Stellar XDR Integration
Step 1 - Create Webhook for Stellar XDR
- Visit the Webhooks page in Binalyze AIR,
- Click the "+ New Webhook" button on the upper right corner,
- Provide a self-explanatory name (examples: RDP Brute Force Trigger, Phishing Detected Trigger, etc.),
- Select "Stellar XDR: Stellar XDR Webhook Parser" as the parser for this webhook,
- Select an Acquisition Profile when InsightIDR activates this webhook,
- Select the Ignore option or leave with its default value (defaults to 24 hours for recurrent alerts for a single endpoint),
- Provide other settings such as Evidence Repository, CPU Limit, Compression & Encryption to use or let AIR configure them automatically based on the matching policy
- Click the "Save" button.
- Copy the Webhook URL for Step 2.
Step 2 - Setting up Stellar XDR
Log in to Stellar Cyber.
- Click System | Administration | Saved Scripts. The Script Template page appears.
- Click Create to add a new script. The Add Script Template screen appears.
- Enter the Name. Each script must have a unique name. This field does not support multibyte characters. You cannot edit the name after you submit it.
- Choose a Tenant Name.
- In the Script Body, call the script you created earlier. Change the AIR-WEBHOOK-URL with the one that you create in Step 1.
curl AIR-WEBHOOK-URL --header 'Content-Type: application/json' --data-raw {"result":{"host":{{_source.srcip}}"}}
Last modified 1mo ago