Configure webhooks

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 2 minutes de lecture

    • Configure a webhook to subscribe to events in Threat Intelligence Security Center.

    Avant de commencer

    Role required: sn_sec_tisc.admin

    Pourquoi et quand exécuter cette tâche

    TISC webhooks provides the capability to integrate with security tools such as SIEM. Users can then subscribe to various events related to different artifacts such as observables or indicators or malware or threat actors. TISC notifies security tools (such as SIEM) when a new threat intelligence is available or any existing threat intelligence data is updated or deleted in TISC.

    For example, whenever a new observable is added in threat intelligence then a payload request is sent to the webhook URL configuration. This payload request usually collects the observable information and provides it as additional information to security tools (such as SIEM).

    Procédure

    1. Navigate to All > Threat Intelligence Security Center > Administration.
    2. Select Webhooks Configurations > Webhooks.
      The Webhooks page displays.
    3. Click New.
      FieldDescription
      Name Enter a webhook name.
      Description Add the description of the webhook.
      Configuration Details  
      Use REST message Select Use REST Message check box if you need to use REST Message/REST Method functionality that is provided by ServiceNow AI Platform.

      If this check box is not selected, then the application uses the endpoint provided in Webhook URL to send the event information. For more information, see Outbound REST web service on ServiceNow AI Platform documentation.
      REST message
      Select the REST Message record from the list of REST message records which are already configured in the instance. For more information, see Outbound REST web service on the ServiceNow AI Platform documentation.
      Remarque :
      The REST message and REST method fields are mandatory when you select the REST message.
      REST method Select REST Method from the list of available REST Methods configured for the selected REST Message. For more information, see Outbound REST web service on the ServiceNow AI Platform documentation.
      Remarque :
      Only POST Rest methods are supported for webhooks.
      Webhook URL A webhook endpoint is a URL that receives webhook event notifications.
      Authentication Required Select this check box if the authentication is required.
      Remarque :
      This is only applicable when Webhook URL is being used to retrieve the data.
      Authentication Type The authentication type for the webhook.
      Remarque :
      As of now, only Basic authentication type is supported.
      Username Provide a username to your authentication type.
      Password Provide a password to your authentication type.
      Headers to be passed with request Any headers to be passed with the requests can be provided in Request Header Mapping. Header should be provided in key-value pair separated by colon(':'). Each header key value pair should be provided in a new line. For providing authentication parameters as header values, enclose the required Authentication Label with '${' and '}$'. For example, username:${Username}$.
    4. Click Validate and Save.
      In case if your configuration details are incorrect then the system will automatically validate the connection if configuration details are changed and then the application will prompt a warning message that the validation of the webhook is failed and you need to check the configuration details and modify it accordingly.
      Remarque :
      • For the validation of webhook, empty request payload is sent to the endpoint and the user needs to ensure that the endpoint sends successful response code (200) when the empty request is passed to the configured webhook endpoint.
      • By default, any webhook that is created will be in disabled state, you need to enable the webhook and activate it. A sample webhook is provisioned in the base system as a reference to the users.