Add Notification and SOAR Endpoints

A notification endpoint specifies where to send a notification for a rule execution. Logz.io offers several preconfigured endpoints, and you can easily add custom notification points using the Custom feature. Custom notification points are integrated with SOARs (security orchestration, automation, and response).

note

You must be an account admin to add a notification endpoint.

preconfigured notification endpoint

Navigate to Logz.io SIEM account > Settings > Notification endpoints.

Click + Add endpoint to open the configuration wizard. Select the type of your endpoint, name it, and add a description. Add the required connection data, e.g., API key or Instance URL. You can test your endpoint by clicking Run the test or click Add a new endpoint to save it.

preconfigured endpoint

Custom notification endpoint

Navigate to Logz.io SIEM account > Settings > Notification endpoints.

Select + Add endpoint to open the configuration wizard, and choose the Custom option from the dropdown menu. Next:

Name your endpoint and, if required, provide a description of the endpoint
Add the webhook URL
Select the required method
Add the webhook header

You can test your endpoint by clicking Run the test or click Add a new endpoint to save it.

custom endpoint

preconfigured notification endpoint​

Custom notification endpoint​

preconfigured notification endpoint

Custom notification endpoint