# LogicHub SOAR (DEVO) Integration

**Step 1 - Creating A webhook for LogicHub SOAR (DEVO)**

* Visit the **Webhooks** page in AIR,
* Click the "**+ New Webhook**" button in the upper right corner,
* Provide a self-explanatory name,
* Select "**LogicHub SOAR (DEVO) Webhook Parser**" as the parser for this webhook,
* Select an **Acquisition Profile** when the trigger activates this webhook,
* Select the **Ignore** option or leave with its default value (defaults to 24 hours for recurrent alerts for a single endpoint),
* Provide other settings such as **Evidence Repository**, **CPU Limit**, **Compression & Encryption** to use or let AIR configure them automatically based on the matching policy
* Click the "**Save**" button.

**Step 2 - Navigate to DEVO Console**

* To define new alerts, you need to have a role with management permissions on **Alert configuration** and also in **My Alerts** or any of the subcategories (**Administration** → **Roles** → **Permissions**/**Alerts** tabs).
* Alerts are tasks that continually monitor active queries to look for and report on specific events or conditions. Therefore, alerts are created from within the **Data Search** area where queries are made.
* Open the required data table and perform the operations and filters necessary to identify the alert condition. Then, select **New Alert Definition** on the toolbar and fill in the required information as instructed in the section [below](https://docs.devo.com/space/latest/95126538/Creating+new+alerts#New-Alert-Definition-window). Click **Create** to save the alert.
* The new alert is automatically associated with the default sending policy. If you want to choose a different one, go to **Administration → Alert Configuration**. Check the [Manage defined alerts](https://docs.devo.com/space/latest/95127087) article to know how to do it.
* You can also click on the **Configure Alerts** button on the message that appears right after creating the alert. Follow the [instructions](https://docs.devo.com/space/latest/95126538/Creating+new+alerts) to create an alert in the alert window.

**Step 3 - Create** [**HTTP-JSON Delivery Method**](https://docs.devo.com/space/latest/95127355/HTTP-JSON+delivery+methods)

* HTTP-JSON type delivery methods send alerts to any server configured to receive JSON objects.
* Alerts are encapsulated as a JSON object and sent using the POST request method over HTTP or HTTPS. If the destination server uses [Digest access authentication](http://en.wikipedia.org/wiki/Digest_access_authentication), you can identify the user and password required for authentication.
* Fill in the information required on the **New Delivery Method** window for this delivery method (for the creation process, visit [Manage delivery methods](https://docs.devo.com/space/latest/95127270).

**Step 4 - Activate the delivery method**

* The new delivery method is saved in **Pending** status.
* To activate it, you must introduce in Devo the HTTP validation code you will receive through the URL specified. This activation code must be validated on the server before the delivery method can be used.
* Copy the code and then return to Devo's newly created delivery method. Click **pending activation** under the **status** column, paste the validation code into the **Activation Code** window, and click **Apply**.
* Now associate this new delivery method with [sending policies](https://docs.devo.com/space/latest/95127214) to start receiving alerts through this method.