04-03-2025 03:25 AM
Hi All,
so i am trying to send alerts via a playbook using either http or httpv2 script to send my alert data to a webhook url where the soc analysts will have a common workbench for all alerts (multi xsiam tenant options)
i can connect to the webhook but unable to get my http body to push data - tested against httpbin.org seems to work.. soon as i test it against my webhook my input shows the data correctly ie ${alert.name} as an example, but my output shows my 'body' as empty.
anyone ran into similar issues?
thanks in adv.
05-30-2025 12:49 AM - edited 05-30-2025 12:50 AM
Stumbled upon this old post of mine.. fyi if you run into this.. i have done it this way,
in a playbook task i have a 'set' script to generate a 'payload' of data to be sent to the webhook with a key=payload
{
"customer_name": "${customername}",
"xsiam_instance": "${xsiaminstance}",
"alert_name": "${alert.name}",
"detected_at": "${detectedtime}",
"host": "${alert.hostname}",
"monitor_type": "XSIAM Incident",
"source": "XSIAM",
"source_url": "${parentIncidentFields.xdr_url}",
"unique_id": "${parentIncidentFields.incident_id}"
}
then in my next task it uses the HTTPv2 Script to POST to my webhook URL the following in the 'body' field
[
${payload}
]
works for me.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
