Add Notification and SOAR Endpoints
A notification endpoint specifies where to send a notification for a rule execution. Logz.io offers several preconfigured endpoints, and you can easily add custom notification points using the Custom feature. Custom notification points are integrated with SOARs (security orchestration, automation, and response).
You must be an account admin to add a notification endpoint.
preconfigured notification endpoint
Navigate to Logz.io SIEM account > Settings > Notification endpoints.
Click + Add endpoint to open the configuration wizard. Select the type of your endpoint, name it, and add a description. Add the required connection data, e.g., API key or Instance URL. You can test your endpoint by clicking Run the test or click Add a new endpoint to save it.
Custom notification endpoint
Navigate to Logz.io SIEM account > Settings > Notification endpoints.
Select + Add endpoint to open the configuration wizard, and choose the Custom option from the dropdown menu. Next:
- Name your endpoint and, if required, provide a description of the endpoint
- Add the webhook URL
- Select the required method
- Add the webhook header
You can test your endpoint by clicking Run the test or click Add a new endpoint to save it.