**, **CPU Limit**, **Compression & Encryption** to use or let AIR configure them automatically based on the matching policy
* Click the "**Save**" button.
* Copy the Webhook URL for Step 2.

**Step 2 - Setting up Stellar XDR**

Log in to Stellar Cyber.

* Click **System | Administration** | **Saved Scripts**. The **Script Template** page appears.
* Click **Create** to add a new script. The **Add Script Template** screen appears.
* Enter the **Name**. Each script must have a unique name. This field does not support multibyte characters. You cannot edit the name after you submit it.
* Choose a **Tenant Name**.
* In the **Script Body**, call the script you created earlier. Change the AIR-WEBHOOK-URL with the one that you create in Step 1.

`curl AIR-WEBHOOK-URL --header 'Content-Type: application/json' --data-raw {"result":{"host":{{_source.srcip}}"}}`