FOR VSP-WEB EVENTS
Configure a webhook for VSP-Web events with the below values:
-
Incident Filter – Selected
-
Applied Filter - Web Attack
-
-
Body
{
"severity": "${Severity}",
"incident_type": "${Properties[Type]}",
"host_ip": "${Host Ip}",
"action_taken": "${Attributes[Action]}",
"description": "${Properties[Incident Description]}",
"session_id": "${Attributes[Session token id]}",
"eventtime": "${Properties[eventTime]}",
"http_host": "${Attributes[Http Host]}",
"attacker_port": "${Attributes[Attacker Port]}",
"hostname": "${Host Name}",
"incident_id": "${Display Id}",
"event_type": "${Properties[category]}",
"incident_state": "${Incident State}",
"attacker_ip": "${Attributes[Attacker IP]}",
"http_request_url": "${Attributes[HTTP Request]}"
}
