Webhook
This is a new feature in ThreatLens that enables real-time delivery of threat data directly to your SIEM/SOC Systems using webhook function. With this, you will receive threat data to your configured endpoint. This feature is provided to support cross platform integration and compliance requirements.
What We Need from you:
To enable Webhook integration, clients need to provide:
- Endpoint URL: A secure server endpoint where the server will send the data.
- Authorization Mechanism:
- API Key / Token / Bearer Token (any secure authentication method supported by your server).
How It Works
- A threat is detected in the application.
- Our server receives the data and triggers a request to your server.
- The data is pushed to the client’s webhook endpoint.
- The client’s system receives the data and can trigger automated or manual actions.
How to integrate Webhook:
Refer to ThreatLens Event Subscribing Guide
Can I whitelist specific IP on my server to disallow unauthenticated requests.
We don't use a static IP for webhook delivery. We use an auto-scaling, cloud-based architecture to handle very high volumes of real-time data. In this setup, outbound webhook requests are sent from a dynamically rotating pool of IP addresses rather than a fixed static IP. This approach ensures high scalability, performance, and reliability without bottlenecks or single points of failure.
Because IPs are constantly generated and rotated by the cloud, static IP allowlisting is not supported. Instead, we recommend securing webhook endpoints using modern authentication methods such as API keys, bearer tokens, HMAC signatures, and HTTPS with strong TLS. These provide more robust and flexible security compared to relying on static IPs.